Kubeshark (formerly Mizu) is an observability and monitoring tool that captures all the network traffic inside a Kubernetes cluster, including ingress, egress and across containers and pods.

Kubeshark can even capture and display the encrypted (TLS) traffic using various Linux kernel technologies. It supports a wide variety of application layer protocols and RPCs like gRPC, GraphQL, etc.

Kubeshark is open-source and free to use. It has a large userbase.

We recently renamed the project from "Mizu" to "Kubeshark". Please give Kubeshark a shout-out. It's a carefully crafted tool by a handful of Kubernetes enthusiasts for Kubernetes enthusiasts!

Can you talk about the problems it solves for your users? What are the use cases, and why would someone want to use this tool?

Traffic mapping naturally. A core pattern within Zero Trust and Cyber Security.

What does Zero Trust have to do with traffic mapping?

Visibility and analytics is a key component of zero trust... but the comment above seems to forget that the core concept of zero trust is about any person, device, or application trying to access a network cannot be trusted until authenticated and verified... this should mean using strong identity (e.g., x509) and authentication-before-connect, not trusting or allowing network identity such as IP/DNS/ports.

Love it, already shared it on Slack :)

Great name!

Really cool. Have previously used proxies/tcpdump to debug a bunch of traffic. This is going to be a useful tool in the toolkit for Kubernetes operators.

A way to measure and limit (and eventually suspend/unsuspend) the bandwidth of any service, ingress or container etc would be great to have in K8.

This is very cool and really needed, can't wait to try it out.

One benefit of terminating SSL at the load balancer is that you can read the http traffic sent to your pods. But for those that have SSL terminating at their pods, it would be cool if this tool could be given the SSL certificates of the pods so it can decipher https traffic.

Just private key is not enough bc of PFS - you need to intercept key exchange to grab a temporary session key

One option is to use ebpf uprobes to dump the key material or plaintext (https://github.com/ehids/ecapture ). Should be easy for c-like TLS libraries probably less useful for JIT languages.

Solid point. Didn't realize that.

TLS termination before the destination? Oof, are you running Cloudflare?

Cloud Load Balancers in general have limited feature sets or don't work at all without handling TLS termination.

Terminating TLS on the LB doesn't preclude you from also using TLS or mTLS internally though.

Huh, I was really confused at first because the screenshot was the first thing I looked at and thought that it looks exactly like mizu, which I found and used the first time last week. What a coincidence!

I was expecting to see Gerald Combs from Sysdig here. Interesting to not.

Has anyone tried this with a tilt setup?