A few of use were talking about the differences between Linux distributions over on the Hub Discussion board and as always our talk wandered into other areas and corners. One of the things we discussed were minimal installs that you can do with Linux distros. This led me to comment that containers are even more minimal and that for some strange reason made me remember some CKS training about not letting the bad folks get too many privileges/access/or even have a working shell inside your containers as they can do bad things.
So here is an amateur demo.
First we create a simple nginx pod:
k run nginx --image=nginx
Next lets see if we can get a simple shell in the pod:
k exec nginx -it -- sh
Not only is there a shell but there is also a bash shell :)
bash
Now lets say we want to sniff the cluster network, lets try tcpdump
tcpdump
No luck there is no tcpdump binary. Never fear Bad Burke is here!!
Lets try doing an apt update:
apt update
Right that is good 
May I now be so bold as to try and install my beloved little sniffer?
apt install tcpdump
It is asking me to confirm.. I should have just used -y but this has more “shock and awe” value.
Obviously we choose Y.
Looks like it went and installed tcpdump and all of its dependencies.
To use tcpdump you need to tell it which interface I believe but what would that be in an nginx container?
A bit of googling and I know where to look:
/sys/class/net/
Ok so good old eth0
So let’s go for it:
tcpdump -i eth0
Not much happening. This is to be honest Burke’s boring Rancher Desktop on his laptop where nothing exciting ever happens only work. So lets open another terminal and try and generate some cluster traffic:
Open new terminal and type:
k get pods
Now let’s head back to our nginx bash shell and check out tcpdump:
Boom! look at that action. Hey it seems that Mr. Burke has Kasten installed on this cluster judging by the intercept.. that means he is aware of data protection and security. Most l likely he also follows
Good writeup Geoff.