network-observability-cli is a lightweight Flow and Packet visualization tool.
It deploys NetObserv eBPF agent on your k8s cluster to collect flows or packets from nodes network interfaces
and streams data to a local collector for analysis and visualization.
Output files are generated under output/flow and output/pcap directories per host name
This project is still a WIP. The following list gives an overview of the current progression:
- Capture flows
- Capture packets
- Basic filter capabilities
- Advanced filter capabilities
- Testing
- Linting
- Dockerfile
- Allow switching between
kubectl/occommands
Feel free to contribute !
To run this CLI, you will need:
- A running kubernetes / OpenShift cluster
occommand installed and connected- Cluster admin rights
To build the project locally:
make buildThis will also copy resources and oc commands to the build directory.
Simply run the following command to start capturing flows:
./build/oc-netobserv-flows
It will display a table view with latest flows collected and write data under output/flow directory. To stop capturing press Ctrl-C.
PCAP generated files are compatible with Wireshark
./build/oc-netobserv-packets <filters>For example:
./build/oc-netobserv-packets "tcp,8080"
It will display a table view with latest packets collected and write data under output/pcap directory. To stop capturing press Ctrl-C.
The cleanup function will automatically remove the eBPF programs when the CLI exits. However you may need to run it manually if an error occurs.
./build/oc-netobserv-cleanupYou can add this plugin to your favorite oc commands using the following steps:
make oc-commandsThis will add oc netobserv flows and oc netobserv packets commands to your CLI.
You can verify the commands are available using:
oc plugin listIt will display as result:
The following compatible plugins are available:
...
/usr/bin/oc-netobserv-cleanup
/usr/bin/oc-netobserv-flows
/usr/bin/oc-netobserv-packets
More info on official OpenShift documentation.