Troubleshooting using swimlane-tools pod

the swimlane application container images such as swimlane web, swimlane tasks, and swimlane api by design are lightweight and do not include the basic utilities such as curl, telnet, ping, nslookup, etc the reduced image size helps speed up the building and deploying of the containers to make troubleshooting easier, the swimlane platform installer includes a swimlane tools container that can be used for diagnosing the most common issues, especially for air gapped/offline installs this would include, for example, tools like telnet, nslookup, curl, netcat, mtr, tcptraceroute (to test network connectivity), ldapsearch (for ldap issues), mongo client, and other useful utilities accessing the swimlane tools container there are few ways to execute into the container here are two options kubectl n \<swimlane namespace> get pods kubectl exec it \<swimlane tools pod> /bin/bash available tools the container includes the following tools debian linux apt tools curl dnsutils htop iftop iotop iputils ping jq ldap utils mtr nano net tools netcat ngrep nmap nmon openssl procps snmp sysstat tcpdump tcptrace tcptraceroute telnet traceroute tshark vim wget gnupg python3 python3 pip for a full list of installed packages, run ‘ apt list installed ’ examples root\@swimlane tools fdd568c9d m9vgk /# traceroute n sw api traceroute to sw api (10 96 2 208), 30 hops max, 60 byte packets1 10 96 2 208 0 095 ms 0 050 ms 0 043 ms root\@swimlane tools fdd568c9d m9vgk /# nslookup swimlane sw mongo server 10 96 0 10address 10 96 0 10#53 name\ swimlane sw mongo default svc cluster localaddress 10 32 0 17 root\@swimlane tools fdd568c9d m9vgk /# python3 python 3 7 3 (default, jul 25 2020, 13 03 44) \[gcc 8 3 0] on linux type "help", "copyright", "credits" or "license" for more information import socket print(socket gethostbyname ex('swimlane com')) ('swimlane com', \[], \['172 67 147 162', '104 21 47 122']) import requests requests get('https //swimlane com') \<response \[200]> import certifi certifi where() '/usr/local/lib/python3 7/dist packages/certifi/cacert pem' exit() test port connectivity using nc tcp nc z v \[hostname/ip address] \[port number] udp nc z v u \[hostname/ip address] \[port number] root\@swimlane tools fdd568c9d m9vgk /# nc z v sw api 5000 sw api default svc cluster local \[10 96 2 208] 5000 (?) open root\@swimlane tools fdd568c9d m9vgk /# nc z v swimlane sw mongo 27017 swimlane sw mongo default svc cluster local \[10 32 0 12] 27017 (?) open root\@swimlane tools fdd568c9d m9vgk /# nc z v sw web 443 sw web default svc cluster local \[10 96 1 116] 443 (https) open use openssl s client to check and verify ssl/tls connectivity open an ssl connection and print the ssl certificate openssl s client connect \<hostname or ip> \<port> print all certificates in the certificate chain presented by the ssl service this is useful when troubleshooting missing intermediate ca certificate issues openssl s client connect \<hostname or ip> \<port> showcerts to specify the tls version in the connection for testing various protocols openssl s client connect \<hostname or ip> \<port> tls1 3 for more information, see openssl s client commands man page in the openssl toolkit mongodb client and tools mongo shell root\@swimlane tools fdd568c9d m9vgk /# mongo u admin p host swimlane sw mongo port 27017 authenticationdatabase admin tls tlsallowinvalidcertificates admin mongodb backup and restore script root\@swimlane tools fdd568c9d m9vgk /# python3 /usr/local/bin/backup restore ha py h usage backup restore ha py \[ h] \[ v] \[ cert cert] {backup,restore} positional arguments {backup,restore} backup backup command restore restore command optional arguments h, help show this help message and exit v, verbose logging verbosity level \ cert cert location of mongo pem certificate root\@swimlane tools fdd568c9d m9vgk /# python3 /usr/local/bin/backup restore ha py backup root\@swimlane tools fdd568c9d m9vgk /# python3 /usr/local/bin/backup restore ha py restore test internet connectivity $ env | grep i proxy $ curl i https //www virustotal com $ kubectl n \<swimlane namespace> exec swimlane tools 0 curl i https //www virustotal com \# run the test connection script from the host $ python m pip install requests $ vi test connection py \# add the following content \# begin import requests \# initializing url url = "https //www virustotal com" proxy = {'http proxy' 'http //internet example com 83', 'https proxy' 'http //internet example com 83'} verify = false timeout = 60 try \# requesting url request = requests get(url, proxies=proxy, verify=verify, timeout=timeout) print("internet is on") \# catching exception except (requests connectionerror, requests timeout) as exception print("internet is off") \# end \# copy the same script to the tasks pod and test $ kubectl n \<swimlane namespace> cp test connection py \<swimlane tasks pod> /tmp/test connection py \# run from the container $ kubectl n \<swimlane namespace> exec it \<swimlane tasks pod> /bin/bash \# inside the container python /tmp/test connection py exit tcpdump \# run the following command on each of the node sudo tcpdump i any host \<fqdn> sudo tcpdump i any src host quay io and "tcp\[tcpflags] & (tcp syn) != 0" and "tcp\[tcpflags] & (tcp ack) == 0" \# wait for few mins to see if any traffic is being sent to \<host> and identify the source \# control c to break