How to TCPdump effectively in Kubernetes (part 2)
--
In previous blog posts, we focused on how to use TCPdump in a specific container (see https://medium.com/@xxradar/how-to-tcpdump-effectively-in-docker-2ed0a09b5406 ) as well as how we could add it to an existing K8S deployment using a patch (see https://medium.com/@xxradar/how-to-tcpdump-effectively-in-kubernetes-part-1-a1546b683d2f)
While researching some other things recently, I came across a comment suggesting a quick fix for another issue like this …
$ kubectl run -it --rm debug --restart=Never --image=ubuntu --overrides='{"kind":"Pod", "apiVersion":"v1", "spec": {"hostNetwork":true}}'This is pretty similar as described in a previous blog posts …
docker run -it --net=host ubuntu … but in the kubectl case, we do not need SSH access to a node or access to the docker client, nor do we need to re-deploy the deployment (aka restart of the pods)
So let’s try this !!
Create a small K8S cluster and deploy a simple nginx service (I used the managed K8S service from Digitalocean and tested as well on an Azure environment)
$ kubectl get no
NAME STATUS ROLES AGE VERSION
demo-pool1-lyg2 Ready <none> 2m3s v1.16.2
demo-pool1-lygl Ready <none> 2m12s v1.16.2
demo-pool1-lygt Ready <none> 2m14s v1.16.2$ kubectl get svc -n radarhack
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-radarhack-clusterip ClusterIP 10.245.94.156 <none> 80/TCP 100s$ kubectl get po -n radarhack -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
radarhack-deployment-655b776bd-6v6dl 1/1 Running 0 22m 10.244.0.232 demo-pool1-lygt <none> <none>
radarhack-deployment-655b776bd-wmqv9 1/1 Running 0 22m 10.244.1.87 demo-pool1-lygl <none> <none>
radarhack-deployment-655b776bd-zrxdd 1/1 Running 0 22m 10.244.2.223 demo-pool1-lyg2 <none> <none>
So lets deploy an ubuntu pod like described before …
$ kubectl run -it…
