Created
April 16, 2021 15:50
-
-
Save jewzaam/c43ebb616bbb2d1b8accdd415dcff90b to your computer and use it in GitHub Desktop.
kubectl debug poc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| NAMESPACE=default | |
| NODE_NAME=nmalik-dev-ts2v9-worker-eastus21-lnktj | |
| TOKEN_SECRET_NAME=$(oc -n $NAMESPACE get sa default -o json | jq -r '.secrets[] | select(.name | contains("token")) | .name') | |
| DOCKERCFG_SECRET_NAME=$(oc -n $NAMESPACE get sa default -o json | jq -r '.secrets[] | select(.name | contains("dockercfg")) | .name') | |
| IMAGE=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3f968cb0ca3116a7869cb41b4bfcb5ac537ff9d0ea21b3c4b69d8248881a1408 | |
| cat << EOF | kubectl create -f - | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| annotations: | |
| debug.openshift.io/source-container: container-00 | |
| debug.openshift.io/source-resource: /v1, Resource=nodes/$NODE_NAME | |
| name: $NODE_NAME-debug | |
| namespace: $NAMESPACE | |
| spec: | |
| containers: | |
| - command: | |
| - /bin/sh | |
| image: $IMAGE | |
| imagePullPolicy: IfNotPresent | |
| name: container-00 | |
| resources: {} | |
| securityContext: | |
| privileged: true | |
| runAsUser: 0 | |
| stdin: true | |
| stdinOnce: true | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| tty: true | |
| volumeMounts: | |
| - mountPath: /host | |
| name: host | |
| - mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
| name: $TOKEN_SECRET_NAME | |
| readOnly: true | |
| dnsPolicy: ClusterFirst | |
| enableServiceLinks: true | |
| hostNetwork: true | |
| hostPID: true | |
| imagePullSecrets: | |
| - name: $DOCKERCFG_SECRET_NAME | |
| nodeName: $NODE_NAME | |
| preemptionPolicy: PreemptLowerPriority | |
| priority: 0 | |
| restartPolicy: Never | |
| schedulerName: default-scheduler | |
| securityContext: {} | |
| serviceAccount: default | |
| serviceAccountName: default | |
| terminationGracePeriodSeconds: 30 | |
| tolerations: | |
| - effect: NoExecute | |
| key: node.kubernetes.io/not-ready | |
| operator: Exists | |
| tolerationSeconds: 300 | |
| - effect: NoExecute | |
| key: node.kubernetes.io/unreachable | |
| operator: Exists | |
| tolerationSeconds: 300 | |
| volumes: | |
| - hostPath: | |
| path: / | |
| type: Directory | |
| name: host | |
| - name: $TOKEN_SECRET_NAME | |
| secret: | |
| defaultMode: 420 | |
| secretName: $TOKEN_SECRET_NAME | |
| EOF | |
| sleep 5 | |
| echo "To use host binaries, run 'chroot /host'" | |
| trap "kubectl -n $NAMESPACE delete pod/$NODE_NAME-debug --wait=false" EXIT | |
| kubectl -n $NAMESPACE rsh $NODE_NAME-debug |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment