SlideShare a Scribd company logo

Tools for kubernetes network debugging

Konrad Ferdinand Heimel
Konrad Ferdinand Heimel

Tools and Techniques to Kubernetes Network debugging easier

Technology
1 of 29
Download to read offline
Kubernetes Network Debugging Tools and Techniques to make one of the most frustrating parts of Kubernetes easier Konrad F. Heimel, 2023-10-19 1
Agenda mirrord Transfer your IDE into the Kubernetes cluster ephemeral containers Using debug tools without bloating your images inspector gadget Cloud-native debugging using eBPF kubeshark API traffic analyzer for Kubernetes Konrad F. Heimel, 2023-10-19 2
Containers and Networking Challenges for Developers Consistency in Containers Application + Dependencies = Consistent file environment. Networking Issues Containers don't ensure networking consistency. Network differences Main source of errors. Kubernetes Locally? Replicating full Kubernetes = Resource intensive & confusing. Not feasible for every developer. Konrad F. Heimel, 2023-10-19 3
What is mirrord? Connects a local process to your Kubernetes cluster. Comes with CLI & plugins for IntelliJ and VS Code. Debug in the cloud, without deploying. Test locally in cloud conditions: Without local deployment Without CI/CD Without deploying untested code Konrad F. Heimel, 2023-10-19 4
🎥Live Demo Konrad F. Heimel, 2023-10-19 5
How does it work? 1. Creates a mirrord-agent in the cluster: Clones/steals & forwards traffic 2. Overrides local process' syscalls to: Listen to agent's incoming traffic. Send out traffic from remote pod. Access remote file system. Merge pod's environment with local. Konrad F. Heimel, 2023-10-19 6
Language/Framework Support Hooks libc , supporting: Rust Node Python Java Kotlin Ruby ... and others! Also supports Go, not using libc . Konrad F. Heimel, 2023-10-19 7
Installation on Cluster? Nothing persistent. Short-lived pod/container for proxy. Only needs kubectl configured. Incompatible with Pod Security Standards. apiVersion: v1 kind: Pod metadata: name: mirrord-agent-lgfcl4ujer-mxbgp spec: containers: - image: app:1.0.0 name: greenfield ephemeralContainers: - command: - ./mirrord-agent - -l - "49332" - -e image: ghcr.io/metalbear-co/mirrord:3.56.1 imagePullPolicy: IfNotPresent name: mirrord-agent-mszkpupjeb securityContext: capabilities: add: - SYS_ADMIN - SYS_PTRACE - NET_RAW - NET_ADMIN runAsGroup: 44448 Konrad F. Heimel, 2023-10-19 8
Configuration target : Pod/group you connect to. env : Merge pod's and local's environment. networking.mode : steal : Capture incoming mirror : Sniff & forward a copy fs.mode : localwithoverrides : Read Kubelet- generated files. { "kube_context": "my-cluster", "accept_invalid_certificates": false, "target": { "path": "deploy/spring-demo-chart", "namespace": "mirrord-demo" }, "feature": { "network": { "incoming": { "mode": "mirror", "outgoing": true }, "dns": true }, "fs": { "mode": "localwithoverrides" }, "env": true }, "telemetry": false } Konrad F. Heimel, 2023-10-19 9
Advantages of mirrord Mirrors traffic ensuring safety. Flexibly manage traffic and file operations. Superior to local clusters: Handles complex environments. No installation of infrastructure on cluster required. No cluster deployments: Stable code remains. Connects specific services to the cloud. Konrad F. Heimel, 2023-10-19 10
mirrord vs. Telepresence Process-level operation (no daemons). Run multiple services concurrently. No cluster installation needed. Duplicates traffic by default. IDE extensions available! vs Konrad F. Heimel, 2023-10-19 11
Introduction to Ephemeral Containers Not part of the pod's spec, but born as needed. Share namespaces with containers in the same pod. Powerful for understanding & diagnosing app behavior. Stable since Kubernetes v1.25 Once created, they can't be deleted. Konrad F. Heimel, 2023-10-19 12
Using Ephemeral Containers for Debugging Inspect a running pod without halting its operation. Don't need tools outside your production image. Communicate over localhost, use IPC, inspect processes, and access shared volumes. Debug command example: k debug --image=nicolaka/netshoot -it -- /bin/bash Konrad F. Heimel, 2023-10-19 13
