Netshoot

The netshoot tool can be used for network troubleshooting and debugging. It include a variety of networking utilities (e.g. curl, iperf etc.). It can easily added as another running in pod e.g.:

- name: netshoot image: nicolaka/netshoot command: ["/bin/bash"] args: ["-c", "while true; do ping localhost; sleep 60;done"]

Podinfo

In order to use netshoot tools with podinfo app, open shell for container netshoot:

kubectl exec -it deployments/podinfo -c netshoot -- /bin/zsh

Then tools can be used directly e.g. tcpdump for sniffing network traffic:

tcpdump -i any port 9898
tcpdump: data link type LINUX_SLL2 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes 21:53:15.685123 lo In IP6 localhost.58372 > localhost.9898: Flags [S], seq 346245541, win 65476, options [mss 65476,sackOK,TS val 1009258375 ecr 0,nop,wscale 7], length 0 21:53:15.685134 lo In IP6 localhost.9898 > localhost.58372: Flags [S.], seq 1480215945, ack 346245542, win 65464, options [mss 65476,sackOK,TS val 1009258375 ecr 1009258375,nop,wscale 7], length 0 21:53:15.685139 lo In IP6 localhost.58372 > localhost.9898: Flags [.], ack 1, win 512, options [nop,nop,TS val 1009258375 ecr 1009258375], length 0 21:53:15.685182 lo In IP6 localhost.58372 > localhost.9898: Flags [P.], seq 1:85, ack 1, win 512, options [nop,nop,TS val 1009258375 ecr 1009258375], length 84 21:53:15.685184 lo In IP6 localhost.9898 > localhost.58372: Flags [.], ack 85, win 511, options [nop,nop,TS val 1009258375 ecr 1009258375], length 0 21:53:15.685985 lo In IP6 localhost.9898 > localhost.58372: Flags [P.], seq 1:4097, ack 85, win 512, options [nop,nop,TS val 1009258376 ecr 1009258375], length 4096 21:53:15.685995 lo In IP6 localhost.58372 > localhost.9898: Flags [.], ack 4097, win 817, options [nop,nop,TS val 1009258376 ecr 1009258376], length 0

or netstat to check ports, on which services are listening:

netstat -tulpn
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 :::9797 :::* LISTEN - tcp 0 0 :::9898 :::* LISTEN - tcp 0 0 :::9999

Podtato

Similarly netshoot container can be accessed for podtato app:

kubectl -n podtato exec -it deployments/podtato-head-entry -c netshoot -- /bin/zsh

Other use cases

In other cases run a temporary interactive shell using the nicolaka/netshoot Docker image in a Kubernetes cluster. The interactive shell will be removed automatically after you exit. This is particularly useful for debugging and troubleshooting network issues within the cluster.

kubectl run tmp-shell --rm -i --tty --image nicolaka/netshoot