Wednesday, October 10, 2018

How To Make Your Own Container Tools To Debug Kubernetes network Issue

Requirement:

   Sometimes we need to get into docker container to check network, storage...etc all kind of things for debugging. However base image won't have such tools like ip , curl ,ssh,sftp, wget , netstat ,nc, ping..... installed as we mean to keen running  images as slim as possible. How can we debug into the container without such tools?

Solution:

   Create our own container with all tools we need and attach our container to network of apps container.
Here are some details

  • docker run -itd --name debug oraclelinux:7-slim
  • docker exec -it debug /bin/bash
  • <debug container># yum install ssh,curl, iproute ....etc tools you need 
  • exit
  • docker commit debug henry-swiss-knife:v1
  • later you can add more tools into your own container image
Then use this henry-swiss-knife to attach network stack of kubernetes
  • use docker ps |grep apex   ( find out container id of K8S pod of apex which is the example). In this case it is 44c780d348bd  ( the pod with  "/pause")
[root@instance-cas-mt2 ~]# docker ps|grep apex
340722fe6f77        4b39de352b36                                                         "/bin/sh -c $ORDS_HO…"   18 hours ago        Up 18 hours                                  k8s_apexords_apexords_default_8b06d971-cb89-11e8-a112-000017010a8f_0
44c780d348bd        container-registry.oracle.com/kubernetes_developer/pause-amd64:3.1   "/pause"                 18 hours ago        Up 18 hours                                  k8s_POD_apexords_default_8b06d971-cb89-11e8-a112-000017010a8f_0
  • docker run -itd --name debug --net=container:44c780d348bd henry-swiss-knife:v1
[root@instance-cas-mt2 ~]# docker run -itd --name debug --net=container:44c780d348bd henry-swiss-knife:v1
904180885ae527b3fc4f34a319ab6dfae39af960e29b2dbf7a5902ead55684e8

  • docker exec -it 90418 /bin/bash    (get into the debug container to debug K8S network stack)

No comments: