Skip to content

Commit be9de23

Browse files
committed
Daemoset yaml to capture dns packets from specific compartment.
1 parent f08b6f3 commit be9de23

File tree

2 files changed

+149
-0
lines changed

2 files changed

+149
-0
lines changed
Lines changed: 108 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,108 @@
1+
apiVersion: apps/v1
2+
kind: DaemonSet
3+
metadata:
4+
name: start-dns-pkt-capture
5+
labels:
6+
app: start-dns-pkt-capture
7+
spec:
8+
selector:
9+
matchLabels:
10+
name: start-dns-pkt-capture
11+
template:
12+
metadata:
13+
labels:
14+
name: start-dns-pkt-capture
15+
spec:
16+
securityContext:
17+
windowsOptions:
18+
hostProcess: true
19+
runAsUserName: "NT AUTHORITY\\SYSTEM"
20+
hostNetwork: true
21+
containers:
22+
- name: start-dns-pkt-capture
23+
image: mcr.microsoft.com/windows/nanoserver:1809
24+
command:
25+
- powershell.exe
26+
- -command
27+
- |
28+
$podPrefix = "tcp-server"
29+
$pktmonLogs = "C:\pktmonLogs"
30+
31+
Write-Host "Stop pktmon if running..."
32+
pktmon stop
33+
34+
$pods = (crictl pods -o json | ConvertFrom-Json).items
35+
$podIPs = @()
36+
$macAddrs = @()
37+
38+
foreach($pod in $pods) {
39+
if($pod.metadata.name -like "$podPrefix*") {
40+
$podInspect = (crictl inspectp $pod.id | ConvertFrom-Json)
41+
$podIP = $podInspect.status.network.ip
42+
$podIPs += $podIP
43+
$macAddrs += (Get-HnsEndpoint | where IPAddress -EQ $podIP).MacAddress
44+
}
45+
}
46+
47+
if(($macAddrs).Count -Eq 0) {
48+
Write-Host "No matching pods. No mac addresses found..."
49+
While($true) {
50+
Start-Sleep -Seconds 60
51+
}
52+
return
53+
}
54+
55+
Write-Host "POD IPS : $podIPs"
56+
Write-Host "MAC ADDRESSES : $macAddrs"
57+
58+
$compIds = ""
59+
60+
foreach($mac in $macAddrs) {
61+
$grepped = pktmon list | Select-String $mac
62+
$compId = $grepped.ToString().Split(" ")[3]
63+
if($compId -ne "") {
64+
if($compIds -eq "") {
65+
$compIds = $compId
66+
} else {
67+
$compIds += ","
68+
$compIds += $compId
69+
}
70+
}
71+
}
72+
73+
if($compIds -Eq "") {
74+
Write-Host "No matching pods. No component IDs found..."
75+
While($true) {
76+
Start-Sleep -Seconds 60
77+
}
78+
return
79+
}
80+
81+
Write-Host "COMPONENT IDS : $compIds"
82+
83+
Write-Host "Removing all pktmon filters if anything existing..."
84+
pktmon filter remove
85+
86+
Write-Host "Create DNS Port filter..."
87+
pktmon filter add DNSFilter -p 53
88+
89+
Write-Host "Create a directory for pktmon logs..."
90+
remove-item -Recurse -Force $pktmonLogs -ErrorAction Ignore
91+
mkdir $pktmonLogs
92+
Set-Location $pktmonLogs
93+
94+
Write-Host "Start pktmon. Command : [pktmon start -c --comp $compIds --pkt-size 0 -m multi-file] ..."
95+
pktmon start -c --comp $compIds --pkt-size 0 -m multi-file
96+
97+
Write-Host "Logs will be available in $pktmonLogs"
98+
99+
While($true) {
100+
Start-Sleep -Seconds 21600
101+
Write-Host "Stop pktmon if running..."
102+
pktmon stop
103+
}
104+
105+
securityContext:
106+
privileged: true
107+
nodeSelector:
108+
kubernetes.azure.com/os-sku: Windows2019
Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
apiVersion: apps/v1
2+
kind: DaemonSet
3+
metadata:
4+
name: stop-dns-pkt-capture
5+
labels:
6+
app: stop-dns-pkt-capture
7+
spec:
8+
selector:
9+
matchLabels:
10+
name: stop-dns-pkt-capture
11+
template:
12+
metadata:
13+
labels:
14+
name: stop-dns-pkt-capture
15+
spec:
16+
securityContext:
17+
windowsOptions:
18+
hostProcess: true
19+
runAsUserName: "NT AUTHORITY\\SYSTEM"
20+
hostNetwork: true
21+
containers:
22+
- name: stop-dns-pkt-capture
23+
image: mcr.microsoft.com/windows/nanoserver:1809
24+
command:
25+
- powershell.exe
26+
- -command
27+
- |
28+
$pktmonLogs = "C:\pktmonLogs"
29+
30+
Write-Host "Stop pktmon if running..."
31+
pktmon stop
32+
33+
Write-Host "Pktmon stopped. Logs will be available in : $pktmonLogs ..."
34+
While($true) {
35+
Start-Sleep -Seconds 600
36+
}
37+
38+
securityContext:
39+
privileged: true
40+
nodeSelector:
41+
kubernetes.azure.com/os-sku: Windows2019

0 commit comments

Comments
 (0)