search

otterize / network-mapper

Map Kubernetes traffic: in-cluster, to the Internet, and to AWS IAM and export as text, intents, or an image
Apache License 2.0
612 stars 23 forks source link

Track pod's hostnames to mitigate false results on IP address reuse #120

Closed roekatz closed 1 year ago

roekatz commented 1 year ago

Description

On loaded clusters with small range of pod ip addresses, pods can reuse IP addresses in relatively short periods of times. When that happens, it triggers a sort of "time of set - time of use" bug: The sniffer detects traffic from a certain IP at a current time. The mapper would eventually get that report and try to resolve the IP address to a pod name, at that point the address could belong to a newer pod (but that shouldn't cause an issue because we check the creation time). or more seriously, the mapper would use a not yet updated cache and link the traffic to a pod that doesn't exist anymore.

This PR gets the hostname of the container responsible for the traffic at realtime (in addition to its IP address). The hostname should always be the same as the pod name, therefor the mapper uses it to verify it found the right pod.

References

Testing

Checklist

github-actions[bot] commented 1 year ago

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

roekatz commented 1 year ago

I have read and understood the CLA and hereby agree to its terms by making this Pull Request Comment.

roekatz commented 1 year ago

recheck