Document running tcpdump on Consul servers (#11249)

* Document running tcpdump on Consul servers * Update website/content/docs/troubleshoot/faq.mdx Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-10-07 15:17:00 -07:00 · 2021-10-07 15:17:00 -07:00 · a11b39194d
parent 35fe21b1b0
commit a11b39194d
1 changed files with 30 additions and 0 deletions
--- a/website/content/docs/troubleshoot/faq.mdx
+++ b/website/content/docs/troubleshoot/faq.mdx
@ -20,6 +20,36 @@ option for most teams. Consul supports [upgrading in place](/docs/k8s/upgrade).
 Non-production environments should be upgraded first. If upgrading
 a Consul version, Consul data should be [backed up](https://learn.hashicorp.com/tutorials/consul/kubernetes-disaster-recovery).

+### Q: How can I run tcpdump on Consul servers?
+
+First, add the following to your `values.yaml` file so you can `kubectl exec` into
+the Consul server containers as root:
+
+```yaml
+server:
+  securityContext:
+    runAsNonRoot: false
+    runAsGroup: 0
+    runAsUser: 0
+    fsGroup: 0
+```
+
+Run a `helm upgrade` (see [Upgrade Consul on Kubernetes](/docs/k8s/upgrade) for full upgrade instructions).
+
+Now, `kubectl exec` into a server pod:
+
+```shell-session
+$ kubectl exec -it consul-server-0 -- sh
+```
+
+Install `tcpdump`:
+
+```shell-session
+$ apk add --no-cache tcpdump
+$ which tcpdump
+/usr/bin/tcpdump
+```
+
 ## Generic Consul Questions

 ### Q: What is Checkpoint? / Does Consul call home?