Basic Network Debugging Commands 1. ping <hostname/IP> - Check network connectivity. 2. netstat -tuln - Display listening ports. 3. nslookup <hostname> - DNS lookup. 4. traceroute <hostname/IP> - Trace network path. 5. ifconfig or ip a - Display network interfaces. 6. nc -zv <hostname/IP> <port> - Check if port is open. Konrad F. Heimel, 2023-10-19 14
Kubernetes and Linux Namespaces Linux namespaces provide isolated environments with unique resources The container runtime leveraged by Kubernetes creates a new set of namespaces for each pod, ensuring isolated network, IPC, UTS, and PID environments. Sidecar containers, deployed in the same pod as the primary container, share most namespaces, enabling inter-container communication. Network (net) Inter-process Communication (ipc) User ID(user) Process ID(pid) * spec.shareProcessNamespace: true UNIX Time-Sharing(uts) UNIX Time-Sharing(uts) Mount (mnt) Mount (mnt) __ _ _______ _______ _______ __ __ _______ _______ _______ | | | || || || || | | || || || | | |_| || ___||_ _|| _____|| |_| || _ || _ ||_ _| | || |___ | | | |_____ | || | | || | | | | | | _ || ___| | | |_____ || || |_| || |_| | | | | | | || |___ | | _____| || _ || || | | | |_| |__||_______| |___| |_______||__| |__||_______||_______| |___| Konrad F. Heimel, 2023-10-19 15
🎥Live Demo Konrad F. Heimel, 2023-10-19 16
Collection of eBPF-based tools for Kubernetes apps. Collects low-level kernel data. Enriches with Kubernetes metadata. Mechanism to deploy eBPF tools to Kubernetes clusters. CLI tool ig for tracing containers. Prometheus metrics endpoint. Konrad F. Heimel, 2023-10-19 17
Linux kernel technology. Restricted C subset programs. Compiled to special bytecode. Validated before kernel execution. from __future__ import print_function from bcc import BPF from bcc.utils import printb # load BPF program b = BPF(text=""" TRACEPOINT_PROBE(random, urandom_read) { // args is from /sys/kernel/debug/tracing/events/random/urandom_read/format bpf_trace_printk("%dn", args->got_bits); return 0; } """) # header print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS")) # format output while 1: try: (task, pid, cpu, flags, ts, msg) = b.trace_fields() except ValueError: continue except KeyboardInterrupt: exit() printb(b"%-18.9f %-16s %-6d %s" % (ts, task, pid, msg)) Konrad F. Heimel, 2023-10-19 18
eBPF Overview Source: https://www.brendangregg.com/ebpf.html 19
Inspektor Gadget Overview Provides a trace Custom Resource Definition (CRD) for control. Interaction through kubectl gadget CLI. Gadget pod has a Kubernetes controller to perform CR actions. eBPF program installation via tracers from trace CRD. eBPF: Inbuilt kernel VM allowing userspace scripts in kernel space. Konrad F. Heimel, 2023-10-19 20
🎥Live Demo Konrad F. Heimel, 2023-10-19 21
The Gadgets Konrad F. Heimel, 2023-10-19 22
Installing Inspector Gadget Install Inspector Gadget using Krew kubectl plugin manager: $ kubectl krew install gadget Deploy Inspector Gadget on Kubernetes: $ kubectl gadget deploy Creating Namespace/gadget... ... Creating DaemonSet/gadget... ... Inspektor Gadget successfully deployed Konrad F. Heimel, 2023-10-19 23
Kubeshark – API Traffic Analyzer for Kubernetes Think Wireshark re-invented for Kubernetes Real-time, identity-aware, protocol-level visibility into K8s API traffic Konrad F. Heimel, 2023-10-19 24
Kubeshark in Action 1. Network Analysis: Real-time protocol-level visibility & troubleshooting 2. Investigating Traffic: Filter and inspect pod-to-pod communication 3. Security Auditing: Identify suspicious traffic patterns & threats 4. Historic Traffic Analysis: Analyze past traffic snapshots 5. Connectivity Troubleshooting: Diagnose network errors & latency issues Konrad F. Heimel, 2023-10-19 25
Konrad F. Heimel, 2023-10-19 26
Konrad F. Heimel, 2023-10-19 27
Kubeshark: Tracing Encrypted Traffic How? Using eBPF to sniff encrypted TLS traffic without decryption. Hooks into OpenSSL & Go's crypto/tls package. Deploy Kubeshark with TLS Sniffing: kubeshark tap --tls -n kh-demo Supports OpenSSL & Go's crypto/tls. Konrad F. Heimel, 2023-10-19 28
Further Resources mirrord inspector gadget eBPF Basics kubeshark Related Tools Krew kubectl Plugin Manager BPF Compiler Collection (BCC) Konrad F. Heimel, 2023-10-19 29

