nilic / kubectl-netshoot Goto Github PK
View Code? Open in Web Editor NEWkubectl plugin for spinning up netshoot container for network troubleshooting
License: Apache License 2.0
kubectl plugin for spinning up netshoot container for network troubleshooting
License: Apache License 2.0
As a kubectl-netshoot user,
In order to use strace to debug a program (e.g. infering data sent over an encrypted connection)
I need an kubectl-netshoot option to craft the ephemeral container with a security context such as "securityContext": {"capabilities": {"add": ["SYS_PTRACE"]}},
or
More background into
https://betterprogramming.pub/debugging-kubernetes-pods-deep-dive-d6b2814cd8ce
Unfortunately, I didn’t find a way to pass extra permissions to the ephemeral container from kubectl command. So we will construct and send an HTTP request to kube API server without the use of kubectl command.
curl -v -XPATCH -H "Content-Type: application/json-patch+json" \ 'http://127.0.0.1:8001/api/v1/namespaces/default/pods/nginx-8f458dc5b-wkvq4/ephemeralcontainers' \ --data-binary @- << EOF [{ "op": "add", "path": "/spec/ephemeralContainers/-", "value": { "command":[ "/bin/sh" ], "stdin": true, "tty": true, "image": "nicolaka/netshoot", "name": "debug-strace", "securityContext": {"capabilities": {"add": ["SYS_PTRACE"]}}, "targetContainerName": "nginx" }}] EOF
Now, You can strace without getting permission denied.
Hi,
netshoot is such a timesaver and also your plugin, it would be really nice if you could add the plugin to krew which basically only needs writing a manifest file to add it to the krew plugin index.
https://krew.sigs.k8s.io/docs/developer-guide/distributing-with-krew/
i can also give it a shot because with all the plugins it's much nicer to have a system to automatically update all the plugins, and with hundrets of them already in krew it would be a huge benefit, because imho netshoot is the best debug image out there :)!
Hi. I have a mixed cluster with Linux & Windows-based nodes. netshoot fails when is being scheduled onto Windows node. With plain kubectl I overcome it with the following command:
kubectl run tmp-shell --rm -i --tty --image nicolaka/netshoot --overrides='{ "spec": { "nodeSelector": { "kubernetes.io/os": "linux" } } }'
It would be nice to have this functionality supported in the plugin.
Thanks for sharing this great plugin with the community !
As a kubectl-netshoot user,
In order to inspect mounted volumes in a pod, such as secrets, configmaps or volumes that can be mounted more than once,
I need an kubectl-netshoot option to craft the ephemeral container with volumeMounts from the pod
See kubernetes/kubectl#1071 (comment)
I started crafting some bash + jq script to do so, see WIP at https://github.com/orange-cloudfoundry/paas-templates/issues/1949#issuecomment-1549714130 but this feels snowflake. This seems much better located into kubectl-netshoot
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.