oc-debug man page

oc debug — Launch a new instance of a pod for debugging


oc debug [Options]


Launch a command shell to debug a running application

When debugging images and setup problems, it's useful to get an exact copy of a running pod configuration and troubleshoot with a shell. Since a pod that is failing may not be started and not accessible to 'rsh' or 'exec', the 'debug' command makes it easy to create a carbon copy of that setup.

The default mode is to start a shell inside of the first container of the referenced pod, replication controller, or deployment config. The started pod will be a copy of your source pod, with labels stripped, the command changed to '/bin/sh', and readiness and liveness checks disabled. If you just want to run a command, add '--' and a command to run. Passing a command will not create a TTY or send STDIN by default. Other flags are supported for altering the container or pod in common ways.

A common problem running containers is a security policy that prohibits you from running as a root user on the cluster. You can use this command to test running a pod as non-root (with --as-user) or to run a non-root pod as root (with --as-root).

The debug pod is deleted when the the remote command completes or the user interrupts the shell.


Try to run the container as the root user
Try to run the container as a specific user UID (note: admins may limit your ability to use this flag)
-c, --container=""
Container name; defaults to first container
-f, --filename=""
Filename or URL to file to read a template
Keep the original pod annotations
Run the init containers for the pod. Defaults to true.
Keep the original pod liveness probes
Keep the original pod readiness probes
When using the default output, don't print headers.
-I, --no-stdin=false
Bypasses passing STDIN to the container, defaults to true if no command specified
-T, --no-tty=false
Disable pseudo-terminal allocation
Set a specific node to run on - by default the pod will run on any valid node
Run only the selected container, remove all others
-o, --output=""
Output format. One of: json|yaml|wide|name|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See golang template [ ⟨http://golang.org/pkg/text/template/#pk…⟩] and jsonpath template [ ⟨http://kubernetes.io/docs/user-guide/js…⟩].
Output the formatted object with the given version (default api-version).
When printing, show all resources (false means hide terminated pods.)
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. 'ObjectMeta.Name'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [ ⟨http://golang.org/pkg/text/template/#pk…⟩].
-t, --tty=false
Force a pseudo-terminal to be allocated

Options Inherited from Parent Commands

DEPRECATED: The API version to use when talking to the server

Username to impersonate for the operation.

Path to a cert. file for the certificate authority.

Path to a client certificate file for TLS.

Path to a client key file for TLS.

The name of the kubeconfig cluster to use

Path to the config file to use for CLI requests.

The name of the kubeconfig context to use

The Google Cloud Platform Service Account JSON Key to use for authentication.

If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.

Maximum number of seconds between log flushes

Require server version to match client version

-n, --namespace=""
If present, the namespace scope for this CLI request.

The address and port of the Kubernetes API server

Bearer token for authentication to the API server.

The name of the kubeconfig user to use


# Debug a currently running deployment
oc debug dc/test

# Test running a deployment as a non-root user
oc debug dc/test --as-user=1000000

# Debug a specific failing container by running the env command in the 'second' container
oc debug dc/test -c second -- /bin/env

# See the pod that would be created to debug
oc debug dc/test -o yaml

See Also



June 2016, Ported from the Kubernetes man-doc generator

Referenced By


Openshift CLI User Manuals Openshift June 2016