What to do when you need more than just
ping to reach a container.
We know that the idea behind a Docker container is that it should have just enough software to run a particular process or service. For example a web server, Java application server or database server.
Images are designed to be very minimalistic and lean in nature. If a container should only run a single process all its life, why bother filling it up with unused software? Great! But because they are lean, they can also be difficult to troubleshoot.
I have many times needed more than just
ping to reach a container running on a particular host on a particular container network.
Recently I was working on a Kubernetes cluster with service names set up using the SkyDNS addon. But I was not able to resolve the service names. I had nginx running as a container and being minimalistic by nature, it had no tools inside it except
ping. I installed
nslookup with the usual
apt-get update and
apt-get install dnsutils. But it was still not giving me enough information about name resolution. I was not until I installed
dig that I figured out what was going on. It took me many container starts and
apt-get commands before things got clear.
It was a nasty itch and I needed a solution.
Being a big fan and user of multitools, such as the Leatherman Wave that I carry with me as EDC, I wanted a container image with all the necessary tools installed in it. One I could use at will, without getting into the
apt-get mess. I also wanted the image to run as a standard pod, so I could achieve two things:
- I would always have a web service to test my connections
- I would just
docker exec bashinto it and not have to remember complex
kubectlcommands to run it in interactive mode
I went ahead and created praqma/network-multitool. I am a Red Hat fan so I based my image on
centos:7 . Initially I had Apache as web server, but later I replaced it with nginx - it is very light weight and fast.
The image can be used in any container environment. Here are a few examples of how you can use it.
On a Docker host
[kamran@kworkhorse ~]$ docker run --rm -it praqma/network-multitool bash [root@92288413e051 /]# nslookup yahoo.com Server: 192.168.100.1 Address: 192.168.100.1#53 Non-authoritative answer: Name: yahoo.com Address: 18.104.22.168 Name: yahoo.com Address: 22.214.171.124 Name: yahoo.com Address: 126.96.36.199 [root@92288413e051 /]#
[kamran@kworkhorse ~]$ docker run -P -d praqma/network-multitool a76d156c674f2b61c9b9fb10f87c645620c4fcbe88a13162546379abc9a87f14 [kamran@kworkhorse ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a76d156c674f praqma/network-multitool "/start_nginx.sh" 31 seconds ago Up 30 seconds 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp silly_franklin [kamran@kworkhorse ~]$ docker exec -it silly_franklin bash [root@a76d156c674f /]# curl -I yahoo.com HTTP/1.1 301 Redirect Date: Sun, 16 Apr 2017 16:09:20 GMT Via: https/1.1 ir28.fp.ne1.yahoo.com (ApacheTrafficServer) Server: ATS Location: https://www.yahoo.com/ Content-Type: text/html Content-Language: en Cache-Control: no-store, no-cache Connection: keep-alive Content-Length: 304 [root@a76d156c674f /]#
In a Kubernetes cluster
First run the container image as a deployment:
[kamran@kworkhorse ~]$ kubectl run multitool --image=praqma/network-multitool deployment "multitool" created [kamran@kworkhorse ~]$
Then find the pod name and connect to it in interactive mode:
[kamran@kworkhorse ~]$ kubectl get pods NAME READY STATUS RESTARTS AGE multitool-2814616439-hd8p6 1/1 Running 0 1m [kamran@kworkhorse ~]$ kubectl exec -it multitool-2814616439-hd8p6 bash [root@multitool-2814616439-hd8p6 /]# traceroute google.com traceroute to google.com (188.8.131.52), 30 hops max, 60 byte packets 1 gateway (10.112.1.1) 0.044 ms 0.014 ms 0.009 ms 2 wa-in-f102.1e100.net (184.108.40.206) 0.716 ms 0.701 ms 0.896 ms [root@multitool-2814616439-hd8p6 /]# exit exit [kamran@kworkhorse ~]$
Creating this network multitool image has completely soothed my itch. Now I use it to solve all sorts of problems. Packet capture,
curl - you name it! I hope you will enjoy using this multitool as much as we do at Praqma.