├── debug-pod.yaml
├── README.md
└── docker-veth.sh


/debug-pod.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: debug-pod
 5 |   labels:
 6 |     app: debug
 7 | spec:
 8 |   hostNetwork: true
 9 |   hostPID: true
10 |   containers:
11 |   - name: debug-pod
12 |     image: samos123/docker-toolbox:latest
13 |     command: [ "/bin/bash", "-c", "--" ]
14 |     args: [ "while true; do sleep 30; done;" ]
15 |     volumeMounts:
16 |       - name: dockersock
17 |         mountPath: "/var/run/docker.sock"
18 |     securityContext:
19 |       allowPrivilegeEscalation: true
20 |       privileged: true
21 |       capabilities:
22 |         add: ["NET_ADMIN"]
23 |   volumes:
24 |   - name: dockersock
25 |     hostPath:
26 |       path: /var/run/docker.sock
27 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Find veth interface of docker containers
 2 | 
 3 | This repository contains a script for finding the veth interfaces of every
 4 | container. For example you might see a lot of veth interfaces on a K8s node/
 5 | docker host, but you can't figure out which namespace or container the veth
 6 | interface is associated with. This info can be helpful while debugging.
 7 | The script `docker-veth.sh` can be run from a privileged container on the same
 8 | node.
 9 | 
10 | ### Usage on K8s
11 | Run a privileged pod using the samos123/docker-toolbox image that already
12 | contains this script and other useful troubleshooting tools.
13 | 
14 | ```
15 | kubectl apply -f debug-pod.yaml
16 | kubectl exec debug-pod -t -i bash
17 | docker-veth.sh
18 | ```
19 | 


--------------------------------------------------------------------------------
/docker-veth.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | 
 4 | usage () {
 5 |     cat <<HELP_USAGE
 6 | 
 7 |     $0  Show the veth interface associated of containers
 8 | 
 9 |     Examples:
10 | 
11 |     $0 # shows all containers
12 |     $0 --filter "name=nginx" # filter containers
13 | 
14 |     See docker ps --help docs for more info on filters
15 | 
16 | HELP_USAGE
17 | }
18 | 
19 | case "$1" in
20 |     -h|--help)
21 |     usage
22 |     exit 0
23 |     ;;
24 |     *)
25 |     ;;
26 | esac
27 | 
28 | veth=""
29 | 
30 | containers=$(docker ps --format '{{.ID}} {{.Names}}' "$@")
31 | 
32 | get_veth () {
33 |     # This function expects docker container ID as the first argument
34 |     veth=""
35 |     networkmode=$(docker inspect -f "{{.HostConfig.NetworkMode}}" $1)
36 |     if [ "$networkmode" == "host" ]; then
37 |         veth="host"
38 |     else
39 |         pid=$(docker inspect --format '{{.State.Pid}}' "$1")
40 |         ifindex=$(nsenter -t $pid -n ip link | sed -n -e 's/.*eth0@if\([0-9]*\):.*/\1/p')
41 |         if [ -z "$ifindex" ]; then
42 |             veth="not found"
43 |         else
44 |             veth=$(ip -o link | grep ^$ifindex | sed -n -e 's/.*\(veth[[:alnum:]]*@if[[:digit:]]*\).*/\1/p')
45 |         fi
46 |     fi
47 | }
48 | 
49 | while IFS= read -r line
50 | do
51 |     containerid=$(echo $line | awk '{ print $1 }')
52 |     get_veth $containerid
53 |     echo "$veth $line"
54 | done <<< "$containers"
55 | 


--------------------------------------------------------------------------------