Skip to content

Instantly share code, notes, and snippets.

@moio

moio/kubectl_node_proc_access.md

Last active January 26, 2024 12:02
Show Gist options
  • Save moio/97c55fd742f407e294d370e4f4876f96 to your computer and use it in GitHub Desktop.
Save moio/97c55fd742f407e294d370e4f4876f96 to your computer and use it in GitHub Desktop.
Download ZIP
kubectl: access a host's /proc filesystem from a (privileged) Pod
Raw
kubectl_node_proc_access.md

kubectl: access a host's /proc filesystem from a (privileged) Pod

export NODE_NAME=35.93.96.175
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: proc-writer
  labels:
    app: proc-writer
spec:
  nodeName: "${NODE_NAME}"
  volumes:
  - name: host-proc
    hostPath:
      path: /proc
  containers:
  - name: alpine
    image: alpine:latest
    command: 
      - "sh"
      - "-c"
      - >
        while true; do
          sleep 3600;
        done
    securityContext:
      privileged: true
    volumeMounts:
        - mountPath: /host-proc
          name: host-proc
EOF

kubectl exec --stdin --tty proc-writer -- /bin/sh
EOF

kubectl wait --for=condition=ready pod -l app=proc-writer 
kubectl exec --stdin --tty proc-writer -- /bin/sh

Then, inside the shell:

# example read from proc
cat /host-proc/sys/kernel/yama/ptrace_scope

# example write to proc
echo 0 > /host-proc/sys/kernel/yama/ptrace_scope
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment