Retina is a cloud-agnostic, open-source Kubernetes network observability platform that provides a centralized hub for monitoring application health, network health, and security. It provides actionable insights to cluster network administrators, cluster security administrators, and DevOps engineers navigating DevOps, SecOps, and compliance use cases.
Retina collects customizable telemetry, which can be exported to multiple storage options (such as Prometheus, Azure Monitor, and other vendors) and visualized in a variety of ways (like Grafana, Azure Log Analytics, and other vendors).
- eBPF-based Network Observability platform for Kubernetes workloads.
- On-Demand and Configurable.
- Actionable, industry-standard Prometheus metrics.
- Streamlined Packet Captures for deep dives.
- Cloud-agnostic, supporting multiple OS (like Linux, Windows, Azure Linux).
Retina lets you investigate network issues on-demand and continuously monitor your clusters. For scenarios where Retina shines, see the intro docs here
See retina.sh for documentation and examples.
Retina has two major features:
Retina can be installed using the Helm chart from GHCR:
# Set the version to a specific version here or get latest version from GitHub API.
VERSION=$( curl -sL https://api.github.com/repos/microsoft/retina/releases/latest | jq -r .name)
helm upgrade --install retina oci://ghcr.io/microsoft/retina/charts/retina \
--version $VERSION \
--set image.tag=$VERSION \
--set operator.tag=$VERSION \
--set logLevel=info \
--set enabledPlugin_linux="\[dropreason\,packetforward\,linuxutil\,dns\]"
Set the version
and image tag
arguments to the desired version, if different.
After Helm install, follow steps in Using Prometheus and Grafana to set up metrics collection and visualization.
The preferred way to install the Retina CLI using Krew.
kubectl krew install retina
Other installation options are documented in CLI Installation.
Verify installation:
$ kubectl retina version
v0.0.4 # or latest version
To quickly start creating a capture:
kubectl retina capture create --name <my-capture> --namespace <my-namespace> --selector <app=my-app>
For further CLI documentation, see Capture with Retina CLI.
Install Retina using Helm:
VERSION=$( curl -sL https://api.github.com/repos/microsoft/retina/releases/latest | jq -r .name)
helm upgrade --install retina oci://ghcr.io/microsoft/retina/charts/retina \
--version $VERSION \
--set image.tag=$VERSION \
--set operator.tag=$VERSION \
--set image.pullPolicy=Always \
--set logLevel=info \
--set os.windows=true \
--set operator.enabled=true \
--set operator.enableRetinaEndpoint=true \
--skip-crds \
--set enabledPlugin_linux="\[dropreason\,packetforward\,linuxutil\,dns\,packetparser\]"
Then follow steps in Capture CRD for documentation of the CRD and examples for setting up Captures.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
Read more about how to begin contributing here.
Retina images published to GHCR are cryptographically signed. You can verify their provenance with sigstore/cosign
:
REPO=microsoft/retina # or your repo
IMAGE=retina-operator # or other image to verify
TAG=v0.0.6 # or other tag to verify OR replace with the image SHA256
cosign verify ghcr.io/$REPO/$IMAGE:$TAG --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp="https://github.com/$REPO" -o text
We host a periodic open community meeting. Find the details here.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
See the LICENSE.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
For bugs or feature requests, open an issue. For security or vulnerability concerns, see SECURITY.md. For other communication, contact the maintainers at [email protected].