1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl alpha debug - Create debugging sessions for troubleshooting
10 workloads and nodes
11
15 kubectl alpha debug [OPTIONS]
16
20 NOTE: "kubectl alpha debug" is deprecated and will be removed in re‐
21 lease 1.21. Please use "kubectl debug" instead.
22 Debug cluster resources using interactive debugging containers.
25 'debug' provides automation for common debugging tasks for cluster ob‐
28 jects identified by resource and name. Pods will be used by default if
29 no resource is specified.
30 The action taken by 'debug' varies depending on what resource is speci‐
33 fied. Supported actions include:
34 • Workload: Create a copy of an existing pod with certain at‐
37 tributes changed, for example changing the image tag to a new
38 version.
39 • Workload: Add an ephemeral container to an already running
41 pod, for example to add debugging utilities without restarting
42 the pod.
43 • Node: Create a new pod that runs in the node's host namespaces
45 and can access the node's filesystem.
46
51 --arguments-only=false If specified, everything after -- will be
52 passed to the new container as Args instead of Command.
53 --attach=false If true, wait for the container to start running,
56 and then attach as if 'kubectl attach ...' were called. Default false,
57 unless '-i/--stdin' is set, in which case the default is true.
58 -c, --container="" Container name to use for debug container.
61 --copy-to="" Create a copy of the target Pod with this name.
64 --env=[] Environment variables to set in the container.
67 --image="" Container image to use for debug container.
70 --image-pull-policy="" The image pull policy for the container. If
73 left empty, this value will not be specified by the client and de‐
74 faulted by the server.
75 --quiet=false If true, suppress informational messages.
78 --replace=false When used with '--copy-to', delete the original
81 Pod.
82 --same-node=false When used with '--copy-to', schedule the copy of
85 target Pod on the same node.
86 --set-image=[] When used with '--copy-to', a list of name=image
89 pairs for changing container images, similar to how 'kubectl set image'
90 works.
91 --share-processes=true When used with '--copy-to', enable process
94 namespace sharing in the copy.
95 -i, --stdin=false Keep stdin open on the container(s) in the pod,
98 even if nothing is attached.
99 --target="" When using an ephemeral container, target processes in
102 this container name.
103 -t, --tty=false Allocate a TTY for the debugging container.
106
110 --add-dir-header=false If true, adds the file directory to the
111 header of the log messages
112 --alsologtostderr=false log to standard error as well as files
115 --application-metrics-count-limit=100 Max number of application
118 metrics to store (per container)
119 --as="" Username to impersonate for the operation
122 --as-group=[] Group to impersonate for the operation, this flag
125 can be repeated to specify multiple groups.
126 --azure-container-registry-config="" Path to the file containing
129 Azure container registry configuration information.
130 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
133 list of files to check for boot-id. Use the first one that exists.
134 --cache-dir="/builddir/.kube/cache" Default cache directory
137 --certificate-authority="" Path to a cert file for the certificate
140 authority
141 --client-certificate="" Path to a client certificate file for TLS
144 --client-key="" Path to a client key file for TLS
147 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
150 CIDRs opened in GCE firewall for L7 LB traffic proxy health
151 checks
152 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
155 CIDRs opened in GCE firewall for L4 LB traffic proxy health
156 checks
157 --cluster="" The name of the kubeconfig cluster to use
160 --container-hints="/etc/cadvisor/container_hints.json" location of
163 the container hints file
164 --containerd="/run/containerd/containerd.sock" containerd endpoint
167 --containerd-namespace="k8s.io" containerd namespace
170 --context="" The name of the kubeconfig context to use
173 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
176 tionSeconds of the toleration for notReady:NoExecute that is added by
177 default to every pod that does not already have such a toleration.
178 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
181 tionSeconds of the toleration for unreachable:NoExecute that is added
182 by default to every pod that does not already have such a toleration.
