calicocloud-aks-workshop

Module 7: Packet Capture

Goal: Configure packet capture for specific pods and review captured payload.

Packet captures are Kubernetes Custom Resources and thus native Kubernetes RBAC can be used to control which users/groups can run and access Packet Captures; this may be useful if Compliance or Governance policies mandate strict controls on running Packet Captures for specific workloads. This demo is simplified without RBAC but further details can be found here.

Steps

  1. Choose an endpoint you want to capture from from manager UI, we will use Redis as example.

    Note: You can see the endpoint details from UI, and we choose the service port 6379 for capture the traffic.

    select endpoint

    initial packet capture

  2. Schedule the packet capture job with specific port and time.

    schedule the job

  3. You will see the job scheduled in service graph.

    schedule packet capture

  4. Download the pcap file once the job is Capturing or Finished.

    download packet capture

  5. Open the pcap file with wireshark or tcpdump, you will see the ingress and egress traffic associate with redis pods i.e 10.240.0.71

    redis packet capture

Module 6 :arrow_left:     :arrow_right: Module 8

:leftwards_arrow_with_hook: Back to Main