Kubectl Nmap

Kubectl Nmap is the fastest way to scan ports inside a Kubernetes cluster without leaving your terminal. No extra nodes. No external tools. Just the certainty of knowing what is open, where, and why.

Combining kubectl with nmap gives direct visibility into your cluster’s network surface. Run Nmap inside a pod, target a service or container, and pull real-time results. It is precise, scriptable, and works with CI pipelines for automated network audits.

Why Kubectl Nmap matters:

• Detect unauthorized open ports in seconds.
• Verify service configurations after deployment.
• Audit cluster security without disrupting workloads.
• Troubleshoot networking issues directly from Kubernetes context.

Basic usage example:

kubectl run nmap --rm -i --tty \
 --image=instrumentisto/nmap -- \
 nmap my-service.default.svc.cluster.local

This launches an ephemeral pod using the Nmap image, scans the target service, and dumps results back to your shell. The pod disappears once done, leaving no footprint.

For broader scans, aim Nmap at a CIDR range inside the cluster:

kubectl run nmap --rm -i --tty \
 --image=instrumentisto/nmap -- \
 nmap 10.244.0.0/16

You can bind these commands into custom kubectl plugins or scripts to integrate with your monitoring stack. Combine with grep, JSON exporters, or alerting tools to catch changes in network exposure.

Security teams use Kubectl Nmap to enforce zero-trust policies inside Kubernetes. DevOps teams embed it into pipeline stages to stop misconfigurations before production. The approach is lightweight, container-native, and plays well in restricted environments.

Ports tell the truth about your cluster. Kubectl Nmap makes them speak.

Run it yourself without the setup hassle—fire up a live Kubernetes environment in minutes at hoop.dev and see Kubectl Nmap in action.