├── .devcontainer └── devcontainer.json ├── .github ├── dependabot.yml └── workflows │ ├── anchore-syft.yml │ ├── docker-publish.yml │ ├── scorecard.yml │ └── snyk-container.yml ├── .gitignore ├── .hadolint.yaml ├── Dockerfile ├── Dockerfile-stream8 ├── Makefile ├── README.md ├── deployment-debug-container.yaml ├── motd ├── pod-debug-container.yaml └── pod-ocp-debug-container.yaml /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | // For format details, see https://aka.ms/devcontainer.json. For config options, see the 2 | // README at: https://github.com/devcontainers/templates/tree/main/src/docker-existing-dockerfile 3 | { 4 | "name": "Containerfile from debug-container", 5 | "build": { 6 | // Sets the run context to one level up instead of the .devcontainer folder. 7 | "context": "..", 8 | // Update the 'dockerFile' property if you aren't using the standard 'Dockerfile' filename. 9 | "dockerfile": "../Dockerfile" 10 | }, 11 | 12 | "runArgs": [ 13 | "--privileged" 14 | ], 15 | // "runArgs": [ 16 | // "--cap-add=sys_admin", 17 | // "--security-opt", 18 | // "seccomp=unconfined", 19 | // "--device", 20 | // "/dev/fuse", 21 | // "--security-opt", 22 | // "label=disable", 23 | // "--security-opt", 24 | // "apparmor=unconfined" 25 | // ], 26 | // Features to add to the dev container. More info: https://containers.dev/features. 27 | // "features": {}, 28 | 29 | // Use 'forwardPorts' to make a list of ports inside the container available locally. 30 | // "forwardPorts": [], 31 | 32 | // Uncomment the next line to run commands after the container is created. 33 | "postCreateCommand": "cat /etc/os-release" 34 | 35 | // Configure tool-specific properties. 36 | // "customizations": {}, 37 | 38 | // Uncomment to connect as an existing user other than the container default. More info: https://aka.ms/dev-containers-non-root. 39 | // "remoteUser": "devcontainer" 40 | } 41 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for more information: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | # https://containers.dev/guide/dependabot 6 | 7 | version: 2 8 | updates: 9 | - package-ecosystem: "devcontainers" 10 | directory: "/" 11 | schedule: 12 | interval: weekly 13 | -------------------------------------------------------------------------------- /.github/workflows/anchore-syft.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | 6 | # This workflow checks out code, builds an image, performs a container image 7 | # scan with Anchore's Syft tool, and uploads the results to the GitHub Dependency 8 | # submission API. 9 | 10 | # For more information on the Anchore sbom-action usage 11 | # and parameters, see https://github.com/anchore/sbom-action. For more 12 | # information about the Anchore SBOM tool, Syft, see 13 | # https://github.com/anchore/syft 14 | name: Anchore Syft SBOM scan 15 | 16 | on: 17 | push: 18 | branches: [ "master" ] 19 | 20 | permissions: 21 | contents: write 22 | 23 | jobs: 24 | Anchore-Build-Scan: 25 | permissions: 26 | contents: write # required to upload to the Dependency submission API 27 | runs-on: ubuntu-latest 28 | steps: 29 | - name: Checkout the code 30 | uses: actions/checkout@v3 31 | - name: Build the Docker image 32 | run: docker build . --file Dockerfile --tag localbuild/testimage:latest 33 | - name: Scan the image and upload dependency results 34 | uses: anchore/sbom-action@bb716408e75840bbb01e839347cd213767269d4a 35 | with: 36 | image: "localbuild/testimage:latest" 37 | artifact-name: image.spdx.json 38 | dependency-snapshot: true 39 | -------------------------------------------------------------------------------- /.github/workflows/docker-publish.yml: -------------------------------------------------------------------------------- 1 | name: Docker 2 | 3 | on: 4 | schedule: 5 | - cron: '30 19 * * 0' 6 | push: 7 | branches: [ "master" ] 8 | tags: [ 'v*.