{"id":38147200,"url":"https://github.com/elastiflow/mermin","last_synced_at":"2026-06-10T15:00:35.715Z","repository":{"id":323550034,"uuid":"976831813","full_name":"elastiflow/mermin","owner":"elastiflow","description":"A Kubernetes-native network observability tool that uses eBPF to auto-instrument network traffic and export it as Flow Traces via OpenTelemetry, providing deep visibility into cluster communications.","archived":false,"fork":false,"pushed_at":"2026-06-08T18:08:01.000Z","size":5069,"stargazers_count":30,"open_issues_count":9,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-06-08T18:10:24.112Z","etag":null,"topics":["cni","ebpf","kubernetes","network","observability","open-telemetry","otel"],"latest_commit_sha":null,"homepage":"https://docs.mermin.dev/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elastiflow.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"docs/CONTRIBUTING.md","funding":null,"license":"LICENSE-APACHE","code_of_conduct":"docs/CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":"COPYRIGHT","agents":null,"dco":null,"cla":null}},"created_at":"2025-05-02T20:43:59.000Z","updated_at":"2026-06-08T18:03:38.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/elastiflow/mermin","commit_stats":null,"previous_names":["elastiflow/mermin"],"tags_count":153,"template":false,"template_full_name":null,"purl":"pkg:github/elastiflow/mermin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elastiflow%2Fmermin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elastiflow%2Fmermin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elastiflow%2Fmermin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elastiflow%2Fmermin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elastiflow","download_url":"https://codeload.github.com/elastiflow/mermin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elastiflow%2Fmermin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34157453,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-10T02:00:07.152Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cni","ebpf","kubernetes","network","observability","open-telemetry","otel"],"created_at":"2026-01-16T22:57:35.384Z","updated_at":"2026-06-10T15:00:35.708Z","avatar_url":"https://github.com/elastiflow.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://res.cloudinary.com/elastiflow-cloudinary/image/upload/v1762568258/mermin/Mermin_Primary_Logo_Gradient_Light_uljb3t.png\"\u003e\n    \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://res.cloudinary.com/elastiflow-cloudinary/image/upload/v1762568258/mermin/Mermin_Primary_Logo_Gradient_Dark_vmjdoq.png\"\u003e\n    \u003cimg alt=\"Mermin\" src=\"https://res.cloudinary.com/elastiflow-cloudinary/image/upload/v1762568258/mermin/Mermin_Primary_Logo_Gradient_Dark_vmjdoq.png\"\u003e\n  \u003c/picture\u003e\n\u003c/h1\u003e\n\n**Mermin** is a powerful, Kubernetes-native network observability tool that uses eBPF to efficiently capture network traffic and export it as **Flow Traces** via the OpenTelemetry Protocol (OTLP). It provides deep visibility into your cluster's network communications with zero application changes required.\n\n---\n\n## Why Mermin?\n\n### The Problem\n\nYour APM traces show application behavior. Your network monitoring shows IP-level statistics. But there's a gap: when a trace shows a slow network span, you have no way to correlate that with actual network flow data. When network teams see congestion, they can't map it back to specific services or pods.\n\nThe MELT stack (Metrics, Events, Logs, Traces) is missing network flow data—connection-level information that bridges application performance with network reality.\n\n### What Mermin Does\n\nMermin captures network traffic using eBPF and exports it as **Flow Traces**—network flows represented as OpenTelemetry spans. This brings network visibility into the OTel ecosystem using a standard signal type.\n\n**The \"Sweet Spot\": Why Flow Data?**\n\nObservability involves trade-offs between granularity and overhead. Flow data sits between two extremes:\n\n- **Not Raw PCAP**: Full packet capture is expensive to store and query. Mermin aggregates packets into flows—you get connection-level detail without payload overhead.\n- **Not Just Counters**: Metrics tell you bandwidth usage but miss connection context—timing, retransmissions, directionality.\n\nFlow data provides **granular, connection-level detail that's lightweight enough to run always-on in production.**\n\n### Key Capabilities\n\n- **Auto-Instrumentation for Your Network Stack**: Just as eBPF-based APM tools auto-instrument application code, Mermin auto-instruments your network layer. Deploy once per node, get visibility into all traffic—no per-service configuration required.