Skip to content

Instantly share code, notes, and snippets.

@goncalomb
Last active October 6, 2022 10:58
Show Gist options
  • Save goncalomb/3ab822b4d1cffb207d50807e24427081 to your computer and use it in GitHub Desktop.
Save goncalomb/3ab822b4d1cffb207d50807e24427081 to your computer and use it in GitHub Desktop.
Open a root shell on a Kubernetes cluster Node (no ssh).
#!/bin/sh
# Copyright (c) 2019 Gonçalo Baltazar <me@goncalomb.com>
# MIT License
# Open a root shell on a Kubernetes cluster Node (no ssh).
# It uses a privileged container to unlock Linux capabilities and chroot to
# change into the root filesystem of the Node for full access.
# The Node is selected using the 'kubernetes.io/hostname' label.
# usage: k8s-node-gate.sh <node-hostname>
set -e
NODE_HOSTNAME=$1
kubectl run "node-gate-"$NODE_HOSTNAME -it --rm --restart=Never --attach --image=busybox --overrides '
{
"spec": {
"nodeSelector": {
"kubernetes.io/hostname": "'$NODE_HOSTNAME'"
},
"hostPID": true,
"hostIPC": true,
"hostNetwork": true,
"containers": [
{
"name": "node-gate",
"image": "busybox",
"stdin": true,
"tty": true,
"command": [
"chroot", "/mnt/host"
],
"securityContext": {
"privileged": true
},
"volumeMounts": [
{
"name": "host",
"mountPath": "/mnt/host"
}
]
}
],
"tolerations": [
{
"effect": "NoSchedule",
"operator": "Exists"
}
],
"volumes": [
{
"name": "host",
"hostPath": {
"path": "/"
}
}
]
}
}
'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment