kubeshark v40.5 releases: API traffic analyzer for Kubernetes

kubeshark

Kubeshark is an API Traffic Analyzer for Kubernetes providing real-time, protocol-level visibility into Kubernetes’ internal network, capturing and monitoring all traffic and payloads going in, out, and across containers, pods, nodes, and clusters.

Think TCPDump and Wireshark re-invented for Kubernetes

Network Analysis

Kubeshark can sniff parts or all OSI L4 (TCP and UDP) traffic in your cluster, record it into PCAP files and dissect the following application layer protocols:

• HTTP/1.0
• HTTP/1.1
• HTTP/2
• AMQP
• Apache Kafka
• Redis
• DNS

Kubeshark recognizes gRPC over HTTP/2, GraphQL over HTTP/1.1, and GraphQL over HTTP/2.

Kubeshark uses extended BPF (eBPF) to trace function calls in both the kernel space and the user space.

Kubeshark can sniff the encrypted traffic (TLS) in your cluster using eBPF without actually doing decryption. In fact, it hooks into entry and exit points in certain functions inside the OpenSSL library and Go’s crypto/tls package.

Kubeshark can recognize service mesh solutions like Istio, Linkerd, and other service mesh solutions that use Envoy Proxy under the hood.

Actionable Automation, Scripts & L4/L7 Hooks

With a combination of a scripting language, hooks, helpers, and jobs, Kubeshark can detect suspicious network behaviors and trigger actions supported by the available integrations (e.g. Slack, AWS S3, InfluxDB, Elasticsearch, and more).

Changelog v40

• All namespaces are now tapped by default and there’s no need to use the -A flag. The -n flag can be used to specify a certain namespaces.
• Starting to use node-level persistent volumes to ensure no data loss. As a result of this change, certain changes follow:
• Added a PersistentVolumeClaim that the worker DaemonSet mounts.
• Changed the storagelimit option’s format from 200MB to 200Mi for complying with Kubernetes’ internal quantity parser.
• Added storageclass option to set the StorageClass in PersistentVolumeClaim. Default value is standard.
• The above is a breaking change: You need to run kubeshark config -r to regenerate the ~/.kubeshark/config.yaml incase of an existing configuration file.

Install & Use

Copyright 2022 Kubeshark