\n- **Kubernetes-Native Enrichment**: Flows include Pod, Service, and Deployment metadata. You see `frontend-service` → `redis-cache`, not `10.42.0.5` → `10.42.0.8`.\n- **Zero Code Changes**: eBPF captures traffic transparently—no sidecars, no application modifications, no service mesh required.\n- **Standards-Based Export**: Native OTLP output integrates with your existing observability stack (Tempo, Jaeger, Elastic, etc.).\n- **Production-Ready**: Low-overhead kernel-level capture designed for always-on operation.\n\n## Quick Start\n\nThe fastest way to get started with Mermin is to deploy it to a local Kubernetes cluster using our quickstart guide:\n\n**[Follow the Complete Quickstart Guide](https://docs.mermin.dev/getting-started/quickstart-guide)**\n\nOr deploy directly with Helm:\n\n```shell\nhelm repo add elastiflow https://elastiflow.github.io/mermin\nhelm install mermin elastiflow/mermin --namespace mermin --create-namespace\n```\n\nOnce deployed, Mermin runs as a DaemonSet with one pod per node, automatically capturing network traffic and exporting Flow Traces to your configured OTLP endpoint.\n\n## How It Compares\n\n| Feature                | Mermin                 | eBPF APM Agents        | Traditional NetFlow/IPFIX | Service Mesh (Istio/Linkerd) | Packet Capture Tools  |\n|------------------------|------------------------|------------------------|---------------------------|------------------------------|-----------------------|\n| Kubernetes Context     | ✅ Native               | ✅ Native               | ❌ None                    | ✅ Native                     | ❌ None                |\n| Application Changes    | ✅ Zero                 | ✅ Zero                 | ✅ Zero                    | ❌ Sidecar injection          | ✅ Zero                |\n| Network Data Type      | ✅ Flow Records         | ❌ Counters only        | ✅ Flow Records            | ⚠️ Request/response           | ✅ Full packets        |\n| Connection Context     | ✅ Full details         | ❌ Aggregated metrics   | ✅ Full details            | ⚠️ L7 only                    | ✅ Full packets        |\n| Performance Overhead   | ✅ Minimal (eBPF)       | ✅ Minimal (eBPF)       | ✅ Low                     | ⚠️ Moderate (sidecars)        | ❌ High (full capture) |\n| Standards-Based Export | ✅ OTLP Traces          | ⚠️ OTLP Metrics         | ⚠️ NetFlow/IPFIX           | ⚠️ Prometheus/vendor-specific | ❌ PCAP files          |\n| Bidirectional Flows    | ✅ Yes                  | ❌ Separate counters    | ✅ Yes                     | ⚠️ Limited                    | ❌ Packet-level only   |\n| Deployment Complexity  | ✅ Simple DaemonSet     | ✅ Simple DaemonSet     | ✅ Simple                  | ⚠️ Complex                    | ✅ Simple              |\n\n**Key Differentiators:**\n\n- **vs eBPF APM Agents**: Exports flow records (with timing, flags, directionality) as traces, not aggregated counter metrics\n- **vs NetFlow/IPFIX**: Adds Kubernetes context and uses modern OTLP standard\n- **vs Service Meshes**: No application changes, lower overhead, but L3/L4 only (not L7)\n- **vs Packet Capture**: Aggregated flows instead of raw packets, with metadata enrichment\n\n## Architecture at a Glance\n\nMermin operates as a DaemonSet in Kubernetes (or as a privileged container on bare metal), with one instance running on each node:\n\n1. **Packet Capture**: eBPF programs attached to network interfaces capture packets at the kernel level.\n2. **Flow Aggregation**: Packets are aggregated into bidirectional network flows with connection state tracking.\n3. **Metadata Enrichment**: Flows are decorated with Kubernetes metadata (pods, services, deployments, labels).\n4. **Flow Traces Export**: Flows are converted to OpenTelemetry trace spans and exported via OTLP\n5. **Observability Backend**: Flow Traces are stored, analyzed, and visualized in your platform (Elastic, Grafana Tempo, Jaeger, etc.)\n\nFor a deeper dive into Mermin's architecture, see our [Architecture Overview](docs/concepts/agent-architecture.md).\n\n## Documentation\n\nComprehensive documentation is available in the `docs/` directory and via [docs.mermin.dev](https://docs.mermin.dev):\n\n### Getting Started\n\n- [Quickstart Guide](docs/getting-started/quickstart-guide.md) - Get up and running in minutes\n- [Architecture Overview](docs/concepts/agent-architecture.md) - Understand how Mermin works\n\n### Deployment\n\n- [Deployment Guide](docs/deployment/overview.md) - Deployment strategies and best practices\n- [Kubernetes with Helm](docs/deployment/kubernetes-helm.md) - Kubernetes deployment details\n- [Cloud Platforms](docs/deployment/cloud-platforms.md) - AWS, GCP, Azure specifics\n- [Docker \u0026 Bare Metal](docs/deployment/docker-bare-metal.md) - Non-Kubernetes