To debug Kubernetes applications, e.g. if pods can reach a service, an interactive container shell including all essential tools is great - a Swiss army knife so to speak. Unfortunately, in popular base images such as Ubuntu, Debian, CentOS, and Busybox essential debugging tools are not included due to image size reduction and security. While this is great in production environments, it is counterproductive for debugging. Here, we presented an approach based on the extended Ubuntu image leodotcloud/swiss-army-knife created by leodotcloud.
Usage
Create Debugging-Pod
Spin up the pod:
kubectl create -n mynamespace -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
name: swiss-army-knife
labels:
app: swiss-army-knife
spec:
containers:
- name: swiss-army-knife
image: leodotcloud/swiss-army-knife:latest
command: ["/bin/sleep", "3650d"]
imagePullPolicy: IfNotPresent
restartPolicy: Always
EOF
Get Interactive Shell
Get access to the container command line and debug your stuff:
kubectl exec -n mynamespace swiss-army-knife -it -- /bin/bash
As an example the following command checks whether the port 3306
(MySQL) is accessible on 10.152.183.115
:
netcat -v -z -w 4 10.152.183.115 3306
Remove Debugging-Pod
After debugging, you can delete the pod:
kubectl delete pod -n mynamespace swiss-army-knife
Tools and Packages
Following tools and packages are included. An up-to-date list is available in the Dockerfile.
- arping
- arptables
- bridge-utils
- ca-certificates
- conntrack
- curl
- dnsutils
- ethtool
- iperf
- iperf3
- iproute2
- ipsec-tools
- ipset
- iptables
- iputils-ping
- jq
- kmod
- ldap-utils
- less
- libpcap-dev
- man
- manpages-posix
- mtr
- net-tools
- netcat
- netcat-openbsd
- openssl
- openssh-client
- psmisc
- socat
- tcpdump
- telnet
- tmux
- traceroute
- tcptraceroute
- tree
- ngrep
- vim
- wget
Top comments (0)