*.*' ] 9 | pull_request: 10 | branches: [ "master" ] 11 | 12 | env: 13 | REGISTRY: ghcr.io 14 | IMAGE_NAME: ${{ github.repository }} 15 | 16 | jobs: 17 | build: 18 | runs-on: ubuntu-latest 19 | permissions: 20 | contents: read 21 | packages: write 22 | id-token: write 23 | 24 | steps: 25 | - name: Checkout repository 26 | uses: actions/checkout@v4 27 | 28 | - name: Install cosign 29 | if: github.event_name != 'pull_request' 30 | uses: sigstore/cosign-installer@v3.3.0 31 | with: 32 | cosign-release: 'v2.2.2' 33 | 34 | - name: Set up Docker Buildx 35 | uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 36 | 37 | - name: Log into registry ${{ env.REGISTRY }} 38 | if: github.event_name != 'pull_request' 39 | uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d 40 | with: 41 | registry: ${{ env.REGISTRY }} 42 | username: ${{ github.actor }} 43 | password: ${{ secrets.GITHUB_TOKEN }} 44 | 45 | - name: Extract Docker metadata 46 | id: meta 47 | uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 48 | with: 49 | images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 50 | tags: | 51 | type=raw,value=v{{date 'YYYYMMDD'}} 52 | type=raw,value=latest 53 | 54 | - name: Build and push Docker image 55 | id: build-and-push 56 | uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 57 | with: 58 | context: . 59 | push: ${{ github.event_name != 'pull_request' }} 60 | tags: ${{ steps.meta.outputs.tags }} 61 | labels: ${{ steps.meta.outputs.labels }} 62 | cache-from: type=gha 63 | cache-to: type=gha,mode=max 64 | platforms: linux/amd64,linux/arm64 65 | 66 | - name: Sign the published Docker image 67 | if: ${{ github.event_name != 'pull_request' }} 68 | env: 69 | TAGS: ${{ steps.meta.outputs.tags }} 70 | DIGEST: ${{ steps.build-and-push.outputs.digest }} 71 | run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} 72 | -------------------------------------------------------------------------------- /.github/workflows/scorecard.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. They are provided 2 | # by a third-party and are governed by separate terms of service, privacy 3 | # policy, and support documentation. 4 | 5 | name: Scorecard supply-chain security 6 | on: 7 | # For Branch-Protection check. Only the default branch is supported. See 8 | # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection 9 | branch_protection_rule: 10 | # To guarantee Maintained check is occasionally updated. See 11 | # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained 12 | schedule: 13 | - cron: '15 7 * * 3' 14 | push: 15 | branches: [ "master" ] 16 | 17 | # Declare default permissions as read only. 18 | permissions: read-all 19 | 20 | jobs: 21 | analysis: 22 | name: Scorecard analysis 23 | runs-on: ubuntu-latest 24 | permissions: 25 | # Needed to upload the results to code-scanning dashboard. 26 | security-events: write 27 | # Needed to publish results and get a badge (see publish_results below). 28 | id-token: write 29 | # Uncomment the permissions below if installing in a private repository. 