Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/moolen/juno

:satellite: Network Observability for Kubernetes
https://github.com/moolen/juno

ebpf kubernetes networking observability tracing

Last synced: 5 days ago
JSON representation

:satellite: Network Observability for Kubernetes

Host: GitHub
URL: https://github.com/moolen/juno
Owner: moolen
License: apache-2.0
Created: 2020-03-23T22:00:50.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2020-04-02T15:06:09.000Z (almost 5 years ago)
Last Synced: 2024-11-09T20:16:37.500Z (2 months ago)
Topics: ebpf, kubernetes, networking, observability, tracing
Language: C
Homepage:
Size: 20.4 MB
Stars: 2
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Juno
Network tracing and auditing for Kubernetes.

## TODO

Poc #1
* [x] run kprobe for tcp connect/accept
* [x] draw dependency graph based on observed connections (see /tmp/graph.svg)

PoC #2
* [x] run eBPF program on veth to extract traffic flow information
* [x] implement auditing use-case: implement event buffer map per veth interface
* [x] implement central component to collect traffic information

Poc #3
* [ ] derive service graph from collected traces (potentially configurable via label selectors)
* [ ] export metrics in agents

## Limitations

* ~~this supports only a fixed number of CPUs (currently 2) see `tcptracker-sock-bpf.c` / `MAX_CPU`~~ *fixed*

## Notes

* docker/moby does not support cgroup2 (we can not inject eBPF into cgroup2 netns)
* [tcptracer-bpf](https://github.com/weaveworks/tcptracer-bpf) kinda does exactly this BUT runs as `kprobe/tcp_v4_connect` with the limitation that it only supports tcp AND it does not get all connect calls.

## Installation

```
kubectl apply -k config/default/
```

## Example

Preprequisites:
* have juno installed

follow hubble example:

```
kubectl create namespace jobs-demo
kubectl -n jobs-demo apply -f https://app.isovalent.com/demos/jobs.yaml
```

Once the pods are up generate some traffic:

```
curl -sLO https://app.isovalent.com/demos/jobs-traffic.sh && bash jobs-traffic.sh jobs-demo
```

## Development
```sh
$ minikube start
# build bpf bytecode and protobuf defs
$ make all

# build docker container in minikube
$ eval $(minikube docker-env)
$ docker build . -t quay.io/moolen/juno:test
$ kubectl apply -k config/default

# test server locally
$ kubectl port-forward svc/juno 3000:3000
$ ./bin/juno server
INFO[0002] received trace: trace: IP: l4: > > l7: > >
INFO[0000] received trace: trace: IP: l4: > > l7: > >

# install demo app
$ kubectl apply -f ./hack/microservices-demo.yaml

```