Do you ever need to debug a node on kubernetes? Maybe the networking is broken, or you need to check something else out? The netshoot docker container contains a large number of helpful network tools like tcpdump, iperf, and more. Use a script like this to kubectl directly to a node with escalated privileges. Once in, try tcpdump -i any to see all network traffic on the node.

set -exuo pipefail
if [[ "${1-}" == "" ]]; then
    kubectl run "netshoot-$(whoami)" --rm -i --tty --image nicolaka/netshoot -- /bin/bash
    kubectl run "netshoot-$(whoami)" --rm -i --tty --image nicolaka/netshoot \
        "spec": {
            "hostNetwork": true,
            "tolerations": [{
                "key": "",
                "operator": "Exists"
            "nodeSelector": {
                "": "'${1}'"
            "containers": [{
                "name": "netshoot",
                "image": "nicolaka/netshoot",
                "securityContext": {
                    "privileged": true
                "command": ["/bin/bash"],
                "stdin": true,
                "tty": true

For example, I can run this to get a shell on a node: my-node-name