List Open Ports of a Kubernetes Pod

Recently I wanted to confirm that a service inside a Kubernetes pod is listening on localhost only. Normally, I’d run ss -lntp to list all open TCP ports, however, ss is not installed inside the container. At first, I tried to make sense of /proc/net/tcp, but it didn’t show me all open ports (not sure why though?). After a bit of searching, I found nsenter:

# On the host, find the PID of the application running inside the container
ps ax | grep my-application

# List open TCP ports
sudo nsenter -t <pid> -n ss -lntp

The above command enters the network namespace of the container and executes ss (installed on the host). This also works with docker-in-docker situations, e.g. when running Minikube or KinD.