Comments (18)
Currently reviewing #113
Thanks @kdihalas!
from ksniff.
image option already there but failed to pull corfr/tcpdump
from ksniff.
Yes @bostrt I am required to provide an image pull secret as well as define a private registry (endpoint, path and version) like:
<server>.<domain>/foo/<image_name>:<tag>
This would be very helpful.
from ksniff.
As a small workaround. Could we maybe at least change the pullpolicy to IfNotPresent?
So we could load manually the needed image on the nodes and it would be fetch locally
from ksniff.
Yeah, I think this is a good idea. I work with a lot people using offline or somehow network-restricted clusters and copying dependent images around to satisfy a tool can be a huge pain or not an option.
ksniff would need to be modified to check the given container image has the necessary binaries (tcpdump, docker, nsenter, i think that's it).
from ksniff.
I'll work on this after some other higher priority changes (around new cri-o support) are being wrapped up.
from ksniff.
Hi!
@bostrt @segeva @eldadru
Are there any updates on this one? This would really needed for us, as we might have some restrictions of pulling images from Docker Hub, which makes us problems to use the "-p" option (that we sometime need to use).
So I really hope that this could solve that for us.
So please @bostrt @segeva @eldadru , if you have any updates on this one! ;-)
Cheers and thanks alot! :-)
from ksniff.
Hi @Makusi75, we've recently wrapped up some of the bigger changes I mentioned back in December. I'll start taking a look at this one. Its been making ksniff unusable for me too in some lab environments.
from ksniff.
Hello all,
I'd like to get some more input:
Ksniff has a 3 images that are either hard-coded in to either use docker.io
or no way to override the repo name. There's potentially a 4th image coming as microk8s support is considered.
We could add options for each (e.g. --docker-client-image
, --containerd-image
, --tcpdump-image
), but this seems a little unwieldy for both ksniff developer and users alike.
Is any one aware of more clever solutions?
Are you using private mirror registries or building alternative images yourself?
Would users need to override hostname (docker.io
), repo, image name, and potentially tag?
from ksniff.
Yes, directing to a private repository would be very helpful. It might require the ability to apply a image pull secret as well.
from ksniff.
It might require the ability to apply a image pull secret as well.
Yes good point. Thanks for mentioning that.
from ksniff.
Would it be possible to edit the manifest once the ksniff pod was created?
from ksniff.
I am required to provide an image pull secret as well as define a private registry
@jeffcouch21 thanks for the reminder about pull secret. That will be included in the feature.
Would it be possible to edit the manifest once the ksniff pod was created?
Since the ksniff Pod is deployed as Pod (not a Depoyment, etc) we can't edit it live. A viable option would be to have ksniff export Pod YAML so the user can create it manually but I'm not a fan of that at least for now. It would require considerable reworking in other parts of ksniff.
As a small workaround. Could we maybe at least change the pullpolicy to IfNotPresent?
So we could load manually the needed image on the nodes and it would be fetch locally
Yeah, I'll keep this in consideration. Right now, there's a mix-and-match of pull policies and unifying this make lead to a better experience.
Just posting this for reference: https://kubernetes.io/docs/concepts/containers/images/#updating-images
from ksniff.
Hi! @bostrt Any news about this one? When this might be implemented in some release? ;-)
Thanks! :-)
from ksniff.
Yeah. Facing the same problem with maintained/tcpdump:latest image.
from ksniff.
Hi @Makusi75 @szihai, sorry for the delay. I'm coming back around to this after recent change in day-job and long vacation :)
from ksniff.
#113 has been merged!
I would appreciate more testing from anyone else with access to environments like AKS or EKS to test.
from ksniff.
@bostrt any progress in this?
Was it more testing that was needed?
Or anybody else that got a working solution for this?
from ksniff.
Related Issues (20)
- netns return empty string so nothing is ever captured HOT 10
- can't execute 'ctr': No such file or directory HOT 3
- can't run in privileged mode
- Openshift 4.10 Mac M1 nsenter: can't execute 'tcpdump': No such file or directory
- sniff on RKE2 fails to create the ksniff pod HOT 2
- Vulnerable 3rd party libs
- Release new version HOT 1
- Add istio inject false label/annotation
- Add ARM linux based static-tcpdump HOT 1
- ksniff failing to create a privileged pod on the node with taints
- Issues running on arm64 HOT 1
- Can ksniff be used for one-time packet captures (~10 min) in production environment for debugging purposes? Apart from clean up of left over pods or containers, what else should I look into after using it for a short pcap?
- cloud storage support for sniff output
- Not able to build static-tcpdump on Ubuntu 22.04 Jammy
- Can we take tcpdump on multiple pods using ksniff ? For an example if a namespace has 4 PODs running can we take TCPDUMP on all the 4 PODs using kubectl sniff -p <pod1> <pod2> <pod3>
- 'kubectl sniff' command returning 139 exit/error code during execution. RCA required for failed attempt at packet capture so that workaround can be identified. HOT 6
- exitCode: '126' when using --tcpdump-image for an airgapped scenario HOT 1
- kubectl sniff fails with certificate error.
- Incorrect Makefile install path for kubectl >= 1.28
- K8S API client 30s timeout: request canceled (Client.Timeout exceeded while awaiting headers)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ksniff.