trace_sni
The trace_sni gadget tracks Server Name Indication (SNI) from TLS requests.
Getting started
Running the gadget:
- kubectl gadget
- ig
$ kubectl gadget run ghcr.io/inspektor-gadget/gadget/trace_sni:latest [flags]
$ sudo ig run ghcr.io/inspektor-gadget/gadget/trace_sni:latest [flags]
Guide
- kubectl gadget
- ig
Run the gadget in a terminal:
$ kubectl gadget run trace_sni:latest
K8S.NODE K8S.NAMESPACE K8S.PODNAME K8S.CONTAINERNAME COMM PID TID NAME
Run a pod on a different terminal and perform some requests:
$ kubectl run -it ubuntu --image ubuntu:latest -- /bin/bash
root@ubuntu:/# apt update && apt install -y wget && wget wikimedia.org
(...)
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.wikimedia.org/ [following]
(...)
root@ubuntu:/# wget www.github.com
(...)
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://github.com/ [following]
(...)
Go back to the terminal where the gadget is running. The requests will be logged by the gadget:
K8S.NODE K8S.NAMESPACE K8S.PODNAME K8S.CONTAINERNAME COMM PID TID NAME
minikube-docker default ubuntu ubuntu wget 693742 693742 wikimedia.org
minikube-docker default ubuntu ubuntu wget 693742 693742 www.wikimedia.org
Start the gadget in a terminal:
$ sudo ig run trace_sni:latest --containername test-trace-sni
RUNTIME.CONTAINERNAME COMM PID TID NAME
Launch a container (in another terminal) that makes requests:
$ docker run -it --name test-trace-sni busybox /bin/sh -c "wget https://example.com"
Go back to the terminal where the gadget is running. The requests will be logged by the gadget:
RUNTIME.CONTAINERNAME COMM PID TID NAME
test-trace-sni wget 697854 697854 example.com
We can see that each time our wget client connected to a different
server, our tracer caught the Server Name Indication requested.
Congratulations! You reached the end of this guide! You can now delete the pod you created:
- kubectl gadget
- ig
$ kubectl delete pod ubuntu
$ docker rm -f test-trace-sni