Recommended

Kubernetes Debugging with Mirrord and Kubernetes
Kubernetes Debugging with Mirrord and KubernetesKubernetes Debugging with Mirrord and Kubernetes
Kubernetes Debugging with Mirrord and KubernetesKonrad Ferdinand Heimel
 
Kubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesKubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesQAware GmbH
 
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example ProjectMastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example Projectwajrcs
 
Kubernetes
KubernetesKubernetes
KubernetesLinjith Kunnon
 
Red Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayRed Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayJohannes Brännström
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbain|u - The Open Security Community
 
From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)佑介 九岡
 

Recommended

Kubernetes Debugging with Mirrord and Kubernetes
Kubernetes Debugging with Mirrord and KubernetesKubernetes Debugging with Mirrord and Kubernetes
Kubernetes Debugging with Mirrord and KubernetesKonrad Ferdinand Heimel
 
Kubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesKubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesQAware GmbH
 
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example ProjectMastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example Projectwajrcs
 
Kubernetes
KubernetesKubernetes
KubernetesLinjith Kunnon
 
Red Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayRed Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayJohannes Brännström
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbain|u - The Open Security Community
 
From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)佑介 九岡
 
IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017Robert Parker
 
OSS Japan 2019 service mesh bridging Kubernetes and legacy
OSS Japan 2019 service mesh bridging Kubernetes and legacyOSS Japan 2019 service mesh bridging Kubernetes and legacy
OSS Japan 2019 service mesh bridging Kubernetes and legacySteve Wong
 
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive KubernetesIBM France Lab
 
Kubernetes Basis: Pods, Deployments, and Services
Kubernetes Basis: Pods, Deployments, and ServicesKubernetes Basis: Pods, Deployments, and Services
Kubernetes Basis: Pods, Deployments, and ServicesJian-Kai Wang
 
Kubernetes
KubernetesKubernetes
KubernetesMeng-Ze Lee
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackQAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17Mario-Leander Reimer
 
Nynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptxNynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptxDanielHertzberg4
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmAbhinandan P.b
 
Networking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmNetworking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmDocker, Inc.
 
Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?msyukor
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceScaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceBen Hall
 
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconCloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconMario-Leander Reimer
 
Deep Learning Edge
Deep Learning Edge Deep Learning Edge
Deep Learning Edge Ganesan Narayanasamy
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_kanedafromparis
 
Kubernetes
KubernetesKubernetes
KubernetesLhouceine OUHAMZA
 
Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)
Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)
Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)Shift Conference
 
Cloud Native Data Warehouses - Intro to ClickHouse on Kubernetes-2021-07.pdf
Cloud Native Data Warehouses - Intro to ClickHouse on Kubernetes-2021-07.pdfCloud Native Data Warehouses - Intro to ClickHouse on Kubernetes-2021-07.pdf
Cloud Native Data Warehouses - Intro to ClickHouse on Kubernetes-2021-07.pdfAltinity Ltd
 
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Ajeet Singh Raina
 
Akri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalAkri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalLibbySchulze1
 
developer-experience.pdf
developer-experience.pdfdeveloper-experience.pdf
developer-experience.pdfKonrad Ferdinand Heimel
 
Das Pfadfinderprinzip in DevOps
Das Pfadfinderprinzip in DevOpsDas Pfadfinderprinzip in DevOps
Das Pfadfinderprinzip in DevOpsKonrad Ferdinand Heimel
 

More Related Content

Similar to Tools for kubernetes network debugging

IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017Robert Parker
 
OSS Japan 2019 service mesh bridging Kubernetes and legacy
OSS Japan 2019 service mesh bridging Kubernetes and legacyOSS Japan 2019 service mesh bridging Kubernetes and legacy
OSS Japan 2019 service mesh bridging Kubernetes and legacySteve Wong
 
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive KubernetesIBM France Lab
 
Kubernetes Basis: Pods, Deployments, and Services
Kubernetes Basis: Pods, Deployments, and ServicesKubernetes Basis: Pods, Deployments, and Services
Kubernetes Basis: Pods, Deployments, and ServicesJian-Kai Wang
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackQAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17Mario-Leander Reimer
 
Nynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptxNynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptxDanielHertzberg4
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmAbhinandan P.b
 
Networking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmNetworking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmDocker, Inc.
 
Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?msyukor
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceScaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceBen Hall
 
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconCloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconMario-Leander Reimer
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_kanedafromparis
 
Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)
Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)
Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)Shift Conference
 
Cloud Native Data Warehouses - Intro to ClickHouse on Kubernetes-2021-07.pdf
Cloud Native Data Warehouses - Intro to ClickHouse on Kubernetes-2021-07.pdfCloud Native Data Warehouses - Intro to ClickHouse on Kubernetes-2021-07.pdf
Cloud Native Data Warehouses - Intro to ClickHouse on Kubernetes-2021-07.pdfAltinity Ltd
 
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Ajeet Singh Raina
 
Akri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalAkri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalLibbySchulze1
 

Similar to Tools for kubernetes network debugging (20)

IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017
 
OSS Japan 2019 service mesh bridging Kubernetes and legacy
OSS Japan 2019 service mesh bridging Kubernetes and legacyOSS Japan 2019 service mesh bridging Kubernetes and legacy
OSS Japan 2019 service mesh bridging Kubernetes and legacy
 
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
 
Kubernetes Basis: Pods, Deployments, and Services
Kubernetes Basis: Pods, Deployments, and ServicesKubernetes Basis: Pods, Deployments, and Services
Kubernetes Basis: Pods, Deployments, and Services
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stack
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
 
Nynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptxNynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptx
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and Swarm
 
Networking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmNetworking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarm
 
Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceScaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container Service
 
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconCloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
 
Deep Learning Edge
Deep Learning Edge Deep Learning Edge
Deep Learning Edge
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)
Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)
Metalkube: Deploy Kubernetes on Bare Metal - Yolanda Robla (Red Hat)
 
Cloud Native Data Warehouses - Intro to ClickHouse on Kubernetes-2021-07.pdf
Cloud Native Data Warehouses - Intro to ClickHouse on Kubernetes-2021-07.pdfCloud Native Data Warehouses - Intro to ClickHouse on Kubernetes-2021-07.pdf
Cloud Native Data Warehouses - Intro to ClickHouse on Kubernetes-2021-07.pdf
 
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
 
Akri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalAkri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-final
 

More from Konrad Ferdinand Heimel

Konfigurationsmanagement mit Opscode Chef
Konfigurationsmanagement mit Opscode ChefKonfigurationsmanagement mit Opscode Chef
Konfigurationsmanagement mit Opscode ChefKonrad Ferdinand Heimel
 
Konfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
Konfigurationsmanagement bei Netzwerkhardware - Eine EvaluationKonfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
Konfigurationsmanagement bei Netzwerkhardware - Eine EvaluationKonrad Ferdinand Heimel
 

More from Konrad Ferdinand Heimel (6)

developer-experience.pdf
developer-experience.pdfdeveloper-experience.pdf
developer-experience.pdf
 
Das Pfadfinderprinzip in DevOps
Das Pfadfinderprinzip in DevOpsDas Pfadfinderprinzip in DevOps
Das Pfadfinderprinzip in DevOps
 
Konfigurationsmanagement mit Opscode Chef
Konfigurationsmanagement mit Opscode ChefKonfigurationsmanagement mit Opscode Chef
Konfigurationsmanagement mit Opscode Chef
 
NETCONF & YANG
NETCONF & YANGNETCONF & YANG
NETCONF & YANG
 
SNMP - Eine kurze Einführung
SNMP - Eine kurze Einführung SNMP - Eine kurze Einführung
SNMP - Eine kurze Einführung
 
Konfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
Konfigurationsmanagement bei Netzwerkhardware - Eine EvaluationKonfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
Konfigurationsmanagement bei Netzwerkhardware - Eine Evaluation
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Recently uploaded (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

