Debugging networking on OKD4 OpenShift 4 » Historie » Zyklus 1
Peter Pfläging, 05.08.2021 09:45
| 1 | 1 | Peter Pfläging | # Debugging networking on OKD4 / OpenShift 4 |
|---|---|---|---|
| 2 | |||
| 3 | It's not so easy to debug network problems in OKD / OpenShift. |
||
| 4 | |||
| 5 | For a cluster-admin this method works. |
||
| 6 | |||
| 7 | **DANGER**: you have to know what your doing |
||
| 8 | **DANGER**: you have to know network protocols and PCAP / Wireshark |
||
| 9 | |||
| 10 | ## Install krew (Plugin Manager for kubectl & oc) |
||
| 11 | |||
| 12 | Krew (<https://krew.sig.k8s.io>) is a plugin manager for `kubectl` and `oc` |
||
| 13 | |||
| 14 | Install with <https://krew.sigs.k8s.io/docs/user-guide/setup/install/> |
||
| 15 | |||
| 16 | ## Install ksniff |
||
| 17 | |||
| 18 | ksniff (<https://github.com/eldadru/ksniff>) is a plugin for kubectl which executes tcpdump in your destination pod (or a sidecar) and saves it or feeds it to Wireshark. |
||
| 19 | |||
| 20 | Installation: `kubectl krew install sniff` and you're done ;-) |
||
| 21 | |||
| 22 | If you want to analyze in realtime you have to install Wireshark (<https://www.wireshark.org>) |
||
| 23 | |||
| 24 | ## Execute |
||
| 25 | |||
| 26 | Assuming your destination pod named `dingdongpod` in namespace (project) `private-develop` |
||
| 27 | |||
| 28 | Do the following on your management or development machine (preferred is MacOS or Linux): |
||
| 29 | |||
| 30 | ```shell |
||
| 31 | oc login -u myclusteradminaccount api.mycluster.my.domain |
||
| 32 | oc project private-develop |
||
| 33 | oc sniff -p dingdongpod |
||
| 34 | ``` |
||
| 35 | |||
| 36 | This executes a privileged pod in the namespace, fires tcpdump and pipes the output to your wireshark. And now you can debug! |
pflaeging.net