Wednesday, October 10, 2018

How To Make Your Own Container Tools To Debug Kubernetes network Issue


   Sometimes we need to get into docker container to check network, storage...etc all kind of things for debugging. However base image won't have such tools like ip , curl ,ssh,sftp, wget , netstat ,nc, ping..... installed as we mean to keen running  images as slim as possible. How can we debug into the container without such tools?


   Create our own container with all tools we need and attach our container to network of apps container.
Here are some details

  • docker run -itd --name debug oraclelinux:7-slim
  • docker exec -it debug /bin/bash
  • <debug container># yum install ssh,curl, iproute ....etc tools you need 
  • exit
  • docker commit debug henry-swiss-knife:v1
  • later you can add more tools into your own container image
Then use this henry-swiss-knife to attach network stack of kubernetes
  • use docker ps |grep apex   ( find out container id of K8S pod of apex which is the example). In this case it is 44c780d348bd  ( the pod with  "/pause")
[root@instance-cas-mt2 ~]# docker ps|grep apex
340722fe6f77        4b39de352b36                                                         "/bin/sh -c $ORDS_HO…"   18 hours ago        Up 18 hours                                  k8s_apexords_apexords_default_8b06d971-cb89-11e8-a112-000017010a8f_0
44c780d348bd   "/pause"                 18 hours ago        Up 18 hours                                  k8s_POD_apexords_default_8b06d971-cb89-11e8-a112-000017010a8f_0
  • docker run -itd --name debug --net=container:44c780d348bd henry-swiss-knife:v1
[root@instance-cas-mt2 ~]# docker run -itd --name debug --net=container:44c780d348bd henry-swiss-knife:v1

  • docker exec -it 90418 /bin/bash    (get into the debug container to debug K8S network stack)

No comments: