Debugging networking on OKD4 / OpenShift 4¶

It's not so easy to debug network problems in OKD / OpenShift.

For a cluster-admin this method works.

DANGER: you have to know what your doing
DANGER: you have to know network protocols and PCAP / Wireshark

Install krew (Plugin Manager for kubectl & oc)¶

Krew (https://krew.sig.k8s.io) is a plugin manager for kubectl and oc

Install with https://krew.sigs.k8s.io/docs/user-guide/setup/install/

Install ksniff¶

ksniff (https://github.com/eldadru/ksniff) is a plugin for kubectl which executes tcpdump in your destination pod (or a sidecar) and saves it or feeds it to Wireshark.

Installation: kubectl krew install sniff and you're done ;-)

If you want to analyze in realtime you have to install Wireshark (https://www.wireshark.org)

Execute¶

Assuming your destination pod named dingdongpod in namespace (project) private-develop

Do the following on your management or development machine (preferred is MacOS or Linux):

oc login -u myclusteradminaccount api.mycluster.my.domain
oc project private-develop
oc sniff -p dingdongpod

This executes a privileged pod in the namespace, fires tcpdump and pipes the output to your wireshark. And now you can debug!