Feature/kubeshark

docs/addons/index.md

@@ -59,6 +59,7 @@ The framework currently supports the following add-ons.
 | [`KarpenterAddOn`](./karpenter.md)                                     | Adds [Karpenter](https://github.com/awslabs/karpenter) support for Amazon EKS.                                                         | ✅ | ✅ |
 | [`KubeProxyAddOn`](./kube-proxy.md)                                    | Adds kube-proxy Amazon EKS add-on. Kube-proxy maintains network rules on each Amazon EC2 node.                                         | ✅ | ✅ |
 | [`KubeStateMetricsAddOn`](./kube-state-metrics.md)                  | Adds [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics) into the EKS cluster.                                          | ✅ | ✅ |
+| [`KubesharkAddOn`](./kubeshark.md)       | [Deep visibility and monitoring of all API traffic](https://github.com/kubeshark/kubeshark)                  | ✅ | ✅ |
 | [`MetricsServerAddOn`](./metrics-server.md)                               | Adds metrics server (pre-req for HPA and other monitoring tools).                                                                      | ✅ | ✅ |
 | [`NewRelicAddOn`](./newrelic.md)                                       | Adds [New Relic](https://newrelic.com/) and [Pixie](https://pixielabs.ai/) observability for Amazon EKS.                               | ✅ | 
 | [`NginxAddOn`](./nginx.md)                                             | Adds NGINX ingress controller  | ✅ | ✅ |                                                                                                        |
@@ -79,7 +80,6 @@ The framework currently supports the following add-ons.
 | [`XrayAdotAddOn`](./xray-adot-addon.md)                                   | Deploys ADOT Collector for Xray to receive traces from your workloads.                                                                 | ✅ | ✅ |
 | [`GmaestroAddOn`](./gmaestro.md) | Adds [gMaestro](https://app.granulate.io/gMaestroSignup) cost optimization solution for EKS cluster.                                                                         |
 | [`EksPodIdentityAgentAddOn`](./eks-pod-identity-agent.md)       | [Setting up the EKS Pod Identity Agent](https://docs.aws.amazon.com/en_ca/eks/latest/userguide/pod-id-agent-setup.html)                  | ✅ | ✅ |
-
 # Standard Helm Add-On Configuration Options
 
 Many add-ons leverage helm to provision and maintain deployments. All provided add-ons that leverage helm allow specifying the following add-on attributes:

docs/addons/kubeshark.md

@@ -0,0 +1,123 @@
+# Kubeshark AddOn
+
+[kubeshark](https://github.com/kubeshark/kubeshark)  is an API Traffic Analyzer for Kubernetes providing real-time, protocol-level visibility into Kubernetes’ internal network, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters.
+
+Kubeshark provide Real-time monitoring for all traffic going in, out and across containers, pods, namespaces, nodes and clusters, which allow you to pinpoint and resolve issues efficiently, ensuring stable network performance and enhancing application success in Kubernetes environments and identifying complex networking issue.
+
+## Usage
+1. import kubeshark
+```
+npm i kubeshark
+```
+2. import it in your `blueprint.ts`
+```
+import { KubesharkAddOn } from 'kubeshark';
+```
+
+3. include the addon
+```
+    new KubesharkAddOn({})  // Provide an empty object if no specific properties are needed
+```
+
+
+### Full example **`index.ts`**
+```typescript
+import * as cdk from 'aws-cdk-lib';
+import * as blueprints from '@aws-quickstart/eks-blueprints';
+import { KubesharkAddOn } from 'kubeshark';
+
+const app = new cdk.App();
+const account = '1234123412341';
+const region = 'us-east-1';
+const version = 'auto';
+
+blueprints.HelmAddOn.validateHelmVersions = true; // optional if you would like to check for newer versions
+
+const addOns: Array<blueprints.ClusterAddOn> = [
+    new blueprints.addons.MetricsServerAddOn(),
+    new blueprints.addons.ClusterAutoScalerAddOn(),
+    new blueprints.addons.AwsLoadBalancerControllerAddOn(),
+    new blueprints.addons.VpcCniAddOn(),
+    new blueprints.addons.CoreDnsAddOn(),
+    new blueprints.addons.KubeProxyAddOn(),
+    new KubesharkAddOn({})  // Provide an empty object if no specific properties are needed
+];
+
+const stack = blueprints.EksBlueprint.builder()
+    .account(account)
+    .region(region)
+    .version(version)
+    .addOns(...addOns)
+    .useDefaultSecretEncryption(true) // set to false to turn secret encryption off (non-production/demo cases)
+    .build(app, 'eks-blueprint');```
+```
+## validate the deployment
+Once deployed, you can see kubeshark pod in the `kube-system` namespace.
+
+```sh
+$ kubectl get deployments -n kube-system
+
+NAME                                                          READY   UP-TO-DATE   AVAILABLE   AGE
+blueprints-addon-kubeshark                               1/1     1            1           20m
+```
+
+## Functionality
+
+1. Deploys the kubeshark helm chart in `kube-system` namespace by default.
+2. Supports [standard helm configuration options](./index.md#standard-helm-add-on-configuration-options).
+3. Supports `createNamespace` configuration to deploy the addon to a customized namespace.
+
+## Access Kubeshark
+
+Apply the kubernetes dashboard manifest.
+
+```sh
+$ kubectl -n kube-system port-forward svc/kubeshark-front 3000:80
+```
+
+Open the [dashboard](http://localhost:3000)
+
+Then you should be able to see view like this
+![dashboard](https://raw.githubusercontent.com/kubeshark/assets/master/png/kubeshark-ui.png)
+
+
+## Example
+
+1.) deploy nginx pod using the below command.
+```
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+EOF
+```
+
+
+2.) Try to access "aws.com" to generate traffic flow using the below command.
+```
+kubectl exec nginx curl https://aws.com
+```
+
+
+3.) Access kubeshark using the below command.
+```
+kubectl -n kube-system port-forward svc/kubeshark-front 3000:80
+```
+
+
+4.) Run Kubeshark query to identify the traffic flow.
+```
+(src.pod.metadata.name == "nginx" or dst.pod.metadata name == "nginx") and request.questions[0].name == "aws.com" or (src.name == "nginx" and src.namespace == "default" and dst.name == "kube-dns" and dst.namespace == "kube-system")
+```
+
+As shown below, the Kubeshark query used to identify the traffic flowing from the pod "nginx" in the "default" namespace to "aws.com" and "coredns". The query is writen by [Kubeshark Filter Language (KFL)](https://docs.kubeshark.co/en/filtering#kfl-syntax-reference) is the language implemented inside kubeshark/worker that enables the user to filter the traffic efficiently and precisely.
+
+![query](https://github.com/zghanem0/kubeshark/blob/main/api.png?raw=true)
+
+Also you can visualize the traffic flow and bandwidth using service map feature as shown below.
+![Service Map](https://github.com/zghanem0/kubeshark/blob/main/map.png?raw=true)

lib/addons/index.ts

@@ -63,4 +63,4 @@ export * from './neuron';
 
 export class Constants {
     public static readonly BLUEPRINTS_ADDON = "blueprints-addon";
-}
+}

mkdocs.yml

@@ -68,6 +68,7 @@ nav:
     - Kubecost: 'addons/kubecost.md'
     - Kubeflow: 'addons/kubeflow.md'
     - KubeRay Operator: 'addons/kuberay-operator.md'
+    - Kubeshark: 'addons/kubeshark.md'
     - Kubevious: 'addons/kubevious.md'
     - Kube State Metrics: 'addons/kube-state-metrics.md'
     - Metrics Server: 'addons/metrics-server.md'