From 73088b825d60171850d196d7b5db1ff3b513ee5b Mon Sep 17 00:00:00 2001
From: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Date: Thu, 7 Oct 2021 15:17:00 -0700
Subject: [PATCH] Document running tcpdump on Consul servers (#11249)

* Document running tcpdump on Consul servers

* Update website/content/docs/troubleshoot/faq.mdx

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
---
 website/content/docs/troubleshoot/faq.mdx | 30 +++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/website/content/docs/troubleshoot/faq.mdx b/website/content/docs/troubleshoot/faq.mdx
index 1013012047..4bc63d5c8f 100644
--- a/website/content/docs/troubleshoot/faq.mdx
+++ b/website/content/docs/troubleshoot/faq.mdx
@@ -20,6 +20,36 @@ option for most teams. Consul supports [upgrading in place](/docs/k8s/upgrade).
 Non-production environments should be upgraded first. If upgrading
 a Consul version, Consul data should be [backed up](https://learn.hashicorp.com/tutorials/consul/kubernetes-disaster-recovery).
 
+### Q: How can I run tcpdump on Consul servers?
+
+First, add the following to your `values.yaml` file so you can `kubectl exec` into
+the Consul server containers as root:
+
+```yaml
+server:
+  securityContext:
+    runAsNonRoot: false
+    runAsGroup: 0
+    runAsUser: 0
+    fsGroup: 0
+```
+
+Run a `helm upgrade` (see [Upgrade Consul on Kubernetes](/docs/k8s/upgrade) for full upgrade instructions).
+
+Now, `kubectl exec` into a server pod:
+
+```shell-session
+$ kubectl exec -it consul-server-0 -- sh
+```
+
+Install `tcpdump`:
+
+```shell-session
+$ apk add --no-cache tcpdump
+$ which tcpdump
+/usr/bin/tcpdump
+```
+
 ## Generic Consul Questions
 
 ### Q: What is Checkpoint? / Does Consul call home?