Implementation of a Kubernetes Pod with a sidecar container to collect 24-hour rolling TCP Dump traces. Trace files are stored in an Azure Files Volume for easy retrieval. Ideal for constrained environments where terminal access to the node or pod is not possible.

1. Build the TCP Dump sidecar container using the Dockerfile in the repository
2. Push the image to your preferred container registry
3. Update the deployment.yaml file to set image: {{ SERVICE-IMAGE }} to contain the image you want to collect network traces from when it runs
4. Update the deployment.yaml file to set image: {{ TCPDUMP-IMAGE }} to the TCP Dump sidecar image pushed to your container registry
5. Deploy the yaml file using kubectl or your CI/CD pipelines.

• This is designed to run on Azure Kubernetes Service, but can be adapted to run on any Kubernetes cluster.
• If the base image in the Dockerfile is changed, ensure the utility installation step is also updated to use the approapriate package manager or installation method.

• Namespace: tcpdump-sidecar-ns
• StorageClass: tcp-dump-results (Azure File)
• PersistentVolumeClaim: tcp-dump-results
• Deployment
  • service container - the service you want to collect TCP Dumps from
  • tcpdump container - the sidecar collecting the trace and sending to the volume

• TCPDump Man Pages
• Sidecar Pattern