Anatomy of Kubeshark
Kubeshark consists of three different software that works together harmoniously; CLI, Hub and Worker.
It's a Docker image which is deployed into your cluster as a normal pod. It orchestrates the worker deployments, receives sniffed and dissected directed from each worker and collects into a central place. It also serves a web interface to display the collected traffic on your web browser.
It's the software which you deploy into your cluster using
kubeshark deploy command.
It's a Docker image which is deployed into your cluster as a DaemonSet to ensure each node in your cluster are covered by Kubeshark. The worker contains the implementations of network sniffer, kernel tracing and more. Workers transmit the collected traffic to hub via WebSocket.
The worker by itself can be used as a network sniffer on your computer without requiring a Kubernetes cluster.