Sometimes you need a debug container hanging around to check something from within your cluster. You cobble something together, make the ‘command’ be ‘sleep 3600’ or ‘tail -f /dev/null’ and call it a day. But they don’t terminate gracefully.
kubectl run debug --restart=Never --image=agilicus/pause
The magic is this ‘pause.c’. It simply waits for a couple of signals, calls pause(2) and thus waits. It exits immediately if anything happens. This means that it uses near zero resources while sleeping and exits gracefully.
#include <unistd.h>
#include <signal.h>
static void
_endme(int sig)
{
_exit(0);
}
int
main(int argc, char **argv)
{
signal(SIGINT, _endme);
signal(SIGTERM, _endme);
pause();
_exit(0);
}
Now, this seems esoteric, but give it a try. Now, once you have run that run
command above, you can simply kubectl exec -it debug bash
and from in there apk add tool
.
So you might apk add curl
and then curl http://myservice
. Simple, right?
Now, I know a lot of you are committing the cardinal sin of having a shell and debug environment in every container just in case
. Well, let me tell you, that security attacker is going to love your just in case
toolset. Why not let the container run as root with a writeable filesystem and a compiler while we are at it.
You can check out the copious code @ https://github.com/Agilicus/pause.