kubespy
is a kubectl plugin implemented in bash to debug a running pod. It starts a temporary spy container
which joins the namespaces of the target container (eg. pid/net/ipc). You can specify the image of spy container
which should include all the required debugging tools. Thus, the debugging tools need not unnecessarily be bundled with the main application container image.
kubespy
is similar to kubectl-debug. In contrast to the latter, kubespy works without the EphemeralContainers feature which is an experimental alpha feature and needs to be activated per pod.
Meanwhile kubespy
has its prerequisites - the cluster must use docker as container runtime and you need to be able to run privileged pods.
You can install either from source or with krew
$ curl -so kubectl-spy https://raw.githubusercontent.com/huazhihao/kubespy/master/kubespy
$ sudo install kubectl-spy /usr/local/bin/
$ kubectl krew install spy
$ kubectl spy POD [-c CONTAINER] [-n NAMESPACE] [--spy-image SPY_IMAGE]
# debug the first container nginx from mypod
$ kubectl spy mypod
# debug container nginx from mypod
$ kubectl spy mypod -c nginx
# debug container nginx from mypod using busybox
$ kubectl spy mypod -c nginx --spy-image busybox
local machine: kubectl spy
|
v
master node: kube-apiserver
|
v
worker node: kubelet
|
v
spy pod (eg. busybox)
| (chroot)
v
docker runtime
| (run)
v
spy container
| (join docker namespace: pid/net/ipc)
v
application pod (eg. nginx)