one of the non-intrusive approaches i have for this [1] is kubenetmon[2] which uses a kernel feature called nf_conntrack_acct to have counters for (src, dst).
it's not perfect [3] but gets the job done for me
[1] not as much "control" as it is "logging", of sorts; "especially when you just need to answer “what is my cluster talking to?”"
it's not perfect [3] but gets the job done for me
[1] not as much "control" as it is "logging", of sorts; "especially when you just need to answer “what is my cluster talking to?”"
[2] https://github.com/ClickHouse/kubenetmon / https://clickhouse.com/blog/kubenetmon-open-sourced
[3] if you have a lot of short-lived containers, you're likely to run into something like this: https://github.com/ClickHouse/kubenetmon/issues/24
edit: clarifying [1]