Skip to main content

Sidecar

In Kubernetes, Speedscale employs a sidecar (also known as goproxy) to capture network level traffic for individual services. The sidecar uses two server sockets to capture traffic:

  • Port 4143 - used to capture inbound traffic
  • Port 4140 - used to capture outbound traffic

The sidecar or init container uses these ports "intercept" traffic transparently. Here is a basic diagram that shows a client making a call to a service under test, and that service makes subsequent calls to other backend systems. Of course some calls may use an http port like 80 or 8080 (or pick your favorite port), other times the service may use https on port 443 and be using TLS traffic.

tls The Speedscale sidecar proxy, goproxy, is used to collect data from an existing application. To capture traffic, requests to and from your application will need to be routed through the proxy.

Bootstrapping Traffic Capture from Speedscale on Vimeo.

tip

The envoy proxy (aka Istio) uses the same architecture to redirect traffic. Your platform or security team may already be familiar with this approach.

Installation

There are several ways to install the sidecar in your cluster. See the proxy configuration reference for proxy configuration outside of a cluster.

From the Speedscale web app click on Add service to launch the add service wizard which will walk you through configuration and verification tailored to your environment.

Removal

If you already have the sidecar installed, but you need for it to be removed, you may either set the sidecar.speedscale.com/inject annotation to false, or remove it:

annotations:
  sidecar.speedscale.com/inject: "false"

After deploying or patching your deployment, you should notice your container count decrease by one and the sidecar is no longer attached.

Use speedctl uninstall to remove all Speedscale components.