Notice: This post is more than a year old. Some of the content might be outdated.

The Network Multitool image

Scratching the container networking itch

What to do when you need more than just ping to reach a container.

The itch

We know that the idea behind a Docker container is that it should have just enough software to run a particular process or service. For example a web server, Java application server or database server.

Images are designed to be very minimalistic and lean in nature. If a container should only run a single process all its life, why bother filling it up with unused software? Great! But because they are lean, they can also be difficult to troubleshoot.

I have many times needed more than just ping to reach a container running on a particular host on a particular container network.

Recently I was working on a Kubernetes cluster with service names set up using the SkyDNS addon. But I was not able to resolve the service names. I had nginx running as a container and being minimalistic by nature, it had no tools inside it except ping. I installed nslookup with the usual apt-get update and apt-get install dnsutils. But it was still not giving me enough information about name resolution. I was not until I installed dig that I figured out what was going on. It took me many container starts and apt-get commands before things got clear.

It was a nasty itch and I needed a solution.

The solution

Being a big fan and user of multitools, such as the Leatherman Wave that I carry with me as EDC, I wanted a container image with all the necessary tools installed in it. One I could use at will, without getting into the apt-get mess. I also wanted the image to run as a standard pod, so I could achieve two things:

  • I would always have a web service to test my connections
  • I would just docker exec bash into it and not have to remember complex kubectl commands to run it in interactive mode

I went ahead and created praqma/network-multitool. I am a Red Hat fan so I based my image on centos:7 . Initially I had Apache as web server, but later I replaced it with nginx - it is very light weight and fast.

Example usage

The image can be used in any container environment. Here are a few examples of how you can use it.

On a Docker host

Interactive:

[kamran@kworkhorse ~]$ docker run --rm -it praqma/network-multitool bash

[root@92288413e051 /]# nslookup yahoo.com
Server:		192.168.100.1
Address:	192.168.100.1#53

Non-authoritative answer:
Name:	yahoo.com
Address: 98.138.253.109
Name:	yahoo.com
Address: 98.139.183.24
Name:	yahoo.com
Address: 206.190.36.45

[root@92288413e051 /]#

Detached:

[kamran@kworkhorse ~]$ docker run -P -d  praqma/network-multitool
a76d156c674f2b61c9b9fb10f87c645620c4fcbe88a13162546379abc9a87f14
[kamran@kworkhorse ~]$ docker ps
CONTAINER ID        IMAGE                      COMMAND             CREATED             STATUS              PORTS                                           NAMES
a76d156c674f        praqma/network-multitool   "/start_nginx.sh"   31 seconds ago      Up 30 seconds       0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp   silly_franklin
[kamran@kworkhorse ~]$ docker exec -it silly_franklin bash

[root@a76d156c674f /]# curl -I yahoo.com
HTTP/1.1 301 Redirect
Date: Sun, 16 Apr 2017 16:09:20 GMT
Via: https/1.1 ir28.fp.ne1.yahoo.com (ApacheTrafficServer)
Server: ATS
Location: https://www.yahoo.com/
Content-Type: text/html
Content-Language: en
Cache-Control: no-store, no-cache
Connection: keep-alive
Content-Length: 304

[root@a76d156c674f /]#

In a Kubernetes cluster

First run the container image as a deployment:

[kamran@kworkhorse ~]$ kubectl run multitool --image=praqma/network-multitool
deployment "multitool" created
[kamran@kworkhorse ~]$

Then find the pod name and connect to it in interactive mode:

[kamran@kworkhorse ~]$ kubectl get pods
NAME                                  READY     STATUS    RESTARTS   AGE
multitool-2814616439-hd8p6            1/1       Running   0          1m
[kamran@kworkhorse ~]$ kubectl exec -it multitool-2814616439-hd8p6 bash

[root@multitool-2814616439-hd8p6 /]# traceroute google.com
traceroute to google.com (64.233.184.102), 30 hops max, 60 byte packets
 1  gateway (10.112.1.1)  0.044 ms  0.014 ms  0.009 ms
 2  wa-in-f102.1e100.net (64.233.184.102)  0.716 ms  0.701 ms  0.896 ms
[root@multitool-2814616439-hd8p6 /]# exit
exit
[kamran@kworkhorse ~]$

Summary

Creating this network multitool image has completely soothed my itch. Now I use it to solve all sorts of problems. Packet capture, telnet, traceroute, mtr, dig, netstat, curl - you name it! I hope you will enjoy using this multitool as much as we do at Praqma.

Author: Muhammad Kamran Azeem

Read more about Muhammad


Related Stories

Related Stories

×

CoDe-Conf 2019

CoDe-Conf 2019

The Continuous Delivery and DevOps Conference in Scandinavia

Start well with Kubernetes

Start well with Kubernetes

How to make the right technical choices on your cloud native journey

Video - Docker and Kubernetes in 40 minutes

Video - Docker and Kubernetes in 40 minutes

Watch this introduction to Docker and Kubernetes at the Trondheim Developer Conference (TDC)