Doing maintenance & debugging on Kubernetes with a support pod
August 21, 2021
If you need to access services that are only reachable from the Kubernetes cluster or for example debug some network/DNS issues then you don’t want to attach to a running pod which is part of production deployment.
You probably need to install extra tools and the pod could have a read-only filesystem which prevents you from doing that. Including those tools in the image isn’t smart as well because they can expose a security risk.
So how do you do that then? You use a ‘support pod’!
kubectl run you’re able to deploy a pod with a given image which gets deleted as soon as you exit the terminal.
kubectl run -i --rm --tty support-pod --image=alpine --restart=Never
This command will deploy the pod with the alpine image and open a terminal. You can then install the packages you need, for example;
apk add bind-tools
This will give you
dig to debug DNS issues.
When you’re done, you just type
ctrl-D to exit the terminal and kill the pod.
This is a simple and secure way to take a look around from within the Kubernetes cluster without interfering with the workload or expose a security risk.