https://github.com/att-cloudnative-labs/khan
Connection Tracking for Kubernetes Pods
https://github.com/att-cloudnative-labs/khan
Last synced: 6 months ago
JSON representation
Connection Tracking for Kubernetes Pods
- Host: GitHub
- URL: https://github.com/att-cloudnative-labs/khan
- Owner: att-cloudnative-labs
- License: mit
- Created: 2019-08-22T22:00:28.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2023-02-25T07:04:20.000Z (over 3 years ago)
- Last Synced: 2025-04-09T21:43:55.960Z (about 1 year ago)
- Language: Go
- Size: 8.08 MB
- Stars: 2
- Watchers: 2
- Forks: 0
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
## Khan - Pod Connection Tracking Metrics Exporter
[](https://goreportcard.com/report/github.com/att-cloudnative-labs/khan)
[](https://travis-ci.org/att-cloudnative-labs/khan)
#
Khan captures connection tracking snapshots on Pods, and Nodes and exposes them as prometheus metrics. Note that the metrics don't constitute realtime connection info, only snapshots that are polled with a default period of 30s.
The use case for this application is for tracking down pods/services that are leaking connections or finding an unknown client that is overloading a server.
This application is composed of a 'controller' that runs as a deployment. The controller is mainly an API for the node agents to retrieve mappings of IP-to-pod for IPs found in the conntrack table. The 'agent' runs as a daemonset on each node and captures the conntrack table and converts it to a set of prometheus metrics.
## Metrics
There is one metric exposed, 'khan_connection' which is a counter. The following labels are included with this metric:
* node: Node name of the host the agent is running on
* src_type: This is the type of host for source of the connection. It depends on a mapping of the source IP address to a specific type. Possible values are:
* pod: mapped by pod IP
* service: mapped by cluster IP
* node: mapped by node IP
* network: tied to overlay network (flannel). depends on nodes containing podCIDR. network address of podCIDR becomes the mapped address
* gateway: mapped to gateway address. also depends on nodes containing podCIDR. currently, first address of podCIDR (x.x.x.1) becomes the mapped address
* src_ip: IP of the source of the connection
* src_ns: Source namespace (pods and services only) of the source of the connection
* src_app: Value of the label 'app' for the source pod or service
* src_name: Name for the source of connection
* dst_type: This is the type of host for destination of the connection. It depends on a mapping of the destination IP address to a specific type. Possible values are same as src_type
* dst_ip: IP of the destination of the connection
* dst_ns: Source namespace (pods and services only) of the source of the connection
* dst_app: Value of the label 'app' for the destination pod or service
* dst_name: Name for the destination of connection
## Additional info
Maintained and in-use by the Platform Team @ AT&T Entertainment Cloud Native Labs.
Distributed under the AT&T MIT license. See ``LICENSE`` for more information.