Tools for kubernetes network debugging

  • 1. Kubernetes Network Debugging Tools and Techniques to make one of the most frustrating parts of Kubernetes easier Konrad F. Heimel, 2023-10-19 1
  • 2. Agenda mirrord Transfer your IDE into the Kubernetes cluster ephemeral containers Using debug tools without bloating your images inspector gadget Cloud-native debugging using eBPF kubeshark API traffic analyzer for Kubernetes Konrad F. Heimel, 2023-10-19 2
  • 3. Containers and Networking Challenges for Developers Consistency in Containers Application + Dependencies = Consistent file environment. Networking Issues Containers don't ensure networking consistency. Network differences Main source of errors. Kubernetes Locally? Replicating full Kubernetes = Resource intensive & confusing. Not feasible for every developer. Konrad F. Heimel, 2023-10-19 3
  • 4. What is mirrord? Connects a local process to your Kubernetes cluster. Comes with CLI & plugins for IntelliJ and VS Code. Debug in the cloud, without deploying. Test locally in cloud conditions: Without local deployment Without CI/CD Without deploying untested code Konrad F. Heimel, 2023-10-19 4
  • 5. 🎥Live Demo Konrad F. Heimel, 2023-10-19 5
  • 6. How does it work? 1. Creates a mirrord-agent in the cluster: Clones/steals & forwards traffic 2. Overrides local process' syscalls to: Listen to agent's incoming traffic. Send out traffic from remote pod. Access remote file system. Merge pod's environment with local. Konrad F. Heimel, 2023-10-19 6
  • 7. Language/Framework Support Hooks libc , supporting: Rust Node Python Java Kotlin Ruby ... and others! Also supports Go, not using libc . Konrad F. Heimel, 2023-10-19 7
  • 8. Installation on Cluster? Nothing persistent. Short-lived pod/container for proxy. Only needs kubectl configured. Incompatible with Pod Security Standards. apiVersion: v1 kind: Pod metadata: name: mirrord-agent-lgfcl4ujer-mxbgp spec: containers: - image: app:1.0.0 name: greenfield ephemeralContainers: - command: - ./mirrord-agent - -l - "49332" - -e image: ghcr.io/metalbear-co/mirrord:3.56.1 imagePullPolicy: IfNotPresent name: mirrord-agent-mszkpupjeb securityContext: capabilities: add: - SYS_ADMIN - SYS_PTRACE - NET_RAW - NET_ADMIN runAsGroup: 44448 Konrad F. Heimel, 2023-10-19 8
  • 9. Configuration target : Pod/group you connect to. env : Merge pod's and local's environment. networking.mode : steal : Capture incoming mirror : Sniff & forward a copy fs.mode : localwithoverrides : Read Kubelet- generated files. { "kube_context": "my-cluster", "accept_invalid_certificates": false, "target": { "path": "deploy/spring-demo-chart", "namespace": "mirrord-demo" }, "feature": { "network": { "incoming": { "mode": "mirror", "outgoing": true }, "dns": true }, "fs": { "mode": "localwithoverrides" }, "env": true }, "telemetry": false } Konrad F. Heimel, 2023-10-19 9
  • 10. Advantages of mirrord Mirrors traffic ensuring safety. Flexibly manage traffic and file operations. Superior to local clusters: Handles complex environments. No installation of infrastructure on cluster required. No cluster deployments: Stable code remains. Connects specific services to the cloud. Konrad F. Heimel, 2023-10-19 10
  • 11. mirrord vs. Telepresence Process-level operation (no daemons). Run multiple services concurrently. No cluster installation needed. Duplicates traffic by default. IDE extensions available! vs Konrad F. Heimel, 2023-10-19 11
  • 12. Introduction to Ephemeral Containers Not part of the pod's spec, but born as needed. Share namespaces with containers in the same pod. Powerful for understanding & diagnosing app behavior. Stable since Kubernetes v1.25 Once created, they can't be deleted. Konrad F. Heimel, 2023-10-19 12
  • 13. Using Ephemeral Containers for Debugging Inspect a running pod without halting its operation. Don't need tools outside your production image. Communicate over localhost, use IPC, inspect processes, and access shared volumes. Debug command example: k debug --image=nicolaka/netshoot -it -- /bin/bash Konrad F. Heimel, 2023-10-19 13
