| #!/bin/bash | |
| set -e | |
| if [ ! -z "$DEBUG" ]; then | |
| set -vx | |
| fi | |
| kubectl get po -a --all-namespaces | grep -v ^NAME | fzf | awk '{ print $1, $2 }' > ns-pod | |
| if [ -z "$(cat ns-pod)" ]; then | |
| exit 1 | |
| fi | |
| ns=$(cat ns-pod | cut -d' ' -f1) | |
| pod=$(cat ns-pod | cut -d' ' -f2) | |
| rm ns-pod | |
| node=$(kubectl get pod $pod --namespace $ns -o json | jq -r .spec.nodeName) | |
| # kubectl get no | grep -v ^NAME | fzf | cut -d' ' -f1 > node-name | |
| # node=$(cat node-name) | |
| if [ -z "$node" ]; then | |
| exit 1 | |
| fi | |
| if [ ! -z "$DEBUG" ] && kubectl get po sysdig-$node > /dev/null 2>&1; then | |
| kubectl delete pod sysdig-$node | |
| sleep 1 | |
| fi | |
| if ! kubectl get po sysdig-$node > /dev/null 2>&1; then | |
| # { | |
| # "name": "SYSDIG_BPF_PROBE", | |
| # "value": "" | |
| # } | |
| kubectl run --image sysdig/sysdig:0.21.0 --restart=Never --overrides=' | |
| { | |
| "spec": { | |
| "hostNetwork": true, | |
| "hostPID": true, | |
| "tolerations": [ | |
| { | |
| "effect": "NoSchedule", | |
| "key": "node-role.kubernetes.io/master" | |
| } | |
| ], | |
| "affinity": { | |
| "nodeAffinity": { | |
| "requiredDuringSchedulingIgnoredDuringExecution": { | |
| "nodeSelectorTerms": [ | |
| { | |
| "matchExpressions": [ | |
| { | |
| "key": "kubernetes.io/hostname", | |
| "operator": "In", | |
| "values": [ | |
| "'$node'" | |
| ] | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| } | |
| }, | |
| "containers": [ | |
| { | |
| "name": "sysdig", | |
| "image": "sysdig/sysdig:latest", | |
| "args": ["/bin/bash"], | |
| "tty": true, | |
| "stdinOnce": true, | |
| "securityContext": { | |
| "privileged": true | |
| }, | |
| "env": [ | |
| { | |
| "name": "SYSDIG_BPF_PROBE", | |
| "value": "" | |
| } | |
| ], | |
| "volumeMounts": [ | |
| { | |
| "mountPath": "/host/var/run/docker.sock", | |
| "name": "host-docker-sock" | |
| }, | |
| { | |
| "mountPath": "/host/dev", | |
| "name": "host-dev" | |
| }, | |
| { | |
| "mountPath": "/host/proc", | |
| "name": "host-proc", | |
| "readOnly": true | |
| }, | |
| { | |
| "mountPath": "/host/boot", | |
| "name": "host-boot", | |
| "readOnly": true | |
| }, | |
| { | |
| "mountPath": "/host/lib/modules", | |
| "name": "host-lib-modules", | |
| "readOnly": true | |
| }, | |
| { | |
| "mountPath": "/host/usr", | |
| "name": "host-usr", | |
| "readOnly": true | |
| }, | |
| { | |
| "mountPath": "/host/etc", | |
| "name": "host-etc", | |
| "readOnly": true | |
| } | |
| ] | |
| } | |
| ], | |
| "volumes": [ | |
| { | |
| "name": "host-docker-sock", | |
| "hostPath": { | |
| "path": "/var/run/docker.sock", | |
| "type": "File" | |
| } | |
| }, | |
| { | |
| "name": "host-dev", | |
| "hostPath": { | |
| "path": "/dev", | |
| "type": "Directory" | |
| } | |
| }, | |
| { | |
| "name": "host-proc", | |
| "hostPath": { | |
| "path": "/proc", | |
| "type": "Directory" | |
| } | |
| }, | |
| { | |
| "name": "host-boot", | |
| "hostPath": { | |
| "path": "/boot", | |
| "type": "Directory" | |
| } | |
| }, | |
| { | |
| "name": "host-lib-modules", | |
| "hostPath": { | |
| "path": "/lib/modules", | |
| "type": "Directory" | |
| } | |
| }, | |
| { | |
| "name": "host-usr", | |
| "hostPath": { | |
| "path": "/usr", | |
| "type": "Directory" | |
| } | |
| }, | |
| { | |
| "name": "host-etc", | |
| "hostPath": { | |
| "path": "/etc", | |
| "type": "Directory" | |
| } | |
| } | |
| ] | |
| } | |
| }' sysdig-$node | |
| fi | |
| if [ ! -z "$DEBUG" ]; then | |
| gtimeout --preserve-status --signal KILL 30 stern --since 1s sysdig-$node | { sed "/Download failed/ q" && kill $$ ;} | |
| fi | |
| if [ -z "$1" ]; then | |
| kubectl exec -it sysdig-$node -- bash | |
| else | |
| kubectl exec -it sysdig-$node -- bash -c "$@" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment