Containers can use the network stack in a few different ways. It all depends on how they connect to the network. A couple of options are:

  • host (ex. $docker run --rm -it --net=host ...)
  • container networks (ex. $docker run --rm -it --net=container:id ...)
  • overlay

Building a container and…

In previous blog posts, we focused on how to use TCPdump in a specific container (see ) as well as how we could add it to an existing K8S deployment using a patch (see

While researching some other things recently, I came across a comment suggesting a quick…

I stumbled on pixielabs while investigating #eBPF. It is extremely powerful tool showing a lot of eBPF capabilities in a nice UI on a kubernetes cluster.

1. Setting up a k8s cluster

For the sake of this demo I will be using a managed kubernetes cluster on the DigitalOcean platform…

In order to use ephemeral containers, the K8S cluster needs to be created using the EphemeralContainers feature gate. This technique makes using tcpdump inside a pod quite easy without the need to restart or patch a pod or deployment.

Create a cluster enabling EphemeralContainers

The following configuration cluster.yaml helps installing a K8S cluster using kubeadm.

Kubernetes services are accessible via the kube-api proxy when correctly authenticated (via the control-plane)

Ever wondered what these URLs are? Well read on.

$ kubectl cluster-info
Kubernetes master is running at
KubeDNS is running at

1. Create a SA (service account)

$ kubectl create sa demo

2. Create a clusterrolebinding

$ kubectl create clusterrolebinding sa-demo — clusterrole=cluster-admin —…

Philippe Bogaerts

BruCON co-founder, OWASP supporter, Application Delivery and Web Application Security, Kubernetes and container, pentesting enthousiast, BBQ & cocktails !!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store