  • 14. Basic Network Debugging Commands 1. ping <hostname/IP> - Check network connectivity. 2. netstat -tuln - Display listening ports. 3. nslookup <hostname> - DNS lookup. 4. traceroute <hostname/IP> - Trace network path. 5. ifconfig or ip a - Display network interfaces. 6. nc -zv <hostname/IP> <port> - Check if port is open. Konrad F. Heimel, 2023-10-19 14
  • 15. Kubernetes and Linux Namespaces Linux namespaces provide isolated environments with unique resources The container runtime leveraged by Kubernetes creates a new set of namespaces for each pod, ensuring isolated network, IPC, UTS, and PID environments. Sidecar containers, deployed in the same pod as the primary container, share most namespaces, enabling inter-container communication. Network (net) Inter-process Communication (ipc) User ID(user) Process ID(pid) * spec.shareProcessNamespace: true UNIX Time-Sharing(uts) UNIX Time-Sharing(uts) Mount (mnt) Mount (mnt) __ _ _______ _______ _______ __ __ _______ _______ _______ | | | || || || || | | || || || | | |_| || ___||_ _|| _____|| |_| || _ || _ ||_ _| | || |___ | | | |_____ | || | | || | | | | | | _ || ___| | | |_____ || || |_| || |_| | | | | | | || |___ | | _____| || _ || || | | | |_| |__||_______| |___| |_______||__| |__||_______||_______| |___| Konrad F. Heimel, 2023-10-19 15
  • 16. 🎥Live Demo Konrad F. Heimel, 2023-10-19 16
  • 17. Collection of eBPF-based tools for Kubernetes apps. Collects low-level kernel data. Enriches with Kubernetes metadata. Mechanism to deploy eBPF tools to Kubernetes clusters. CLI tool ig for tracing containers. Prometheus metrics endpoint. Konrad F. Heimel, 2023-10-19 17
  • 18. Linux kernel technology. Restricted C subset programs. Compiled to special bytecode. Validated before kernel execution. from __future__ import print_function from bcc import BPF from bcc.utils import printb # load BPF program b = BPF(text=""" TRACEPOINT_PROBE(random, urandom_read) { // args is from /sys/kernel/debug/tracing/events/random/urandom_read/format bpf_trace_printk("%dn", args->got_bits); return 0; } """) # header print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS")) # format output while 1: try: (task, pid, cpu, flags, ts, msg) = b.trace_fields() except ValueError: continue except KeyboardInterrupt: exit() printb(b"%-18.9f %-16s %-6d %s" % (ts, task, pid, msg)) Konrad F. Heimel, 2023-10-19 18
  • 20. Inspektor Gadget Overview Provides a trace Custom Resource Definition (CRD) for control. Interaction through kubectl gadget CLI. Gadget pod has a Kubernetes controller to perform CR actions. eBPF program installation via tracers from trace CRD. eBPF: Inbuilt kernel VM allowing userspace scripts in kernel space. Konrad F. Heimel, 2023-10-19 20
  • 21. 🎥Live Demo Konrad F. Heimel, 2023-10-19 21
  • 22. The Gadgets Konrad F. Heimel, 2023-10-19 22
  • 23. Installing Inspector Gadget Install Inspector Gadget using Krew kubectl plugin manager: $ kubectl krew install gadget Deploy Inspector Gadget on Kubernetes: $ kubectl gadget deploy Creating Namespace/gadget... ... Creating DaemonSet/gadget... ... Inspektor Gadget successfully deployed Konrad F. Heimel, 2023-10-19 23
  • 24. Kubeshark – API Traffic Analyzer for Kubernetes Think Wireshark re-invented for Kubernetes Real-time, identity-aware, protocol-level visibility into K8s API traffic Konrad F. Heimel, 2023-10-19 24
  • 25. Kubeshark in Action 1. Network Analysis: Real-time protocol-level visibility & troubleshooting 2. Investigating Traffic: Filter and inspect pod-to-pod communication 3. Security Auditing: Identify suspicious traffic patterns & threats 4. Historic Traffic Analysis: Analyze past traffic snapshots 5. Connectivity Troubleshooting: Diagnose network errors & latency issues Konrad F. Heimel, 2023-10-19 25
  • 26. Konrad F. Heimel, 2023-10-19 26
  • 27. Konrad F. Heimel, 2023-10-19 27
  • 28. Kubeshark: Tracing Encrypted Traffic How? Using eBPF to sniff encrypted TLS traffic without decryption. Hooks into OpenSSL & Go's crypto/tls package. Deploy Kubeshark with TLS Sniffing: kubeshark tap --tls -n kh-demo Supports OpenSSL & Go's crypto/tls. Konrad F. Heimel, 2023-10-19 28
  • 29. Further Resources mirrord inspector gadget eBPF Basics kubeshark Related Tools Krew kubectl Plugin Manager BPF Compiler Collection (BCC) Konrad F. Heimel, 2023-10-19 29