mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-06-28 00:59:58 +00:00
The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by Wireshark, purposely built for Kubernetes
amqpcloud-nativedevopsdevops-toolsdockerforensicsgogolanggrpcincident-responsekafkakubernetesmicroservicemicroservicesmicroservices-applicationobservabilityredisrestsnifferwireshark
dea223bfe1
* Implemented validation rules, based on: https://up9.atlassian.net/browse/TRA-3349 * Color on Entry based on rules * Background red/green based on rules * Change flag --validation-rules to --test-rules * rules tab UI updated * rules tab font and background-color is changed for objects * Merged with develop * Fixed compilation issues. * Renamed fullEntry -> harEntry where appropriate. * Change green/red logic * Update models.go * Fix latency bug and alignment * Merge Conflicts fix * Working after merge * Working on Nimrod comments * Resolving conflicts * Resolving conflicts * Resolving conflicts * Nimrod Comments pt.3 * Log Error on configmap creation if the user doesn't have permission. * Checking configmap permission to ignore --test-rules * Revert time for mizu to get ready * Nimrod comments pt 4 && merge develop pt3 * Nimrod comments pt 4 && merge develop pt3 * Const rulePolicyPath and filename Co-authored-by: Neim <elezin9@gmail.com> Co-authored-by: nimrod-up9 <nimrod@up9.com> |
||
|---|---|---|
| .github/workflows | ||
| agent | ||
| assets | ||
| cli | ||
| examples/roles | ||
| shared | ||
| tap | ||
| ui | ||
| .dockerignore | ||
| .gitignore | ||
| build-push-featurebranch.sh | ||
| debug.Dockerfile | ||
| Dockerfile | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
The API Traffic Viewer for Kubernetes
A simple-yet-powerful API traffic viewer for Kubernetes to help you troubleshoot and debug your microservices. Think TCPDump and Chrome Dev Tools combined.
Features
- Simple and powerful CLI
- Real time view of all HTTP requests, REST and gRPC API calls
- No installation or code instrumentation
- Works completely on premises (on-prem)
Download
Download mizu for your platform and operating system
Latest stable release
- for MacOS - Intel
curl -Lo mizu \
https://github.com/up9inc/mizu/releases/latest/download/mizu_darwin_amd64 \
&& chmod 755 mizu
- for Linux - Intel 64bit
curl -Lo mizu \
https://github.com/up9inc/mizu/releases/latest/download/mizu_linux_amd64 \
&& chmod 755 mizu
SHA256 checksums are available on the Releases page.
Development (unstable) build
Pick one from the Releases page.
Prerequisites
- Set
KUBECONFIGenvironment variable to your kubernetes configuration. If this is not set, mizu assumes that configuration is at${HOME}/.kube/config - mizu needs following permissions on your kubernetes cluster to run
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- watch
- create
- apiGroups:
- ""
resources:
- services
verbs:
- create
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- services/proxy
verbs:
- get
- Optionally, for resolving traffic ip to kubernetes service name, mizu needs below permissions
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
- apps
- extensions
resources:
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- create
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
verbs:
- list
- create
- delete
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
verbs:
- list
- create
- delete
See examples/roles for example clusterroles.
How to run
- Find pods you'd like to tap to in your Kubernetes cluster
- Run
mizu tap PODNAMEormizu tap REGEX - Open browser on
http://localhost:8899/mizuor as instructed in the CLI .. - Watch the API traffic flowing ..
- Type ^C to stop
Examples
Run mizu help for usage options
To tap specific pod -
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
front-end-649fc5fd6-kqbtn 2/2 Running 0 7m
..
$ mizu tap front-end-649fc5fd6-kqbtn
+front-end-649fc5fd6-kqbtn
Web interface is now available at http://localhost:8899
^C
To tap multiple pods using regex -
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
carts-66c77f5fbb-fq65r 2/2 Running 0 20m
catalogue-5f4cb7cf5-7zrmn 2/2 Running 0 20m
front-end-649fc5fd6-kqbtn 2/2 Running 0 20m
..
$ mizu tap "^ca.*"
+carts-66c77f5fbb-fq65r
+catalogue-5f4cb7cf5-7zrmn
Web interface is now available at http://localhost:8899
^C