How to TCPdump effectively in Kubernetes (part 2)

In previous blog posts, we focused on how to use TCPdump in a specific container (see https://medium.com/@xxradar/how-to-tcpdump-effectively-in-docker-2ed0a09b5406 ) as well as how we could add it to an existing K8S deployment using a patch (see https://medium.com/@xxradar/how-to-tcpdump-effectively-in-kubernetes-part-1-a1546b683d2f)

While researching some other things recently, I came across a comment suggesting a quick fix for another issue like this …

$ kubectl run -it --rm debug  --restart=Never --image=ubuntu --overrides='{"kind":"Pod", "apiVersion":"v1", "spec": {"hostNetwork":true}}'

This is pretty similar as described in a previous blog posts …

docker run -it --net=host ubuntu 

… but in the kubectl case, we do not need SSH access to a node or access to the docker client, nor do we need to re-deploy the deployment (aka restart of the pods)

So let’s try this !!
Create a small K8S cluster and deploy a simple nginx service (I used the managed K8S service from Digitalocean and tested as well on an Azure environment)

$ kubectl get no
NAME              STATUS   ROLES    AGE     VERSION
demo-pool1-lyg2   Ready    <none>   2m3s    v1.16.2
demo-pool1-lygl   Ready    <none>   2m12s…