The Microsoft Azure Container Networking team recently announced an open-source project named Retina. This cloud-native container networking observability platform allows DevOps engineers and administrators to visualize, debug, and analyze workload traffic across diverse environments.
Retina collects customizable telemetry that can be sent to various storage solutions, including Prometheus, Azure Monitor, and other providers, and displayed through different offerings such as Grafana, Azure Log Analytics, and other platforms. It is not tied to Azure directly; users can run Retina in any Kubernetes instance, on-premises, or in AWS, Azure, or GCP.
Retina utilizes extended Berkeley Packet Filters (eBPF), like the Falco security tool, and enables kernel-level code execution on the host OS without impacting application containers. This approach eliminates the need for container agents or code libraries for monitoring, allowing a single eBPF probe to oversee all nodes on a host, whether cloud-based or physical hardware.
Furthermore, Retina supports Linux and Windows environments without being limited by specific Container Network Interfaces (CNIs), operating systems, or data planes. It is equipped to scale efficiently while using minimal resources on clusters.
Architecture Overview of Retina (Source: Microsoft DevOps Blog)
To get started with Retina, users should clone the Retina GitHub repository and install it using the provided Helm charts. For data logging, Prometheus might need to be configured. A Linux-hosted Kubernetes environment is necessary for CLI access, with the CLI integrating seamlessly into kubectl for ease of use with other Kubernetes tools. Network captures can also be configured and executed via YAML custom resource definitions.
Deepak Bansal, corporate vice-president and technical fellow, Microsoft Azure, and Chandan Aggarwal, partner group engineering manager, Microsoft Azure, write:
Many enterprises are multi-cloud and want solutions that work well not just on Microsoft Azure, but on other clouds as well as on-premises. Retina is open-source and multi-cloud from day one. By open-sourcing Retina, we aim to share our knowledge and vision for Kubernetes networking observability with the broader cloud-native ecosystem. Our hope is that Retina will evolve and grow through collaboration with other developers and organizations who share similar experiences and goals in this field.
Yet, there are more offerings as a respondent on a Hacker News thread about Retina stated:
Red Hat has a similar eBPF based tool (Disclaimer: i work on it) - the cool thing imho with retina or redhat netobserv or pixie is they aren't tied to a specific CNI. Now one of the problems that arises is potential conflicts and lack of collaboration between eBPF based tools, as there are more and more. Something called bpfman aims to address this aspect.
With another person responding:
You can also check out DeepFlow, where we implemented distributed tracing for microservices using eBPF, which of course also includes observability of K8s networks.
More details about Retina are available on the documentation website.