Skip to content

Running eCapture pcapng mode on k8s #858

New issue
New issue
Open
Open
Running eCapture pcapng mode on k8s#858
Labels
help wantedExtra attention is needed🐞 bugSomething isn't working
@hanshal101

Description

@hanshal101
hanshal101
opened on Oct 29, 2025

Description

I have successfully tested eCapture on my local Minikube cluster running on KVM, and it worked without any issues. However, when I attempted to run the same setup on an AWS EKS cluster, eCapture fails to work as expected.

Environment:

  • Local Cluster (working): Minikube running on KVM
  • Cloud Cluster (failing): AWS EKS

Problem:

The issue appears to be related to the availability of the correct SSL libraries (libssl and libcrypto) on the AWS EKS environment. Based on my understanding and troubleshooting, it seems that these libraries are either missing, not linked correctly, or located in a non-standard path on EKS, causing the failure. It's likely that the EKS environment is either missing the libraries or the paths are not correctly set, causing the failure during eCapture execution.

Expected Behavior:

eCapture should function identically on both local Minikube and AWS EKS clusters, without errors related to SSL libraries. Also it should show us the CLIENT_RANDOM save success log on the terminal.
I am expecting something like this:

Image

Steps to Reproduce:

  1. Deploy eCapture on a local Minikube cluster on KVM (ensure everything is set up correctly).
  2. Deploy the same setup on AWS EKS.
  3. Observe the failure on EKS while it works fine on Minikube.

Deployment Configuration

apiVersion: v1
kind: Namespace
metadata:
  name: ecap
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: ecap
  namespace: ecap
spec:
  selector:
    matchLabels:
      app: ecap
  template:
    metadata:
      labels:
        app: ecap
    spec:
      hostNetwork: true
      hostPID: true
      restartPolicy: Always
      containers:
        - name: ecap
          image: ecapture
          imagePullPolicy: Always
          securityContext:
            privileged: true
          volumeMounts:
            - name: ssl-lib
              mountPath: /usr/lib/x86_64-linux-gnu/libssl.so.3
              readOnly: true
            - name: crypto-lib
              mountPath: /usr/lib/x86_64-linux-gnu/libcrypto.so.3
              readOnly: true
            - name: host-proc
              mountPath: /proc
            - name: host-sys
              mountPath: /sys
          args:
            - "tls"
            - "-m"
            - "pcapng"
            - "-i"
            - "eth0"
      volumes:
        - name: ssl-lib
          hostPath:
            path: /usr/lib/libssl.so.3
            type: File
        - name: crypto-lib
          hostPath:
            path: /usr/lib/libcrypto.so.3
            type: File
        - name: host-proc
          hostPath:
            path: /proc
            type: Directory
        - name: host-sys
          hostPath:
            path: /sys
            type: Directory

This is the manifest I have used to deploy in my localminikube cluster and this same manifests is applied while changing the network-interface, the libssl and libcrypto mount path.

This is my all the libssl & libcrypto path in the amazon linux node:

$ plocate libssl.so
/host/usr/lib/x86_64-linux-gnu/libssl.so.3
/host/usr/lib64/libssl.so.3
/host/usr/lib64/libssl.so.3.2.2
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/107/fs/usr/lib/x86_64-linux-gnu/libssl.so.3
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/21/fs/usr/lib64/libssl.so.3
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/21/fs/usr/lib64/libssl.so.3.2.2
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/22/fs/usr/lib64/libssl.so.3
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/22/fs/usr/lib64/libssl.so.3.2.2
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/272/fs/usr/lib/x86_64-linux-gnu/libssl.so.3
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/672/fs/usr/lib/x86_64-linux-gnu/libssl.so.3
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/68/fs/usr/lib/x86_64-linux-gnu/libssl.so.1.1
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/89/fs/usr/lib/x86_64-linux-gnu/libssl.so.1.1
/usr/lib/x86_64-linux-gnu/libssl.so.3

$ plocate libcrypto.so
/host/usr/lib/x86_64-linux-gnu/libcrypto.so.3
/host/usr/lib64/libcrypto.so.3
/host/usr/lib64/libcrypto.so.3.2.2
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/107/fs/usr/lib/x86_64-linux-gnu/libcrypto.so.3
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/21/fs/usr/lib64/libcrypto.so.3
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/21/fs/usr/lib64/libcrypto.so.3.2.2
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/22/fs/usr/lib64/libcrypto.so.3
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/22/fs/usr/lib64/libcrypto.so.3.2.2
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/272/fs/usr/lib/x86_64-linux-gnu/libcrypto.so.3
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/672/fs/usr/lib/x86_64-linux-gnu/libcrypto.so.3
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/68/fs/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
/host/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/89/fs/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
/usr/lib/x86_64-linux-gnu/libcrypto.so.3

Metadata

Metadata

Assignees

No one assigned

    Labels

    help wantedExtra attention is needed🐞 bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions