openshift-cli-debug man page

openshift cli debug — Launch a new instance of a pod for debugging

Synopsis

openshift cli debug [Options]

Description

Launch a command shell to debug a running application

When debugging images and setup problems, it's useful to get an exact copy of a running pod configuration and troubleshoot with a shell. Since a pod that is failing may not be started and not accessible to 'rsh' or 'exec', the 'debug' command makes it easy to create a carbon copy of that setup.

The default mode is to start a shell inside of the first container of the referenced pod, replication controller, or deployment config. The started pod will be a copy of your source pod, with labels stripped, the command changed to '/bin/sh', and readiness and liveness checks disabled. If you just want to run a command, add '--' and a command to run. Passing a command will not create a TTY or send STDIN by default. Other flags are supported for altering the container or pod in common ways.

A common problem running containers is a security policy that prohibits you from running as a root user on the cluster. You can use this command to test running a pod as non-root (with --as-user) or to run a non-root pod as root (with --as-root).

The debug pod is deleted when the the remote command completes or the user interrupts the shell.

Options

--as-root=false
Try to run the container as the root user
--as-user=-1
Try to run the container as a specific user UID (note: admins may limit your ability to use this flag)
-c, --container=""
Container name; defaults to first container
-f, --filename=""
Filename or URL to file to read a template
--keep-annotations=false
Keep the original pod annotations
--keep-init-containers=true
Run the init containers for the pod. Defaults to true.
--keep-liveness=false
Keep the original pod liveness probes
--keep-readiness=false
Keep the original pod readiness probes
--no-headers=false
When using the default output, don't print headers.
-I, --no-stdin=false
Bypasses passing STDIN to the container, defaults to true if no command specified
-T, --no-tty=false
Disable pseudo-terminal allocation
--node-name=""
Set a specific node to run on - by default the pod will run on any valid node
--one-container=false
Run only the selected container, remove all others
-o, --output=""
Output format. One of: json|yaml|wide|name|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See golang template [ ⟨http://golang.org/pkg/text/template/#pk…⟩] and jsonpath template [ ⟨http://kubernetes.io/docs/user-guide/js…⟩].
--output-version=""
Output the formatted object with the given version (default api-version).
--show-all=true
When printing, show all resources (false means hide terminated pods.)
--sort-by=""
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. 'ObjectMeta.Name'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
--template=""
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [ ⟨http://golang.org/pkg/text/template/#pk…⟩].
-t, --tty=false
Force a pseudo-terminal to be allocated

Options Inherited from Parent Commands

--api-version=""
DEPRECATED: The API version to use when talking to the server

--as=""
Username to impersonate for the operation.

--certificate-authority=""
Path to a cert. file for the certificate authority.

--client-certificate=""
Path to a client certificate file for TLS.

--client-key=""
Path to a client key file for TLS.

--cluster=""
The name of the kubeconfig cluster to use

--config=""
Path to the config file to use for CLI requests.

--context=""
The name of the kubeconfig context to use

--google-json-key=""
The Google Cloud Platform Service Account JSON Key to use for authentication.

--insecure-skip-tls-verify=false
If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.

--log-flush-frequency=0
Maximum number of seconds between log flushes

--match-server-version=false
Require server version to match client version

-n, --namespace=""
If present, the namespace scope for this CLI request.

--server=""
The address and port of the Kubernetes API server

--token=""
Bearer token for authentication to the API server.

--user=""
The name of the kubeconfig user to use

Example

# Debug a currently running deployment
openshift cli debug dc/test

# Test running a deployment as a non-root user
openshift cli debug dc/test --as-user=1000000

# Debug a specific failing container by running the env command in the 'second' container
openshift cli debug dc/test -c second -- /bin/env

# See the pod that would be created to debug
openshift cli debug dc/test -o yaml

See Also

openshift-cli(1),

History

June 2016, Ported from the Kubernetes man-doc generator

Referenced By

openshift-cli(1).

Openshift CLI User Manuals Openshift June 2016