What problem are you trying to solve?
It is difficult to debug what is happening to the network traffic for workloads on Kubernetes. Linkerd provides tap and stat to provide some glimpses into what's happening. Many times, this is enough. Unfortunately, when low level problems and protocol issues crop up, the existing tools are not enough. This causes users to inject the debug container and tcpdump traffic on a pod by pod basis.
How should the problem be solved?
Add PCAP-NG as an export format for tap. This can then be dumped locally or forwarded to Wireshark for analysis and debugging.
grampelberg
All 5 comments
Got linked here by @grampelberg.
We think it would be great to have pcap-ng files when having serious problems.
For more mundane problems it would be nice to have -format=HTTP
This would just dump headers, request body, response body, response codes etc in plain text
tobad357
on 15 May 2020
@tobad357 I assume we'd use tap for that. The reason we're thinking pcap-ng isn't for the files, but to pipe it into other tools. Imagine taking a stream from linkerd and piping it into tshark. Then you'd be able to get all the text output you want and slice and dice it as you see fit. There's just so much UI around doing analysis, it feels like we should lean on the tools that do an awesome job with it.
grampelberg
on 15 May 2020
Sounds like a good way of doing it. I didn't know about tshark and was more envisioning needing wireshark at some complete inopportune moment :)
tobad357
on 15 May 2020
is anyone working on this?
adnxn
on 24 Dec 2020
@adnxn We haven't been working on this. Tools like ksniff do this pretty well without us having to add overhead to the proxy. At this point I'd be somewhat reticent to add this feature directly to Linkerd...
olix0r
on 26 Dec 2020
Related issues
ihcsim
路
4Comments
miklezzzz
路
3Comments
zaharidichev
路
4Comments
geekmush
路
4Comments
tustvold
路
4Comments