30 | # contents: read 31 | # actions: read 32 | 33 | steps: 34 | - name: "Checkout code" 35 | uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 36 | with: 37 | persist-credentials: false 38 | 39 | - name: "Run analysis" 40 | uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 41 | with: 42 | results_file: results.sarif 43 | results_format: sarif 44 | # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: 45 | # - you want to enable the Branch-Protection check on a *public* repository, or 46 | # - you are installing Scorecard on a *private* repository 47 | # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. 48 | # repo_token: ${{ secrets.SCORECARD_TOKEN }} 49 | 50 | # Public repositories: 51 | # - Publish results to OpenSSF REST API for easy access by consumers 52 | # - Allows the repository to include the Scorecard badge. 53 | # - See https://github.com/ossf/scorecard-action#publishing-results. 54 | # For private repositories: 55 | # - `publish_results` will always be set to `false`, regardless 56 | # of the value entered here. 57 | publish_results: true 58 | 59 | # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF 60 | # format to the repository Actions tab. 61 | - name: "Upload artifact" 62 | uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 63 | with: 64 | name: SARIF file 65 | path: results.sarif 66 | retention-days: 5 67 | 68 | # Upload the results to GitHub's code scanning dashboard (optional). 69 | # Commenting out will disable upload of results to your repo's Code Scanning dashboard 70 | - name: "Upload to code-scanning" 71 | uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 72 | with: 73 | sarif_file: results.sarif 74 | -------------------------------------------------------------------------------- /.github/workflows/snyk-container.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | 6 | # A sample workflow which checks out the code, builds a container 7 | # image using Docker and scans that image for vulnerabilities using 8 | # Snyk. The results are then uploaded to GitHub Security Code Scanning 9 | # 10 | # For more examples, including how to limit scans to only high-severity 11 | # issues, monitor images for newly disclosed vulnerabilities in Snyk and 12 | # fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/ 13 | 14 | name: Snyk Container 15 | 16 | on: 17 | push: 18 | branches: [ "master" ] 19 | pull_request: 20 | # The branches below must be a subset of the branches above 21 | branches: [ "master" ] 22 | schedule: 23 | - cron: '26 16 * * 1' 24 | 25 | permissions: 26 | contents: read 27 | 28 | jobs: 29 | snyk: 30 | permissions: 31 | contents: read # for actions/checkout to fetch code 32 | security-events: write # for github/codeql-action/upload-sarif to upload SARIF results 33 | actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status 34 | runs-on: ubuntu-latest 35 | steps: 36 | - uses: actions/checkout@v3 37 | - name: Build a Docker image 38 | run: docker build -t ghcr.io/pichuang/debug-container . 39 | - name: Run Snyk to check Docker image for vulnerabilities 40 | # Snyk can be used to break the build when it detects vulnerabilities. 41 | # In this case we want to upload the issues to GitHub Code Scanning 42 | continue-on-error: true 43 | uses: snyk/actions/docker@master 44 | env: 45 | # In order to use the Snyk Action you will need to have a Snyk API token. 