I have installed consul via helm chart 0.40.0 into our TKGi (VMware) env. and I need to capture a tcpdump from a envoy-sidecar proxy container to demonstrate tls encryption to the upstream/downstream proxy.
The K8s version is 1.22.2
The installed proxy image - envoyproxy/envoy-alpine:v1.20.1:
- does not include tcpdump or apt-get.
- the running user in the side-car is unknown.
/ id uid=5995 gid=5995 / whoami
whoami: unknown uid 5995
/ $ su -
su: Cannot determine your user name.
Can you help me figure out how to install and use tcpdump to capture upstream data?
The description of containers in the running pod:
Init Containers:
copy-consul-bin:
Container ID: containerd://203b4dd5390a10f5dd1781edede58863563979b26be94d45e6866f3d15d3889c
Image: hashicorp/consul:1.11.2
Image ID: docker.io/hashicorp/consul@sha256:8e06a85e185ca2f2eeb65e91ef67e4d0c26aaa70f9a5da9619cfab5f3d6cb394
Port:
Host Port:
Command:
/bin/sh
-ec
cp /bin/consul /consul/connect-inject/consul
State: Terminated
Reason: Completed
Exit Code: 0
Started: Thu, 10 Feb 2022 20:38:18 +0000
Finished: Thu, 10 Feb 2022 20:38:20 +0000
Ready: True
Restart Count: 0
Limits:
cpu: 50m
memory: 150Mi
Requests:
cpu: 50m
memory: 25Mi
Environment:
Mounts:
/consul/connect-inject from consul-connect-inject-data (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-6g8rk (ro)
consul-connect-inject-init:
Container ID: containerd://1c12ba707e2896a36f6fbfd471ca3a65b7d976a54a4aa088931179badd2ae7fb
Image: hashicorp/consul-k8s-control-plane:0.40.0
Image ID: docker.io/hashicorp/consul-k8s-control-plane@sha256:cf2a96b024d20088e9aad6abef6cac2a9c6c19466eee9d82a3b6d03f79903e0f
Port:
Host Port:
Command:
/bin/sh
-ec
export CONSUL_HTTP_ADDR="${HOST_IP}:8500"
export CONSUL_GRPC_ADDR="${HOST_IP}:8502"
consul-k8s-control-plane connect-init -pod-name=${POD_NAME} -pod-namespace=${POD_NAMESPACE} \
# Generate the envoy bootstrap code
/consul/connect-inject/consul connect envoy \
-proxy-id="$(cat /consul/connect-inject/proxyid)" \
-bootstrap > /consul/connect-inject/envoy-bootstrap.yaml
# Apply traffic redirection rules.
/consul/connect-inject/consul connect redirect-traffic \
-proxy-id="$(cat /consul/connect-inject/proxyid)" \
-proxy-uid=5995
State: Terminated
Reason: Completed
Exit Code: 0
Started: Thu, 10 Feb 2022 20:38:21 +0000
Finished: Thu, 10 Feb 2022 20:38:27 +0000
Ready: True
Restart Count: 0
Limits:
cpu: 50m
memory: 150Mi
Requests:
cpu: 50m
memory: 25Mi
Environment:
HOST_IP: (v1:status.hostIP)
POD_IP: (v1:status.podIP)
POD_NAME: util-sidecar-secure-6c46d9c89c-4frdc (v1:metadata.name)
POD_NAMESPACE: kimtest (v1:metadata.namespace)
Mounts:
/consul/connect-inject from consul-connect-inject-data (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-6g8rk (ro)
Containers:
util:
Container ID: containerd://807c905a795870a71b8b49d40861f1b96cf7725f5e984e50a39931ea23fa162a
Image: hashicorp/consul:1.11.2
Image ID: docker.io/hashicorp/consul@sha256:8e06a85e185ca2f2eeb65e91ef67e4d0c26aaa70f9a5da9619cfab5f3d6cb394
Port: 8080/TCP
Host Port: 0/TCP
Command:
/bin/sleep
infinity
State: Running
Started: Thu, 10 Feb 2022 20:38:28 +0000
Ready: True
Restart Count: 0
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-6g8rk (ro)
envoy-sidecar:
Container ID: containerd://5e3bdee087c2a7a498468011a12b41a9dbace33f3bbf9b2494eaf79fe568d36f
Image: envoyproxy/envoy-alpine:v1.20.1
Image ID: docker.io/envoyproxy/envoy-alpine@sha256:589805bf0d51dbde5b9635995a2da2047982221605ed7c97a5764d1a84510e9f
Port:
Host Port:
Command:
envoy
–config-path
/consul/connect-inject/envoy-bootstrap.yaml
–log-level
debug
State: Running
Started: Thu, 10 Feb 2022 20:38:28 +0000
Ready: True
Restart Count: 0
Environment:
HOST_IP: (v1:status.hostIP)
Mounts:
/consul/connect-inject from consul-connect-inject-data (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-6g8rk (ro)