README
¶
retina-shell
Retina CLI provides a command to launch an interactive shell in a node or pod for adhoc debugging.
- The CLI command
kubectl retina shellcreates a pod withHostNetwork=true(for node debugging) or an ephemeral container in an existing pod (for pod debugging). - The container runs an image built from the Dockerfile in this directory. The image is based on Azure Linux and includes commonly-used networking tools.
- The pwru tool is bundled in the image for advanced kernel packet tracing.
- bpftool is also included for eBPF debugging.
For testing, you can override the image used by retina shell either with CLI arguments
(--retina-shell-image-repo and --retina-shell-image-version) or environment variables
(RETINA_SHELL_IMAGE_REPO and RETINA_SHELL_IMAGE_VERSION).
Run kubectl retina shell -h for full documentation and examples.
Example: Running pwru and bpftool
To use pwru and bpftool inside the retina shell, you must grant the following Linux capabilities to the container:
NET_ADMINSYS_ADMIN
Capability requirements are based on common eBPF tool practices and not directly from the pwru documentation.
Example command to launch a shell with the required capabilities:
# Pod debugging
kubectl retina shell -n kube-system pod/coredns-57d886c994-8m2ph --capabilities=NET_ADMIN,SYS_ADMIN
Once inside the shell, you can run:
pwru --help
bpftool --help
Currently only Linux is supported; Windows support will be added in the future.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Config ¶
type Config struct {
RestConfig *rest.Config
RetinaShellImage string
HostPID bool
Capabilities []string
Timeout time.Duration
// Host filesystem access applies only to nodes, not pods.
MountHostFilesystem bool
AllowHostFilesystemWrite bool
AppArmorUnconfined bool
SeccompUnconfined bool
}
Config is the configuration for starting a shell in a node or pod.
Source Files