otterize / network-mapper

Map Kubernetes traffic: in-cluster, to the Internet, and to AWS IAM and export as text, intents, or an image
Apache License 2.0
614 stars 24 forks source link

Not able to grab pod-to-Internet traffic #250

Open dotdc opened 3 weeks ago

dotdc commented 3 weeks ago

Hi 👋

Just tested network-mapper and while it seems to have worked for pod-to-pod traffic, I didn't manage to grab pod-to-Internet traffic.

According to the project' README.md:

Maps pod-to-pod traffic, pod-to-Internet traffic, and even AWS IAM traffic, with zero-config.

I've installed the helm chart and used:

otterize mapper list -n mynamespace

Is there anything I could have missed in order to grab pod-to-Internet traffic? Is there any limitations that I should be aware of? Is there keywords that I could use to better search the project? (tried several things including this) Do you have any other recommendations?

Thank you in advance!

orishoshan commented 3 weeks ago

Hey @dotdc!

Unfortunately, you're right - you can't export Internet intents using otterize mapper commands, which don't interact with Otterize Cloud (they are designed to function offline). Internet intents were designed to combine with other features which are only possible on the Cloud, for example - cross-cluster traffic by matching Ingress resources in one cluster to Internet intents in another.

So far, most of our users and customers were happy to use the Cloud for Internet intents, but it's possible for us to invest some time into making some of the capabilities of Internet intents available without the Cloud - it's just not been a popular request so far.

If you are looking to automatically alert on or update Internet intents using otterize mapper export, some users are achieving that using Otterize Cloud's Slack integration or GitHub & GitLab integrations. Can you tell me a bit more about what you're trying to achieve - are you trying to do a one-time listing of traffic, or implement some workflow with Internet intents?

dotdc commented 3 weeks ago

Hi @orishoshan,

Thank you for the quick response! I'm currently exploring different approaches to map pod traffic and generate Kubernetes network policies for existing services. We've tried to do so with manifest analysis, DNS queries, and Istio, but the process is not amazing...

I am looking for a tool that can assist in generating these policies or, at the very least, help us develop our own tool by building upon it.

If you have any recommendations or insights, that would be greatly appreciated!