Map Kubernetes traffic: in-cluster, to the Internet, and to AWS IAM and export as text, intents, or an image
Apache License 2.0
612
stars
23
forks
source link
Fix rare issue concerning captures going stale on the AWS VPC CNI, as well as auto-resolve addresses with no currently seen DNS traffic in the cluster #242
Before this PR, if an EC2 ENI was added to a node after the fact, we might have missed it. This was due to how we were opening separate captures for each interface, instead of capturing on "any". This was done to reduce the permissions required by the network mapper. However, since we are adding eBPF support, the mapper will need to be privileged regardless, so this is changed.
Because of this change, this needs to be a breaking change, reflecting in the semver and a matching Helm chart change.
Before this PR, if an EC2 ENI was added to a node after the fact, we might have missed it. This was due to how we were opening separate captures for each interface, instead of capturing on "any". This was done to reduce the permissions required by the network mapper. However, since we are adding eBPF support, the mapper will need to be privileged regardless, so this is changed.
Because of this change, this needs to be a breaking change, reflecting in the semver and a matching Helm chart change.