Netshoot
The netshoot tool can be used for network troubleshooting and debugging. It include a variety of networking utilities (e.g. curl, iperf etc.). It can easily added as another running in pod e.g.:
- name: netshoot
image: nicolaka/netshoot
command: ["/bin/bash"]
args: ["-c", "while true; do ping localhost; sleep 60;done"]
Podinfo
In order to use netshoot
tools with podinfo
app, open shell for container netshoot
:
kubectl exec -it deployments/podinfo -c netshoot -- /bin/zsh
Then tools can be used directly e.g. tcpdump
for sniffing network traffic:
tcpdump -i any port 9898
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
21:53:15.685123 lo In IP6 localhost.58372 > localhost.9898: Flags [S], seq 346245541, win 65476, options [mss 65476,sackOK,TS val 1009258375 ecr 0,nop,wscale 7], length 0
21:53:15.685134 lo In IP6 localhost.9898 > localhost.58372: Flags [S.], seq 1480215945, ack 346245542, win 65464, options [mss 65476,sackOK,TS val 1009258375 ecr 1009258375,nop,wscale 7], length 0
21:53:15.685139 lo In IP6 localhost.58372 > localhost.9898: Flags [.], ack 1, win 512, options [nop,nop,TS val 1009258375 ecr 1009258375], length 0
21:53:15.685182 lo In IP6 localhost.58372 > localhost.9898: Flags [P.], seq 1:85, ack 1, win 512, options [nop,nop,TS val 1009258375 ecr 1009258375], length 84
21:53:15.685184 lo In IP6 localhost.9898 > localhost.58372: Flags [.], ack 85, win 511, options [nop,nop,TS val 1009258375 ecr 1009258375], length 0
21:53:15.685985 lo In IP6 localhost.9898 > localhost.58372: Flags [P.], seq 1:4097, ack 85, win 512, options [nop,nop,TS val 1009258376 ecr 1009258375], length 4096
21:53:15.685995 lo In IP6 localhost.58372 > localhost.9898: Flags [.], ack 4097, win 817, options [nop,nop,TS val 1009258376 ecr 1009258376], length 0
or netstat
to check ports, on which services are listening:
netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::9797 :::* LISTEN -
tcp 0 0 :::9898 :::* LISTEN -
tcp 0 0 :::9999
Podtato
Similarly netshoot
container can be accessed for podtato
app:
kubectl -n podtato exec -it deployments/podtato-head-entry -c netshoot -- /bin/zsh
Other use cases
In other cases run a temporary interactive shell using the nicolaka/netshoot
Docker image in a Kubernetes cluster.
The interactive shell will be removed automatically after you exit.
This is particularly useful for debugging and troubleshooting network issues within the cluster.
kubectl run tmp-shell --rm -i --tty --image nicolaka/netshoot