Endoscope: snoop around inside your Kubernetes pods

Today I ‘released’ endoscope. This is a tool that solves a couple of ‘simple’ problems:

  1. I have a running container in Kubernetes. I wish I could have a shell inside it that is root, but also with a bunch of tools like gdb or ptrace. My container doesn’t allow root or ptrace. I don’t want to rebuild a debug version of it and create a new Pod
  2. I want to ping/create network traffic as if it originated from a specific pod
  3. I want to capture network traffic from/to a specific pod

If you have those problems, well, this is for you!

Lets look at an example:

scope -n NAMESPACE -p POD strace [-p #] [-e expr]

What sourcery is this? You mean from my current host I can run strace on a remote application in a container without knowing the node or ssh or anything? Yes! Simply run with the namespace/pod info (and -p #if there is more than one pid in the container, default is the first), and optionally e.g. -e file to filter. You can use ‘scope pids’ to show the pids if you want (the first one is not always the right one for more complex containers).

Current commands include gdb, ping, shell, strace, hping. If you use ‘shell’, you are in the network + pid namespace of the debugee (check ifconfig if you don’t believe me!).

Work in progress is to allow you to, from the Wireshark GUI, simply select a pod and capture/filter its traffic in real time. Pull requests welcome 🙂





Leave a Reply

Your email address will not be published. Required fields are marked *