oc-debug man page

oc debug — Launch a new instance of a pod for debugging


oc debug [Options]


Launch a command shell to debug a running application

When debugging images and setup problems, it's useful to get an exact copy of a running pod configuration and troubleshoot with a shell. Since a pod that is failing may not be started and not accessible to 'rsh' or 'exec', the 'debug' command makes it easy to create a carbon copy of that setup.

The default mode is to start a shell inside of the first container of the referenced pod, replication controller, or deployment config. The started pod will be a copy of your source pod, with labels stripped, the command changed to '/bin/sh', and readiness and liveness checks disabled. If you just want to run a command, add '--' and a command to run. Passing a command will not create a TTY or send STDIN by default. Other flags are supported for altering the container or pod in common ways.

A common problem running containers is a security policy that prohibits you from running as a root user on the cluster. You can use this command to test running a pod as non-root (with --as-user) or to run a non-root pod as root (with --as-root).

The debug pod is deleted when the the remote command completes or the user interrupts the shell.



If true, try to run the container as the root user


Try to run the container as a specific user UID (note: admins may limit your ability to use this flag)

-c, --container=""

Container name; defaults to first container

-f, --filename=""

Filename or URL to file to read a template


If true, keep the original pod annotations


Run the init containers for the pod. Defaults to true.


If true, keep the original pod liveness probes


If true, keep the original pod readiness probes

-I, --no-stdin=false

Bypasses passing STDIN to the container, defaults to true if no command specified

-T, --no-tty=false

Disable pseudo-terminal allocation


Set a specific node to run on - by default the pod will run on any valid node


If true, run only the selected container, remove all others

-o, --output=""

Output format. One of: json|yaml|wide|name|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See golang template [ ⟨http://golang.org/pkg/text/template/#pkg-overview⟩] and jsonpath template [ ⟨http://kubernetes.io/docs/user-guide/jsonpath/⟩].


Output the formatted object with the given version (default api-version).


Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [ ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].

-t, --tty=false

Force a pseudo-terminal to be allocated

Options Inherited from Parent Commands


DEPRECATED: The API version to use when talking to the server


Username to impersonate for the operation


Path to the file container Azure container registry configuration information.


Path to a cert. file for the certificate authority


Path to a client certificate file for TLS


Path to a client key file for TLS


The name of the kubeconfig cluster to use


Path to the config file to use for CLI requests.


The name of the kubeconfig context to use


The Google Cloud Platform Service Account JSON Key to use for authentication.


If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure


Maximum number of seconds between log flushes


Require server version to match client version

-n, --namespace=""

If present, the namespace scope for this CLI request


The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.


The address and port of the Kubernetes API server


Bearer token for authentication to the API server


The name of the kubeconfig user to use


  # Debug a currently running deployment
  oc debug dc/test
  # Test running a deployment as a non-root user
  oc debug dc/test --as-user=1000000
  # Debug a specific failing container by running the env command in the 'second' container
  oc debug dc/test -c second -- /bin/env
  # See the pod that would be created to debug
  oc debug dc/test -o yaml

See Also



June 2016, Ported from the Kubernetes man-doc generator

Referenced By


Openshift CLI User Manuals June 2016