Skip to content

Instantly share code, notes, and snippets.

@jcpowermac
Created March 3, 2021 20:53
Show Gist options
  • Save jcpowermac/88f5ec430577de52cd1d8f126ac4f789 to your computer and use it in GitHub Desktop.
Save jcpowermac/88f5ec430577de52cd1d8f126ac4f789 to your computer and use it in GitHub Desktop.
Running kubectl-trace in openshift

kubectl trace in openshift

trace runs as a Job, if there are problems look there: oc get jobs.

oc trace run  --serviceaccount=kubectltrace pod/machine-api-controllers-56db5fcc9c-n9f4d -c machine-controller -f vsphere-session.bt 
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubectltrace
namespace: openshift-machine-api
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: kubectltrace
spec:
fsGroup:
rule: RunAsAny
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
allowedCapabilities:
- '*'
hostPID: true
hostIPC: true
hostNetwork: true
hostPorts:
- min: 1
max: 65536
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubectltrace-psp
rules:
- apiGroups:
- policy
- security.openshift.io
resources:
- podsecuritypolicies
- securitycontextconstraints
resourceNames:
- kubectltrace
- privileged
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubectltrace-psp
subjects:
- kind: ServiceAccount
name: kubectltrace
namespace: openshift-machine-api
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubectltrace-psp
#!/usr/bin/env bpftrace
uprobe:/proc/$container_pid/exe:"github.com/vmware/govmomi/session.(*Manager).SessionIsActive",
uprobe:/proc/$container_pid/exe:"github.com/openshift/machine-api-operator/pkg/controller/vsphere/session.GetOrCreate",
uprobe:/proc/$container_pid/exe:"github.com/vmware/govmomi.NewClient"
{
@[probe] = count();
}
interval:s:600
{
exit();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment