This the road map of Kubeshark source tree development and this document is subject to change based on public opinion and maintainers' decisions.
Migrate to PCAP storage
Right now we store the traffic in a JSON document format after the application-layer protocol dissection step.
Storing as JSON has several disadvantages like consuming resources to dissect each individual TCP stream and expansion of the disk space needed to store the same amount of TCP packets.
Migration to PCAP will rather store the raw TCP packets, in an encrypted PCAP file. This will significantly reduce the computation that's made while capturing the packets and it will also reduce the disk usage. A subset of the TCP streams will be dissected on-demand upon querying. The dissection results will never be stored.
PCAP based storage will enable the implementation of importing/exporting PCAP files.
Add Import/Export PCAP files
Through UI and command-line, the users will be able to import or export PCAP files.
Improve UI design and performance
The front-end code requires certain improvements regarding the performance drawbacks which users can experience.
Split the codebase into multiple repositories
Move Hub, Worker and UI related code into different repositories.
Publish and maintain multiple Docker images from those repositories. Which are less frequently updated when it's compared to a monolithic image that everything is versioned together.
Implement interactive prompts
Make CLI to accept user inputs by displaying interactive and accessible prompts on terminal. Dump the survey results into a configuration YAML file into current working directory.
The survey will configure the deployment parameters such as;
- What namespace to deploy?
- What pods to cover?
- Set the BPF packet capture filter.
- Schedule a deployment.
- Set the storage location like S3 or a volume inside the cluster.
Implement a plugin system
Implement eBPF based firewalling
Expose an API for firewall configuration or scripting such that users can define a cluster-wide firewall to reject unwanted traffic.