This repository contains the Cluster Edition of the Kyanos traffic capture tool, specifically designed for Kubernetes cluster environments. It follows a 1 Server + n Clients architecture, enabling efficient distributed traffic data capture across the cluster with centralized analysis.
You can directly apply and deploy using the yaml files in the directory. The image can either be a locally built image or one from a remote repository.
moppyz/ns-server:v0.1
moppyz/ns-client:v0.1
-
In the Client Pod, simply run the Kyanos command-line tool to start capturing traffic. The parameters are the same as the original Kyanos tool, with the main difference being that the captured data is sent to the MySQL database on the server for storage.
-
On the Server side, you can query the traffic data captured by the Client using SQL statements for analysis:
mysql -u root -p # Initial password: rootpwd -
Use the
./ns-ctltool to access the MySQL database and analyze the data collected by Kyanos:
The tool is designed using a Server-Client architecture:
-
1 Server + n Clients: The Server acts as the central hub for data aggregation and analysis, while multiple Clients are deployed across the cluster nodes to capture traffic.
Component architecture diagram:
The captured data is sent from the Clients to the Server via the service (SVC) deployed on the Server.
-
Kubernetes Integration: Simplified deployment and management through Kubernetes YAML configuration files:
- Client Deployment: A DaemonSet (DS) is used to deploy a Client on each node, ensuring traffic capture on every node in the cluster.
- Server Deployment: The Server is deployed using a Deployment, supporting horizontal scaling to handle high traffic loads.
-
Privileged Pods: The Clients leverage Kubernetes privileged Pods to capture traffic from all types of traffic, including container traffic, ensuring data collection across all nodes in the cluster.
-
Temporary Database: The traffic data captured by the Clients is temporarily stored in the Server's database for subsequent analysis.
v1.0.0 - Successfully validated and deployed in a real environment.
- server -
ns-server - ctl -
ns-ctl - client - Root directory
The following features and improvements are planned for future versions:
- The current eBPF functionality is based on the Kyanos library but still has room for performance and flexibility improvements. We are working on optimizing eBPF to better support traffic capture in large-scale clusters.
- A SQL Web GUI will be added to the Server in future versions, allowing users to query and analyze captured traffic data through a web interface. This feature will provide an intuitive, user-friendly experience for real-time data analysis.
- We will continue to improve compatibility with different Kubernetes versions and cloud-native environments, ensuring the tool runs seamlessly across various Kubernetes clusters.
- We plan to conduct comprehensive performance benchmarking, evaluating the tool's performance across different cluster sizes, and optimize for potential bottlenecks to ensure efficient production use.
- Scalable Deployment Architecture: Easily deployable and scalable in Kubernetes clusters, supporting large-scale distributed deployments with zero intrusion.
- Distributed Traffic Capture: Clients use privileged Pods to capture network traffic from each node (including containers), ensuring comprehensive data collection across the entire cluster.
- Centralized Data Collection: All captured traffic data is stored in a temporary database on the Server for easy access and analysis.
- Customizable and Extensible: The tool allows users to define custom traffic capture rules and data processing methods to fit specific use cases.
This project was developed on a cloud-hosted Debian 12.0 instance and requires a basic understanding of eBPF and Go programming. The following resources may be helpful: