Do you ever need to debug a node on kubernetes? Maybe the networking is broken, or you need to check
something else out? The netshoot docker container contains a large number of
helpful network tools like tcpdump, iperf, and more. Use a script
like this to kubectl directly to a node with escalated
privileges. Once in, try tcpdump -i any to see all network traffic on the node.
#!/bin/bash
set -exuo pipefail
if [[ "${1-}" == "" ]]; then
kubectl run "netshoot-$(whoami)" --rm -i --tty --image nicolaka/netshoot -- /bin/bash
else
kubectl run "netshoot-$(whoami)" --rm -i --tty --image nicolaka/netshoot \
--overrides='{
"spec": {
"hostNetwork": true,
"tolerations": [{
"key": "",
"operator": "Exists"
}],
"nodeSelector": {
"kubernetes.io/hostname": "'${1}'"
},
"containers": [{
"name": "netshoot",
"image": "nicolaka/netshoot",
"securityContext": {
"privileged": true
},
"command": ["/bin/bash"],
"stdin": true,
"tty": true
}]
}
}'
fi
For example, I can run this to get a shell on a node:
kc-netshoot.sh my-node-name