openshift-cli-debug man page

openshift cli debug — Launch a new instance of a pod for debugging

Synopsis

openshift cli debug [Options]

Description

Launch a command shell to debug a running application

When debugging images and setup problems, it's useful to get an exact copy of a running pod configuration and troubleshoot with a shell. Since a pod that is failing may not be started and not accessible to 'rsh' or 'exec', the 'debug' command makes it easy to create a carbon copy of that setup.

The default mode is to start a shell inside of the first container of the referenced pod, replication controller, or deployment config. The started pod will be a copy of your source pod, with labels stripped, the command changed to '/bin/sh', and readiness and liveness checks disabled. If you just want to run a command, add '--' and a command to run. Passing a command will not create a TTY or send STDIN by default. Other flags are supported for altering the container or pod in common ways.

A common problem running containers is a security policy that prohibits you from running as a root user on the cluster. You can use this command to test running a pod as non-root (with --as-user) or to run a non-root pod as root (with --as-root).

The debug pod is deleted when the the remote command completes or the user interrupts the shell.

Options

--as-root=false

If true, try to run the container as the root user

--as-user=-1

Try to run the container as a specific user UID (note: admins may limit your ability to use this flag)

-c, --container=""

Container name; defaults to first container

-f, --filename=""

Filename or URL to file to read a template

--keep-annotations=false

If true, keep the original pod annotations

--keep-init-containers=true

Run the init containers for the pod. Defaults to true.

--keep-liveness=false

If true, keep the original pod liveness probes

--keep-readiness=false

If true, keep the original pod readiness probes

-I, --no-stdin=false

Bypasses passing STDIN to the container, defaults to true if no command specified

-T, --no-tty=false

Disable pseudo-terminal allocation

--node-name=""

Set a specific node to run on - by default the pod will run on any valid node

--one-container=false

If true, run only the selected container, remove all others

-o, --output=""

Output format. One of: json|yaml|wide|name|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See golang template [ ⟨http://golang.org/pkg/text/template/#pkg-overview⟩] and jsonpath template [ ⟨http://kubernetes.io/docs/user-guide/jsonpath/⟩].

--output-version=""

Output the formatted object with the given version (default api-version).

--template=""

Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [ ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].

-t, --tty=false

Force a pseudo-terminal to be allocated

Options Inherited from Parent Commands

--api-version=""

DEPRECATED: The API version to use when talking to the server

--as=""

Username to impersonate for the operation

--azure-container-registry-config=""

Path to the file container Azure container registry configuration information.

--certificate-authority=""

Path to a cert. file for the certificate authority

--client-certificate=""

Path to a client certificate file for TLS

--client-key=""

Path to a client key file for TLS

--cluster=""

The name of the kubeconfig cluster to use

--config=""

Path to the config file to use for CLI requests.

--context=""

The name of the kubeconfig context to use

--google-json-key=""

The Google Cloud Platform Service Account JSON Key to use for authentication.

--insecure-skip-tls-verify=false

If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

--log-flush-frequency=0

Maximum number of seconds between log flushes

--match-server-version=false

Require server version to match client version

-n, --namespace=""

If present, the namespace scope for this CLI request

--request-timeout="0"

The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

--server=""

The address and port of the Kubernetes API server

--token=""

Bearer token for authentication to the API server

--user=""

The name of the kubeconfig user to use

Example

  # Debug a currently running deployment
  openshift cli debug dc/test
  
  # Test running a deployment as a non-root user
  openshift cli debug dc/test --as-user=1000000
  
  # Debug a specific failing container by running the env command in the 'second' container
  openshift cli debug dc/test -c second -- /bin/env
  
  # See the pod that would be created to debug
  openshift cli debug dc/test -o yaml

See Also

openshift-cli(1),

History

June 2016, Ported from the Kubernetes man-doc generator

Referenced By

openshift-cli(1).

Openshift CLI User Manuals June 2016