Inspect kernel-level networking configuration on OpenShift/Kubernetes nodes using oc debug
This skill provides utilities for inspecting kernel-level networking configuration on OpenShift/Kubernetes nodes using oc debug.
The skill enables interaction with kernel networking tools on Kubernetes nodes without requiring SSH access. It uses oc debug to create ephemeral containers with host network access and executes kernel commands in the host's namespace.
Executes ip commands to inspect routing tables, network devices, and interfaces.
Script: node-kernel-ip.sh
Usage:
./node-kernel-ip.sh <node> <image> --command <cmd> [--options <opts>] [--filter <params>]
Example:
./node-kernel-ip.sh worker-1 registry.redhat.io/rhel9/support-tools --command "route show"
Executes iptables or ip6tables commands to inspect packet filter rules.
Script: node-kernel-iptables.sh
Usage:
./node-kernel-iptables.sh <node> <image> --command <cmd> [--table <table>] [--filter <params>]
Example:
./node-kernel-iptables.sh worker-1 registry.redhat.io/rhel9/support-tools --command "-L POSTROUTING" --table nat --filter "-nv4"
Executes nft commands to inspect nftables packet filtering and classification rules.
Script: node-kernel-nft.sh
Usage:
./node-kernel-nft.sh <node> <image> --command <cmd> [--family <family>]
Example:
./node-kernel-nft.sh worker-1 registry.redhat.io/rhel9/support-tools --command "list tables" --family inet
Executes conntrack commands or reads /proc/net/nf_conntrack to inspect connection tracking entries.
Script: node-kernel-conntrack.sh
Usage:
./node-kernel-conntrack.sh <node> <image> [--command <cmd>] [--filter <params>]
Example:
./node-kernel-conntrack.sh worker-1 registry.redhat.io/rhel9/support-tools --command "-L" --filter "-s 1.2.3.4"
The kernel-helper.sh script provides shared functions:
check_utility_exists: Verifies a utility exists in the debug imageexecute_kernel_command: Executes commands on a node via oc debugfilter_warnings: Removes common oc debug warning messages from outputvalidate_node_exists: Validates node name exists in clusterdetect_and_set_kubeconfig: Auto-detects and configures kubeconfigAll commands ensure:
oc debug warnings are filtered out automatically using improved regex patternsThe execute_kernel_command() function explicitly captures all output from oc debug and filters warnings before returning results, ensuring:
grep -E with multiple patterns for efficiency|| cat fallback ensures output passes through even if no warnings are foundprintf for reliable data flow