So you’ve followed best practices and configured your container to use a user other than root for its requirements. Nice job. The security experts are convinced this will keep your container, pod, and cluster all more secure.
However, sometime in the near future, a completely unforeseen and impossible issue pops up and you need root to troubleshoot. This is where node-shellcomes into play.
Node-shell is a kubectlplugin that will give you shell access on the node. Once on the node, you can use docker to gain access to the root user on your container. I’m sure there are 1000 uses for this, but this was mine.
- Install
node-shell– https://github.com/kvaps/kubectl-node-shell - List pod and node information
kubectl get pods -n <namespace> -o wide - Jump onto the desired node
kubectl node-shell <node_name> - List containers
docker ps - Exec into the container
docker exec -it -u 0 <container_name> /bin/bash - Verify root status
One quick note about exiting;
- Type
exitonce to exit the container - Type
exita second time to exit the node.