Which PID is using a PORT inside a k8s pod without net tools Which PID is using a PORT inside a k8s pod without net tools docker docker

Which PID is using a PORT inside a k8s pod without net tools


linux docker kubernetes pid inode

The issue is solved by adding the POSIX capability: CAP_SYS_PTRACE

I'm my case the container are under kubernetes orchestration.

this reference explains about kubectl and POSIX Capabilities

So I have

root@jitsi-55584f98bf-6cwpn:/# cat /proc/1/status | grep CapCapInh: 00000000a80425fbCapPrm: 00000000a80425fbCapEff: 00000000a80425fbCapBnd: 00000000a80425fbCapAmb: 0000000000000000

So I careful read the POSIX Capabilities Manual. But even adding CAP_SYS_ADMIN, the PID does not appear on netstat. So I tested all capabilities. CAP_SYS_PTRACE is The Chosen One

root@jitsi-65c6b5d4f7-r546h:/# cat /proc/1/status | grep CapCapInh: 00000000a80c25fbCapPrm: 00000000a80c25fbCapEff: 00000000a80c25fbCapBnd: 00000000a80c25fbCapAmb: 0000000000000000

So here my deployment spec change:

...spec:  ...  template:    ...    spec:      ...      containers:        ...        securityContext:          capabilities:            add:            - SYS_PTRACE...

Yet I don't know what security reasons selinux use to do it. But for now it's good enough for me.

References:

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last