hngopher.com

       [HN Gopher] Retina - eBPF distributed networking observability t...
       ___________________________________________________________________
        
       Retina - eBPF distributed networking observability tool for
       Kubernetes
        
       Author : boratanrikulu
       Score  : 44 points
       Date   : 2024-03-19 19:54 UTC (3 hours ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | maxboone wrote:
       | Probably this means it's not for me, but what is this useful for?
       | 
       | Anyone using this in their prod set-up and has a scenario where
       | they found this useful?
        
         | p_l wrote:
         | Just today at $DAYJOB we had a complaint that one teams Azure
         | Kubernetes clusters was "slow". About only metric out of norm
         | was network traffic - but lack of detailed instrumentation
         | meant we couldn't really isolate the cause to specific
         | container or process
        
         | nijave wrote:
         | Haven't used this but I tried out Pixie trying to debug where
         | outgoing traffic was coming from and where it was going and was
         | fairly successful although Pixie wasn't very stable/had a lot
         | of issues causing crashes.
         | 
         | In this case, we had a couple services talking to 3rd party
         | services running on AWS so it wasn't obvious from generic flow
         | logs.
         | 
         | I also used Lacework a couple years ago which is eBPF based and
         | it was pretty trivial to see things phoning home or one off
         | maintenance where a new connection was being initiated.
        
         | FridgeSeal wrote:
         | It's like Cilium + Hubble but useful for you don't/can't run
         | cilium. Uses eBPF to collect metrics and stats on what flows
         | where, can record an impressive amount of stuff, without any
         | required instrumentation of your applications. Amazingly handy
         | for when you run both first party and 3rd party apps in your
         | K8s cluster. The network maps these tools produce are handy
         | too.
         | 
         | Although, Cilium is pretty great, so not sure why you wouldn't
         | run it, given the option...
        
           | hosh wrote:
           | Cillium has been bought out by Cisco, so its monetization is
           | only a matter of time.
           | 
           | Also, not everyone needs to implement a service mesh.
        
       | orisho wrote:
       | See also: Network Mapper - low privileges, no-eBPF network
       | observability tool for K8s
       | 
       | https://news.ycombinator.com/item?id=39761114
        
       ___________________________________________________________________
       (page generated 2024-03-19 23:00 UTC)