46 | # More details in https://github.com/snyk/actions#getting-your-snyk-token 47 | # or you can signup for free at https://snyk.io/login 48 | SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} 49 | with: 50 | image: ghcr.io/pichuang/debug-container 51 | args: --file=Dockerfile 52 | - name: Upload result to GitHub Code Scanning 53 | uses: github/codeql-action/upload-sarif@v3 54 | with: 55 | sarif_file: snyk.sarif 56 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .vscode/* 2 | -------------------------------------------------------------------------------- /.hadolint.yaml: -------------------------------------------------------------------------------- 1 | failure-threshold: error 2 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker.io/docker/dockerfile-upstream:1.9.0 2 | # check=error=true 3 | 4 | FROM quay.io/centos/centos:stream9 5 | LABEL org.opencontainers.image.title="Debug Container" \ 6 | org.opencontainers.image.authors="Phil Huang " \ 7 | org.opencontainers.image.source="https://github.com/pichuang/debug-container" \ 8 | org.opencontainers.image.description="A short and concise Container Troubleshooting Tool that is updated daily" \ 9 | org.opencontainers.image.vendor="divecode.in" \ 10 | org.opencontainers.image.url="ghcr.io/pichuang/debug-container:master" \ 11 | org.opencontainers.image.documentation="https://github.com/pichuang/debug-container" 12 | 13 | # Install packages and clean up in one layer 14 | # hadolint ignore=DL3033 15 | RUN yum -y install epel-release && \ 16 | rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 && \ 17 | yum -y update && \ 18 | yum -y --allowerasing install \ 19 | python3.11 \ 20 | python3.11-pip \ 21 | iputils \ 22 | mtr \ 23 | net-tools \ 24 | htop \ 25 | vim \ 26 | git \ 27 | bind-utils \ 28 | iproute \ 29 | nmap-ncat \ 30 | wget \ 31 | curl \ 32 | tcpdump \ 33 | sysstat \ 34 | numactl \ 35 | hping3 \ 36 | dnsperf \ 37 | jq \ 38 | speedtest-cli \ 39 | iperf3 \ 40 | procps-ng \ 41 | nmap \ 42 | ethtool && \ 43 | yum -y clean all && \ 44 | rm -rf /var/cache/yum && \ 45 | rm /root/anaconda-ks.cfg /root/anaconda-post.log /root/original-ks.cfg /root/anaconda-post-nochroot.log 46 | 47 | # Clone repository 48 | RUN git clone https://github.com/upa/deadman.git /root/deadman 49 | 50 | # Set motd 51 | COPY motd /etc/motd 52 | RUN echo "cat /etc/motd" >> ~/.bashrc 53 | 54 | EXPOSE 5566 55 | 56 | # hadolint ignore=DL3002 57 | USER root 58 | WORKDIR /root 59 | ENV HOSTNAME=debug-container 60 | 61 | CMD ["/bin/bash", "-l"] 62 | -------------------------------------------------------------------------------- /Dockerfile-stream8: -------------------------------------------------------------------------------- 1 | # syntax=docker.io/docker/dockerfile-upstream:1.9.0 2 | # check=error=true 3 | 4 | FROM quay.io/centos/centos:stream8 5 | LABEL org.opencontainers.image.title = "Debug Container" \ 6 | org.opencontainers.image.authors = "Phil Huang " \ 7 | org.opencontainers.image.source = "https://github.com/pichuang/debug-container" \ 8 | org.opencontainers.image.description = "A short and concise Container Troubleshooting Tool that is updated daily" \ 9 | org.opencontainers.image.vendor = "divecode.in" \ 10 | org.opencontainers.image.url = "ghcr.io/pichuang/debug-container:master" \ 11 | org.opencontainers.image.documentation = "https://github.com/pichuang/debug-container" 12 | 13 | # Install packages 14 | RUN yum -y install epel-release && \ 15 | rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 && \ 16 | yum -y update && \ 17 | yum -y install \ 18 | python3.11 \ 19 | python3.11-pip \ 20 | iputils \ 21 | mtr \ 22 | net-tools \ 23 | htop \ 24 | vim \ 25 | git \ 26 | bind-utils \ 27 | iproute \ 28 | nmap-ncat \ 29 | wget \ 30 | curl \ 31 | tcpdump \ 32 | sysstat \ 33 | numactl \ 34 | hping3 \ 35 | dnsperf \ 36 | jq \ 37 | speedtest-cli \ 38 | iperf3 \ 39 | procps-ng \ 40 | ethtool && \ 41 | yum -y clean all 42 | 43 | RUN git clone https://github.com/upa/deadman.git /root/deadman 44 | 45 | RUN rm /root/anaconda-ks.cfg && \ 46 | rm /root/anaconda-post.log && \ 47 | rm /root/original-ks.cfg 48 | 49 | # Set motd 50 | COPY motd /etc/motd 51 | RUN echo "cat /etc/motd" >> ~/.bashrc 52 | 53 | EXPOSE 5566 54 | 55 | USER root 56 | WORKDIR /root 57 | ENV HOSTNAME debug-container 58 | 59 | CMD ["/bin/bash", "-l"] 60 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | IMAGE_REPO=localhost 2 | IMAGE_NAME=debug-container 3 | IMAGE_TAG=master 4 | CONTAINER_NAME=debug-container 5 | 6 | .DEFAULT_GOAL:=help 7 | SHELL:=/bin/bash 8 | 9 | .PHONY: help build-buildah run-podman run-podman-mix build-docker run-docker run-docker-mix inspect-podman inspect-docker 10 | 11 | help: ## Display help information 12 | @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n\nTargets:\n"} /^[a-zA-Z_-]+:.*?##/ { printf " \033[36m%-10s\033[0m %s\n", $$1, $$2 }' $(MAKEFILE_LIST) 13 | 14 | build-buildah: ## Build OCI image with Buildah 15 | buildah bud -t $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) . 16 | buildah images 17 | 18 | run-podman: ## Run Independent OCI Image 19 | podman run --rm -it --name $(CONTAINER_NAME) $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) 20 | 21 | run-podman-mix: ## Run Mixed OCI Image 22 | podman run -it --rm --name $(CONTAINER_NAME) --privileged \ 23 | --ipc=host --net=host --pid=host -e HOST=/host \ 24 | -e NAME=$(CONTAINER_NAME) -e IMAGE=$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) \ 25 | -v /run:/run -v /var/log:/var/log \ 26 | -v /etc/localtime:/etc/localtime -v /:/host \ 27 | $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) 28 | 29 | build-docker: ## Build Docker image with Docker 30 | docker build -t $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) . 31 | docker images 32 | 33 | run-docker: ## Run Independent Docker Image 34 | docker run --rm -it --name $(CONTAINER_NAME) $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) 35 | 36 | run-docker-mix: ## Run Mixed Docker Image 37 | docker run -it --rm --name $(CONTAINER_NAME) --privileged \ 38 | --ipc=host --net=host --pid=host -e HOST=/host \ 39 | -e NAME=$(CONTAINER_NAME) -e IMAGE=$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) \ 40 | -v /run:/run -v /var/log:/var/log \ 41 | -v /etc/localtime:/etc/localtime -v /:/host \ 42 | $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) 43 | 44 | inspect-podman: ## Inspect container OCI image 45 | skopeo inspect containers-storage:$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) 46 | 47 | inspect-docker: ## Inspect container docker image 48 | skopeo inspect docker://$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) 49 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Debug-Container 2 | 3 | [![Docker Repository on Quay](https://quay.io/repository/tw_pichuang/debug-container/status "Docker Repository on Quay")](https://quay.io/repository/tw_pichuang/debug-container) 4 | 5 | [![OpenSSF - Scorecard supply-chain security](https://github.com/pichuang/debug-container/actions/workflows/scorecard.yml/badge.svg)](https://github.com/pichuang/debug-container/actions/workflows/scorecard.yml) 6 | 7 | This container can be thought of as the administrator’s shell. Many of the debugging tools (such as ping, traceroute, and mtr) and man pages that an administrator might use to diagnose problems on the host are in this container. 8 | 9 | - Networking-related commands: 10 | - [x] iproute 11 | - [x] net-tools 12 | - [x] mtr 13 | - [x] dig 14 | - [x] ping 15 | - [x] ethtool 16 | - [x] nmap-ncat 17 | - Generic commands: 18 | - [x] vim 19 | - [x] git 20 | - [x] htop 21 | 22 | ## Download 23 | ``` 24 | docker pull ghcr.io/pichuang/debug-container:master 25 | ``` 26 | 27 | ## How to use `debug-container` on specific hosts? 