K8s Network Debugging

Learning about tcpdump, wireshark, and other fun things.

Based on https://faun.pub/capturing-container-traffic-on-kubernetes-ee4a49b833b7

Specifically, we're going to use the approach where we enter the node and use nsenter to pop into the networking namespace of the pod, where we'll then use tcpdump.

We're going to debug gatekeeper in this case, to make things realistic (also because I have run into this situation before).

TODO:

I have the k3d cluster configured with nerdctl and the cni plugins for manipulating the network. I need to:

• Copy down the certificates in the gatekeeper pod
• Execute a netshoot container in the same networking namespace as gatekeeper
• Figure out how to use tcpdump (or a similar tool) against the data While using the certificates!