doc: KinD, kube-proxy port forwarding

Signed-off-by: thediveo <[email protected]>
siemens · Apr 23, 2024 · e9f4759 · e9f4759
1 parent e2c7591
commit e9f4759
Show file tree

Hide file tree

Showing 6 changed files with 42 additions and 4 deletions.
diff --git a/docs/_images/kind-portfwd.png b/docs/_images/kind-portfwd.png
diff --git a/docs/_sidebar.md b/docs/_sidebar.md
@@ -20,6 +20,7 @@
   * [Wireshark](capture-extcap)
   * [CLI](capture-cli)
 * [Docker Desktop](docker-desktop)
+* [KinD](kind)
 * [Settings](settings)
 * [Network Namespaces](netns)
 * [FAQ](faq)

diff --git a/docs/containees.md b/docs/containees.md
@@ -18,7 +18,7 @@ process (currently) attached to them. But without a process or a file system
 anchor, network namespaces will simply vanish -- and even our <Brand/> won't be
 able to detect any trace of them anymore.
 
-> [!TIP] Clicking a containee "badge" (button) navigates to a [detailed view](/details) of
+> [!TIP] Clicking a containee "badge" (button) navigates to a [detailed view](details) of
 > the network namespace (virtual IP stack) this particular container, process,
 > ... is currently attached to.
 

diff --git a/docs/introduction.md b/docs/introduction.md
@@ -7,7 +7,7 @@
 **Edgeshark** visualizes the communication of containers and thus helps in
 diagnosing it, both in-between containers as well as with the "outside world".
 It can be deployed to Linux stand-alone container hosts, including
-[KinD](https://kind.sigs.k8s.io/) deployments. Edgeshark also supports capturing
+[KinD](kind) deployments. Edgeshark also supports capturing
 container traffic using [Wireshark](https://wireshark.org). Another natural
 habitat of Edgeshark are [Siemens Industrial
 Edge](https://new.siemens.com/global/en/products/automation/topic-areas/industrial-edge.html)
@@ -27,7 +27,7 @@ Things you can do with Edgeshark:
 
 - comfortably capture live container network traffic in
   [Wireshark](https://wireshark.org), using the [csharg external capture
-  plugin](/getting-started#optional-capture-plugin) for Wireshark. This
+  plugin](getting-started#optional-capture-plugin) for Wireshark. This
   Wireshark plugin is available for:
   - Linux AMD64/x86-64 and ARM64: Alpine, AUR, Debian/Ubuntu DEB, RPM, plain binary,
   - macOS AMD64/x86-64 and ARM64, and

diff --git a/docs/kind.md b/docs/kind.md
@@ -0,0 +1,37 @@
+# KinD
+
+[Kubernetes-in-Docker ("KinD")](https://kind.sigs.k8s.io/) is a tool to run
+local Kubernetes clusters inside Docker containers. Edgeshark comes with
+KinD/Kubernetes awareness built-in and it **does not access** the Kubernetes
+control plane API. Instead, it notices special KinD markers on "node
+containers". Moreover, Edgeshark detects the presence of [CRI "Container Runtime
+Interface"](https://github.com/kubernetes/cri-api) API endpoints and uses it
+with [containerd](https://containerd.io/) and [cri-o](https://cri-o.io/) to
+discover the pod and container workload.
+
+Please note that Edgeshark requires the [event-based container status updates
+("Evented PLEG")
+API](https://kubernetes.io/docs/tasks/administer-cluster/switch-to-evented-pleg/)
+to be enabled. KinD as of v0.22 or later fits the bill right out of the box.
+
+## kube-proxy
+
+The [Kubernetes network
+proxy](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/)
+runs on each Kubernetes node and configures port forwardings to cluster
+services, based on the deployed services. Edgeshark then discovers these port
+forwardings in the packet filtering and forwarding rules of
+[nftables](https://wiki.nftables.org/wiki-nftables/index.php/What_is_nftables%3F)
+(more specific, the "xtables" legacy infrastructure).
+
+The service address/port forwardings can be seen when switching into the [detail
+view](details) of a KinD "cluster node" container.
+
+![kube-proxy port forwarding](_images/kind-portfwd.png ':class=scrshot')
+
+This screenshot shows port forwardings for the k8s API, the cluster DNS
+resolvers, and finally the health monitoring of the DNS resolvers – in an
+"empty" KinD single node cluster, right after `kind create cluster`.
+
+> [!NOTE] Detection of port forwardings in KinD on WSL2 is currently
+> **unsupported**.
diff --git a/docs/nifs.md b/docs/nifs.md
@@ -87,7 +87,7 @@ Edgeshark marks network interfaces in promiscuous mode with
 
 ## Network Interface Information
 
-When in a [detail view](/details), you'll see 🛈 buttons next to the network
+When in a [detail view](details), you'll see 🛈 buttons next to the network
 interfaces, just above the interface addresses. When touching or clicking an 🛈
 button, Edgeshark shows a dialog box with additional (driver) information about
 the network interface, such as the type (kind) of network interface, its driver