Goal: Configure packet capture for specific pods and review captured payload.
Calico enterprise/cloud provide enhanced packet capture feature for DevOps troubleshooting. Packet captures are Kubernetes Custom Resources and thus native Kubernetes RBAC can be used to control which users/groups can run and access Packet Captures; this may be useful if Compliance or Governance policies mandate strict controls on running Packet Captures for specific workloads. This demo is simplified without RBAC but further details can be found here.
- Initial packet capture job from manager UI.
- Schedule the packet capture job with specific port.
- You will see the job scheduled in service graph.
- Download the pcap file once the job is
CapturingorFinished.
Calicocloud provide pre-defined role in
manage team - userwhichviwerdoesn't have permissions toget/listPacket Capture resource.
- Add one of your team members in this calicocloud management plane.
- Confirm they accept your invite.
- Use their email address to login calicocloud UI and confirm they cannot fetch or create any packet capture jobs.
