0

In a distant kube cluster I have some pod with C++ application. I need to debug them with gdb or gdbserver but :

  • No capabilities (like SYS_PTRACE) allowed on the images
  • No privileged user
  • No CustomResourceDefinitions allowed in the cluster
  • No SELinux in the images (it's a no from the security team)

I tried Squash (can't use CRD), NSenter (no access to the host, only some access to create or delete kube resources), SELinux (not possible), can't edit /proc/sys/kernel/yama/ptrace_scope.

BloodMarch
  • 3
  • 2
  • 1
    That sounds like you can't debug the application directly in the production environment (in my experience this is extremely normal). You'll need to reproduce the issue in a local environment, ideally without containers involved at all. – David Maze Mar 10 '23 at 15:36
  • Can you change your approach to just logging? If you log enough of the right things failure investigation could be done offline? Perhaps log arguments to functions that fail? That way, you can use data from those logs to develop test cases? – Tinkerer Mar 10 '23 at 16:12
  • It's a developer remote environment, it's managed by the platform teams and we can't do a local container environment (no enough resources on the Dev pc). Logging is not enough, it's for development purpose. – BloodMarch Mar 11 '23 at 16:44

0 Answers0