Debugging in the container: how to resolve a host when you don’t have the tools
We’ve all been there. You are curious what container-A resolves container-B to. But, since you believe in security, you have carefully made sure container-A is as close to ‘distroless‘ as possible. You’ve made the filesystem read-only, no privilege is present, and no tools.
You now come along later, run ‘kubectl exec -it … sh’. And then you curse past-you for those short-sighted security descisions! How can you find out what it thinks the IP of container-B is without recompiling?
Well, here’s a tip for you. ‘getent’ is part of libc.
# dpkg -S /usr/bin/getent libc-bin: /usr/bin/getent
This means you can simply run:
getent hosts rabbitmq-7c5fbf778d-mrqmt
and it will tell you how it resolves. Magic! No need to install dig/hosts/nslookup. No need to try and write a DNS packet with bash and use /dev/udp.
root@rabbitmq-7c5fbf778d-mrqmt:/$ apt-get update E: List directory /var/lib/apt/lists/partial is missing. - Acquire (30: Read-only file system) E: Could not open lock file /var/lib/dpkg/lock - open (2: No such file or directory) E: Unable to lock the administration directory (/var/lib/dpkg/), are you root? root@rabbitmq-7c5fbf778d-mrqmt:/$ host front-end-74698f5fc7-zxfzb bash: host: command not found root@rabbitmq-7c5fbf778d-mrqmt:/$ nslookup front-end-74698f5fc7-zxfzb bash: nslookup: command not found root@rabbitmq-7c5fbf778d-mrqmt:/$ dig front-end-74698f5fc7-zxfzb bash: dig: command not found root@rabbitmq-7c5fbf778d-mrqmt:/$ getent hosts front-end-74698f5fc7-zxfzb 10.244.0.91 front-end-74698f5fc7-zxfzb