deployments\n\n### Configuration\n\n- [Configuration Reference](docs/configuration/overview.md) - Complete configuration options\n- [OTLP Export](docs/configuration/reference/opentelemetry-otlp-exporter.md) - Configure OpenTelemetry export\n- [Filtering](docs/configuration/reference/flow-span-filters.md) - Control which flows are captured\n- [Kubernetes Metadata](docs/configuration/reference/kubernetes-informer-discovery.md) - Kubernetes integration options\n\n### Observability Backends\n\n- [Supported Backends](docs/getting-started/backend-integrations.md) - Elastic, Grafana, Tempo, Jaeger, and more\n\n### Troubleshooting\n\n- [Troubleshooting Guide](docs/troubleshooting/troubleshooting.md) - Common issues and solutions\n- [Deployment Issues](docs/troubleshooting/deployment-issues.md) - Pod startup and configuration problems\n- [Interface Visibility](docs/troubleshooting/interface-visibility-and-traffic-decapsulation.md) - Traffic capture and CNI configuration\n- [Common eBPF Errors](docs/troubleshooting/common-ebpf-errors.md) - Verifier failures and kernel compatibility\n\n### Development \u0026 Contributing\n\n- [Contributing Guide](docs/CONTRIBUTING.md) - How to contribute to Mermin\n- [Development Workflow](docs/contributor-guide/development-workflow.md) - Build, test, and contribute\n- [Debugging eBPF Programs](docs/contributor-guide/debugging-ebpf.md) - eBPF debugging techniques\n- [Debugging Network Traffic](docs/contributor-guide/debugging-network.md) - Wireshark and packet analysis\n\n## Contributing\n\nWe welcome contributions from the community! Whether you're fixing bugs, adding features, improving documentation, or sharing feedback, your contributions help make Mermin better for everyone.\n\n### Ways to Contribute\n\n- 🐛 **Report bugs** via [GitHub Issues](https://github.com/elastiflow/mermin/issues).\n- 💡 **Request features** or share ideas in [GitHub Discussions](https://github.com/elastiflow/mermin/discussions).\n- 📝 **Improve documentation** - PRs for doc improvements are always welcome.\n- 🔧 **Submit code** - See our [Development Workflow](docs/contributor-guide/development-workflow.md) to get started.\n- 💬 **Help others** - Answer questions in Discussions or Slack.\n\n### Getting Started as a Contributor\n\n1. **Read the [Development Workflow](docs/contributor-guide/development-workflow.md)** - Learn how to build, test, and develop Mermin.\n2. **Check out [Good First Issues](https://github.com/elastiflow/mermin/labels/good%20first%20issue)** - Find beginner-friendly tasks.\n3. **Join the conversation** - Connect with us on Slack or GitHub Discussions.\n\nAll contributors are expected to follow our code of conduct and maintain a welcoming, inclusive environment.\n\n## Community \u0026 Support\n\n**Get Help:**\n\n- Slack Channel: https://join.slack.com/t/elastiflowcommunity/shared_invite/zt-23jpnlw9g-Q4nKOwKKOE1N2MjfA2mXpg - Live chat with maintainers and community.\n- 💭 [GitHub Discussions](https://github.com/elastiflow/mermin/discussions) - Ask questions and share knowledge.\n- 🐛 [GitHub Issues](https://github.com/elastiflow/mermin/issues) - Report bugs and track feature requests.\n- 📖 [Documentation](docs/README.md) - Comprehensive guides and references.\n\n### Stay Updated\n\n- ⭐ Star the repo on GitHub to stay notified of new releases.\n- 📢 Follow us for announcements and updates.\n- 🔔 Watch the repository for issue and discussion notifications.\n\n### Enterprise Support\n\n- For commercial support, visit [ElastiFlow](https://www.elastiflow.com).\n\n## Artifacts\n\nDocker images are available in the GitHub Container Registry:\n\n### Standard Production Image\n\n```shell\ndocker pull ghcr.io/elastiflow/mermin:latest\n```\n\n### Debug Image (includes shell and debugging tools)\n\n```shell\ndocker pull ghcr.io/elastiflow/mermin:latest-debug\n```\n\nThe debug image is built using the `gcr.io/distroless/cc-debian12:debug` base image and provides additional debugging tools compared to the standard image.\n\n## License\n\nWith the exception of eBPF code, Mermin is distributed under the terms of the [Apache License](LICENSE-APACHE) (version 2.0).\n\nAny contribution intentionally submitted for inclusion in this crate by you, shall be licensed Apache-2.0, without any additional terms or conditions.\n\n### eBPF\n\nAll eBPF code is distributed under the terms of the [GNU General Public License, Version 2](LICENSE-GPL2).\n\nAny contribution intentionally submitted for inclusion in this project by you, shall be dual licensed GPL-2, without any additional terms or conditions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felastiflow%2Fmermin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felastiflow%2Fmermin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felastiflow%2Fmermin/lists"}