a6033fa1 pause

pause: how to debug your Kubernetes setup


Sometimes you need a debug container hanging around to check something from within your cluster. You cobble something together, make the ‘command’ be ‘sleep 3600’ or ‘tail -f /dev/null’ and call it a day. But they don’t terminate gracefully.

kubectl run debug --restart=Never --image=agilicus/pause

The magic is this ‘pause.c’. It simply waits for a couple of signals, calls pause(2) and thus waits. It exits immediately if anything happens. This means that it uses near zero resources while sleeping and exits gracefully.

#include <unistd.h>
#include <signal.h>

static void 
_endme(int sig)
{
  _exit(0);
}
int
main(int argc, char **argv)
{
  signal(SIGINT, _endme);
  signal(SIGTERM, _endme);
  pause();
  _exit(0);
}

Now, this seems esoteric, but give it a try. Now, once you have run that run command above, you can simply  kubectl exec -it debug bash and from in there apk add tool.

So you might apk add curl and then curl http://myservice. Simple, right?

Now, I know a lot of you are committing the cardinal sin of having a shell and debug environment in every container just in case. Well, let me tell you, that security attacker is going to love your just in case toolset. Why not let the container run as root with a writeable filesystem and a compiler while we are at it.

You can check out the copious code @ https://github.com/Agilicus/pause.