Skip to main content

Introducing local agents

· 2 min read

Spider now facilitate local development with the introduction of local agents.

Any user may be given local agents (Controller, Whisperer, Gocipher) to observe the communications of his developments running locally.

Design

Architecture.png

  • Controller & Gocipher are deployed in same namespace
    • Controller watches Kubernetes state with its API
    • Gocipher captures TLS secrets from your Kernel
  • Controller spawns Whisperer instances on your workloads on demand
    • Whisperers capture Network packets from your PODs network interfaces from your kernel
  • All agents send captured information to Spider backend
  • All agents are managed remotely from Spider UI

Creation

Local agents are created by administrators on request for a single user from its profile:

CreateLocalAgents.png

Local agents are created under your name, and accessible directly (without team selection).
By default they are accessible only by their owner user.

You can access them from the Whisperer / Controller / Gocipher access drop-downs in the menu.

Deployment

Agents may be spawned inside a local Kubernetes setup, or as simple executables outside containers.

On your local Kubernetes with Helm

When deploying on a local Kubernetes, you may generate Helm values or single line installation commands.

The process is simple:

  1. Install the Controller with Helm from the Controller Installation tab
  2. Install the Gocipher with Helm from the Gocipher Installation tab

Then, both will show as Connected on the UI.

You'll then be able to spawn you own Whisperer, attached to any Workload of your cluster using these steps: Whisperers as ephemeral containers

On your localhost outside Kubernetes

When deploying outside Kubernetes, it requires a manual installation:

Limitations for safety

Local Controller

Local Controller agents are limited in one-node-Kubernetes-cluster.
When detecting on a multi node cluster, they switch to a STOPPED status and stop any running attachment.

Local Whisperer

Local Whisperers are limited in capture throughput of 5 MB/min.
When threshold is reached, packets are discarded straight before any parsing.

The throughput limit may only be changed by an administrator.

Local Gocipher

There is no Local Gocipher limitation for now.