Is your feature request related to a problem?

• Yes

  Problem Description:

  When a BPF program is attached to multiple Ethernet interfaces, the system cannot filter events, such as kube-system events, dashboard events, and cert-manager events. As the primary aim in this stage is to capture only internal pod to pod connections, this results in a large number of unwanted captured events. The simple solution will be to filter the source IP of the unwanted service, but this is not possible because in Kubernetes, the cluster IP can change, and naturally, it does every time a pod is restarted. Attached there's a demonstration of this IP change after a restart:

Solution:

The ideal solution uses a low-level structure from the Linux kernel if possible. Using low-level structures or equivalent Rust crates will be great to avoid a lot of overhead. Also, a solution using the container runtime interface (CRI) needs to be investigated.

Additional info

I'm using minikube to host a local single-node Kubernetes cluster