Skip to content

Commit

Permalink
Daemoset yaml to capture dns packets from specific compartment.
Browse files Browse the repository at this point in the history
  • Loading branch information
@princepereira
princepereira committed May 19, 2023
1 parent f08b6f3 commit be9de23
Show file tree
Hide file tree
Showing 2 changed files with 149 additions and 0 deletions.
108 changes: 108 additions & 0 deletions Kubernetes/windows/debug/dnsmonitor/StartDnsPktCapture2019.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: start-dns-pkt-capture
labels:
app: start-dns-pkt-capture
spec:
selector:
matchLabels:
name: start-dns-pkt-capture
template:
metadata:
labels:
name: start-dns-pkt-capture
spec:
securityContext:
windowsOptions:
hostProcess: true
runAsUserName: "NT AUTHORITY\\SYSTEM"
hostNetwork: true
containers:
- name: start-dns-pkt-capture
image: mcr.microsoft.com/windows/nanoserver:1809
command:
- powershell.exe
- -command
- |
$podPrefix = "tcp-server"
$pktmonLogs = "C:\pktmonLogs"
Write-Host "Stop pktmon if running..."
pktmon stop
$pods = (crictl pods -o json | ConvertFrom-Json).items
$podIPs = @()
$macAddrs = @()
foreach($pod in $pods) {
if($pod.metadata.name -like "$podPrefix*") {
$podInspect = (crictl inspectp $pod.id | ConvertFrom-Json)
$podIP = $podInspect.status.network.ip
$podIPs += $podIP
$macAddrs += (Get-HnsEndpoint | where IPAddress -EQ $podIP).MacAddress
}
}
if(($macAddrs).Count -Eq 0) {
Write-Host "No matching pods. No mac addresses found..."
While($true) {
Start-Sleep -Seconds 60
}
return
}
Write-Host "POD IPS : $podIPs"
Write-Host "MAC ADDRESSES : $macAddrs"
$compIds = ""
foreach($mac in $macAddrs) {
$grepped = pktmon list | Select-String $mac
$compId = $grepped.ToString().Split(" ")[3]
if($compId -ne "") {
if($compIds -eq "") {
$compIds = $compId
} else {
$compIds += ","
$compIds += $compId
}
}
}
if($compIds -Eq "") {
Write-Host "No matching pods. No component IDs found..."
While($true) {
Start-Sleep -Seconds 60
}
return
}
Write-Host "COMPONENT IDS : $compIds"
Write-Host "Removing all pktmon filters if anything existing..."
pktmon filter remove
Write-Host "Create DNS Port filter..."
pktmon filter add DNSFilter -p 53
Write-Host "Create a directory for pktmon logs..."
remove-item -Recurse -Force $pktmonLogs -ErrorAction Ignore
mkdir $pktmonLogs
Set-Location $pktmonLogs
Write-Host "Start pktmon. Command : [pktmon start -c --comp $compIds --pkt-size 0 -m multi-file] ..."
pktmon start -c --comp $compIds --pkt-size 0 -m multi-file
Write-Host "Logs will be available in $pktmonLogs"
While($true) {
Start-Sleep -Seconds 21600
Write-Host "Stop pktmon if running..."
pktmon stop
}
securityContext:
privileged: true
nodeSelector:
kubernetes.azure.com/os-sku: Windows2019
41 changes: 41 additions & 0 deletions Kubernetes/windows/debug/dnsmonitor/StopDnsPktCapture2019.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: stop-dns-pkt-capture
labels:
app: stop-dns-pkt-capture
spec:
selector:
matchLabels:
name: stop-dns-pkt-capture
template:
metadata:
labels:
name: stop-dns-pkt-capture
spec:
securityContext:
windowsOptions:
hostProcess: true
runAsUserName: "NT AUTHORITY\\SYSTEM"
hostNetwork: true
containers:
- name: stop-dns-pkt-capture
image: mcr.microsoft.com/windows/nanoserver:1809
command:
- powershell.exe
- -command
- |
$pktmonLogs = "C:\pktmonLogs"
Write-Host "Stop pktmon if running..."
pktmon stop
Write-Host "Pktmon stopped. Logs will be available in : $pktmonLogs ..."
While($true) {
Start-Sleep -Seconds 600
}
securityContext:
privileged: true
nodeSelector:
kubernetes.azure.com/os-sku: Windows2019

0 comments on commit be9de23

Please sign in to comment.