28 | 29 | 1. Bridge Mode (Container on OS): 30 | ```bash 31 | docker run -it --rm --name debug-container ghcr.io/pichuang/debug-container:master 32 | ``` 33 | 34 | 2. Host Mode (Container within OS): 35 | ```bash 36 | docker run -it --rm --name debug --privileged \ 37 | --ipc=host --net=host --pid=host -e HOST=/host \ 38 | -e NAME=debug-container -e IMAGE=pichuang/debug-container \ 39 | -v /run:/run -v /var/log:/var/log \ 40 | -v /etc/localtime:/etc/localtime -v /:/host \ 41 | ghcr.io/pichuang/debug-container:master 42 | ``` 43 | 44 | 3. Container Mode (Bridge another container) 45 | ``` 46 | docker run -it --rm --name debug-contaienr --net container: ghcr.io/pichuang/debug-container:master 47 | ``` 48 | 49 | ## How to use `debug-container` on Native Kubernetes/Tanzu Kubernetes Grid Cluster/Azure Kubernetes Service? 50 | 51 | 1. Namespace Level Debugging: Running one Pod in namespace and `any node` 52 | ```bash 53 | kubectl run -n default debug-container --restart=Never --rm -i --tty --image ghcr.io/pichuang/debug-container:master -- /bin/bash 54 | ``` 55 | 56 | 2. Namespace Level Debugging: Running one Pod in namespace and `specific node` 57 | ```bash 58 | # Show all of nodes 59 | kubectl get nodes 60 | NAME STATUS ROLES AGE VERSION 61 | aks-agentpool-40137516-vmss000000 Ready agent 82m v1.22.11 62 | aks-agentpool-40137516-vmss000001 Ready agent 82m v1.22.11 63 | aks-agentpool-40137516-vmss000002 Ready agent 82m v1.22.11 64 | 65 | # Run the command 66 | kubectl run -n default debug-container --restart=Never --rm -i --tty --overrides='{ "apiVersion": "v1", "spec": {"kubernetes.io/hostname":"aks-agentpool-40137516-vmss000002"}}' --image ghcr.io/pichuang/debug-container:master -- /bin/bash 67 | ``` 68 | 69 | 3. Node Level Debugging: Running one Pod on `specific node` 70 | ```bash 71 | kubectl run -n default debug-container --image ghcr.io/pichuang/debug-container:master \ 72 | --restart=Never -it --attach --rm \ 73 | --overrides='{ "apiVersion": "v1", "spec": { "nodeSelector":{"kubernetes.io/hostname":"aks-agentpool-40137516-vmss000002"}, "hostNetwork": true}}' -- /bin/bash 74 | 75 | # or 76 | $ kubectl debug node/aks-agentpool-40137516-vmss000002 -it --image=ghcr.io/pichuang/debug-container:master -- /bin/bash 77 | Creating debugging pod node-debugger-aks-agentpool-40137516-vmss000002-psvms with container debugger on node aks-agentpool-40137516-vmss000002. 78 | If you don't see a command prompt, try pressing enter. 79 | 80 | [root@aks-agentpool-14864487-vmss000000 /]# chroot /host /bin/bash 81 | root [ / ]# cat /etc/os-release | head -n 2 82 | ``` 83 | 84 | 85 | ## How to use `debug-container` on Red Hat OpenShift? 86 | 87 | 1. Namespace Level Debugging: Running one Pod in project and `any node` 88 | ```bash 89 | oc project 90 | oc run ocp-debug-container --image ghcr.io/pichuang/debug-container:master \ 91 | --restart=Never --attach -i --tty --rm 92 | ``` 93 | 94 | 2. Namespace Level Debugging: Running one Pod in project and `specific node` 95 | ```bash 96 | oc project 97 | oc run ocp-debug-container --image ghcr.io/pichuang/debug-container:master \ 98 | --restart=Never --attach -i --tty --rm \ 99 | --overrides='{ "apiVersion": "v1", "spec": { "kubernetes.io/hostname":"compute-1"}}}' 100 | ``` 101 | - Remind: Please replace `kubernetes.io/hostname:` 102 | 103 | 3. Node Level Debugging: Running one Pod on `specific node` 104 | 105 | ```bash 106 | oc project 107 | oc run ocp-debug-container --image ghcr.io/pichuang/debug-container:master \ 108 | --restart=Never -it --attach --rm \ 109 | --overrides='{ "apiVersion": "v1", "spec": { "nodeSelector":{"kubernetes.io/hostname":"compute-1"}, "hostNetwork": true}}' 110 | ``` 111 | 112 | 4. Running Container Level Debugging 113 | ```bash 114 | oc project 115 | oc rsh pod/ 116 | ``` 117 | 118 | 5. Running Pods Level Debugging 119 | ```bash 120 | oc project 121 | oc debug pods/ 122 | ``` 123 | 124 | ## How to Import YAML? 125 | 126 | ```bash 127 | --- 128 | apiVersion: v1 129 | kind: Pod 130 | metadata: 131 | name: ocp-debug-container 132 | spec: 133 | containers: 134 | - image: ghcr.io/pichuang/debug-container:master 135 | name: ocp-debug-container 136 | command: [ "/bin/bash", "-c", "--" ] 137 | args: [ "while true; do sleep 30; done;" ] 138 | ``` 139 | 140 | 141 | ## How to build the container images? 142 | - If you choose buildah... 143 | ``` 144 | make build-buildah 145 | ``` 146 | 147 | - If you choose docker... 148 | ``` 149 | make build-docker 150 | ``` 151 | 152 | 153 | ## Author 154 | * **Phil Huang** 155 | 156 | -------------------------------------------------------------------------------- /deployment-debug-container.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: debug-container 6 | namespace: default 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: debug-container 12 | template: 13 | metadata: 14 | labels: 15 | app: debug-container 16 | spec: 17 | containers: 18 | - image: ghcr.io/pichuang/debug-container:master 19 | name: debug-container 20 | command: [ "/bin/bash", "-c", "--" ] 21 | args: [ "while true; do sleep 30; done;" ] 22 | securityContext: 23 | runAsUser: 0 24 | runAsNonRoot: false 25 | imagePullPolicy: Always 26 | -------------------------------------------------------------------------------- /motd: -------------------------------------------------------------------------------- 1 | 2 | ██ ██ 3 | ██░░██ ██░░██ 4 | ██░░▒▒██████▒▒░░██ 5 | ██▒▒░░░░▒▒▒▒▒▒░░░░▒▒██ 6 | ██░░░░░░░░░░░░░░░░░░██ 7 | ██▒▒░░░░░░░░░░░░░░░░░░▒▒██ 8 | ██░░░░██░░░░██░░░░██░░░░██ 9 | ██░░░░░░░░██░░██░░░░░░░░██ 10 | ██▒▒░░░░░░░░░░░░░░░░░░░░░░▒▒██ 11 | ██▒▒░░░░░░░░░░░░░░░░░░░░░░▒▒██ 12 | ██░░░░░░░░░░░░░░░░░░░░░░░░░░██ 13 | ██░░░░░░░░░░pichuang░░░░░░░░░░██ 14 | ██▒▒▒▒░░░░░░░░░░░░░░░░░░░░░░▒▒▒▒██ 15 | ██▒▒░░░░░░░░░░░░░░░░░░░░░░░░░░▒▒██ 16 | ██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██ ████ 17 | ██▒▒▒▒░░░░░░░░░░░░░░░░░░░░░░▒▒▒▒██ ██░░░░██ 18 | ██▒▒░░░░░░░░░░░░░░░░░░░░░░░░░░▒▒██ ██▒▒██ 19 | ██░░░░░░██░░░░░░░░░░░░░░██░░░░░░██ ██░░██ 20 | ██▒▒░░░░██░░██░░░░░░██░░██░░░░▒▒██████░░░░██ 21 | ██▒▒░░██░░██░░░░░░██░░██░░▒▒██░░░░▒▒░░██ 22 | ██████░░██████████░░████████████████ 23 | ██████ ██████ 24 | 25 | GitHub: https://github.com/pichuang/debug-container 26 | 27 | -------------------------------------------------------------------------------- /pod-debug-container.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: debug-container 6 | spec: 7 | containers: 8 | - image: ghcr.io/pichuang/debug-container:master 9 | name: debug-container 10 | command: [ "/bin/bash", "-c", "--" ] 11 | args: [ "while true; do sleep 30; done;" ] 12 | securityContext: 13 | runAsUser: 0 14 | runAsNonRoot: false 15 | -------------------------------------------------------------------------------- /pod-ocp-debug-container.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: ocp-debug-container 5 | spec: 6 | containers: 7 | - image: quay.io/tw_pichuang/debug-container 8 | name: ocp-debug-container 9 | command: [ "/bin/bash", "-c", "--" ] 10 | args: [ "while true; do sleep 30; done;" ] 11 | --------------------------------------------------------------------------------