Netshoot

The netshoot tool can be used for network troubleshooting and debugging. It include a variety of networking utilities (e.g. curl, iperf etc.). It can easily added as another running in pod e.g.:

      - name: netshoot
        image: nicolaka/netshoot
        command: ["/bin/bash"]
        args: ["-c", "while true; do ping localhost; sleep 60;done"]

Podinfo

In order to use netshoot tools with podinfo app, open shell for container netshoot:

kubectl exec -it deployments/podinfo -c netshoot -- /bin/zsh

Then tools can be used directly e.g. tcpdump for sniffing network traffic:

tcpdump -i any port 9898
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
21:53:15.685123 lo    In  IP6 localhost.58372 > localhost.9898: Flags [S], seq 346245541, win 65476, options [mss 65476,sackOK,TS val 1009258375 ecr 0,nop,wscale 7], length 0
21:53:15.685134 lo    In  IP6 localhost.9898 > localhost.58372: Flags [S.], seq 1480215945, ack 346245542, win 65464, options [mss 65476,sackOK,TS val 1009258375 ecr 1009258375,nop,wscale 7], length 0
21:53:15.685139 lo    In  IP6 localhost.58372 > localhost.9898: Flags [.], ack 1, win 512, options [nop,nop,TS val 1009258375 ecr 1009258375], length 0
21:53:15.685182 lo    In  IP6 localhost.58372 > localhost.9898: Flags [P.], seq 1:85, ack 1, win 512, options [nop,nop,TS val 1009258375 ecr 1009258375], length 84
21:53:15.685184 lo    In  IP6 localhost.9898 > localhost.58372: Flags [.], ack 85, win 511, options [nop,nop,TS val 1009258375 ecr 1009258375], length 0
21:53:15.685985 lo    In  IP6 localhost.9898 > localhost.58372: Flags [P.], seq 1:4097, ack 85, win 512, options [nop,nop,TS val 1009258376 ecr 1009258375], length 4096
21:53:15.685995 lo    In  IP6 localhost.58372 > localhost.9898: Flags [.], ack 4097, win 817, options [nop,nop,TS val 1009258376 ecr 1009258376], length 0

or netstat to check ports, on which services are listening:

netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 :::9797                 :::*                    LISTEN      -
tcp        0      0 :::9898                 :::*                    LISTEN      -
tcp        0      0 :::9999

Podtato

Similarly netshoot container can be accessed for podtato app:

kubectl -n podtato exec -it deployments/podtato-head-entry -c netshoot -- /bin/zsh

Other use cases

In other cases run a temporary interactive shell using the nicolaka/netshoot Docker image in a Kubernetes cluster. The interactive shell will be removed automatically after you exit. This is particularly useful for debugging and troubleshooting network issues within the cluster.

kubectl run tmp-shell --rm -i --tty --image nicolaka/netshoot