Monday, April 25, 2022

Live Wireshark diameter capturing from K8s container (in Google Kubernetes Engine)

Handy command to remotely capture tcpdump from a K8s container located in Google Kubernetes Engine and then display it (live!) in Wireshark running on your PC:

% gcloud beta compute ssh jumphost --quiet \
  --command='kubectl exec tra-rt-ag1-0 --namespace=app-ns -- sudo /usr/sbin/tcpdump -i any -U --immediate-mode port 16553 or port 16560 or port 16570 -w -' | \
  /Users/jhartman/Tools/Utilities/Wireshark.app/Contents/MacOS/Wireshark -k -i -

Pre-requisites:

Wireshark installed locally in your PC
Configured gcloud access to the environment
tcpdump available in the container
Root or sudo available in the container (if not, a sidecar with tcpdump might be easiest option to get it)

How to fix Permission “artifactregistry.repositories.downloadArtifacts” denied on resource on Ubuntu when pulling from Google Artifact repository