183 --disable-root-cgroup-stats=false Disable collecting root Cgroup
186 stats
187 --docker="unix:///var/run/docker.sock" docker endpoint
190 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
193 ronment variable keys matched with specified prefix that needs to be
194 collected for docker containers
195 --docker-only=false Only report docker containers in addition to
198 root stats
199 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
202 from docker info (this is a fallback, default: /var/lib/docker)
203 --docker-tls=false use TLS to connect to docker
206 --docker-tls-ca="ca.pem" path to trusted CA
209 --docker-tls-cert="cert.pem" path to client certificate
212 --docker-tls-key="key.pem" path to private key
215 --enable-load-reader=false Whether to enable cpu load reader
218 --event-storage-age-limit="default=0" Max length of time for which
221 to store events (per type). Value is a comma separated list of key val‐
222 ues, where the keys are event types (e.g.: creation, oom) or "default"
223 and the value is a duration. Default is applied to all non-specified
224 event types
225 --event-storage-event-limit="default=0" Max number of events to
228 store (per type). Value is a comma separated list of key values, where
229 the keys are event types (e.g.: creation, oom) or "default" and the
230 value is an integer. Default is applied to all non-specified event
231 types
232 --global-housekeeping-interval=1m0s Interval between global house‐
235 keepings
236 --housekeeping-interval=10s Interval between container housekeep‐
239 ings
240 --insecure-skip-tls-verify=false If true, the server's certificate
243 will not be checked for validity. This will make your HTTPS connections
244 insecure
245 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
248 quests.
249 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
252 trace
253 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
256 sor container
257 --log-dir="" If non-empty, write log files in this directory
260 --log-file="" If non-empty, use this log file
263 --log-file-max-size=1800 Defines the maximum size a log file can
266 grow to. Unit is megabytes. If the value is 0, the maximum file size is
267 unlimited.
268 --log-flush-frequency=5s Maximum number of seconds between log
271 flushes
272 --logtostderr=true log to standard error instead of files
275 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
278 Comma-separated list of files to check for machine-id. Use the
279 first one that exists.
280 --match-server-version=false Require server version to match
283 client version
284 -n, --namespace="" If present, the namespace scope for this CLI
287 request
288 --one-output=false If true, only write logs to their native sever‐
291 ity level (vs also writing to each lower severity level
292 --password="" Password for basic authentication to the API server
295 --profile="none" Name of profile to capture. One of
298 (none|cpu|heap|goroutine|threadcreate|block|mutex)
299 --profile-output="profile.pprof" Name of the file to write the
302 profile to
303 --referenced-reset-interval=0 Reset interval for referenced bytes
306 (container_referenced_bytes metric), number of measurement cycles after
307 which referenced bytes are cleared, if set to 0 referenced bytes are
308 never cleared (default: 0)
309 --request-timeout="0" The length of time to wait before giving up
312 on a single server request. Non-zero values should contain a corre‐
313 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
314 out requests.
315 -s, --server="" The address and port of the Kubernetes API server
318 --skip-headers=false If true, avoid header prefixes in the log
321 messages
322 --skip-log-headers=false If true, avoid headers when opening log
325 files
326 --stderrthreshold=2 logs at or above this threshold go to stderr
329 --storage-driver-buffer-duration=1m0s Writes in the storage driver
332 will be buffered for this duration, and committed to the non memory
333 backends as a single transaction
334 --storage-driver-db="cadvisor" database name
337 --storage-driver-host="localhost:8086" database host:port
340 --storage-driver-password="root" database password
343 --storage-driver-secure=false use secure connection with database
346 --storage-driver-table="stats" table name
349 --storage-driver-user="root" database username
352 --tls-server-name="" Server name to use for server certificate
355 validation. If it is not provided, the hostname used to contact the
356 server is used
357 --token="" Bearer token for authentication to the API server
360 --update-machine-info-interval=5m0s Interval between machine info
363 updates.
364 --user="" The name of the kubeconfig user to use
367 --username="" Username for basic authentication to the API server
370 -v, --v=0 number for the log level verbosity
373 --version=false Print version information and quit
376 --vmodule= comma-separated list of pattern=N settings for
379 file-filtered logging
380 --warnings-as-errors=false Treat warnings received from the server
383 as errors and exit with a non-zero exit code
384
388 # Create an interactive debugging session in pod mypod and immediately attach to it.
389 # (requires the EphemeralContainers feature to be enabled in the cluster)
390 kubectl debug mypod -it --image=busybox
391 # Create a debug container named debugger using a custom automated debugging image.
393 # (requires the EphemeralContainers feature to be enabled in the cluster)
394 kubectl debug --image=myproj/debug-tools -c debugger mypod
395 # Create a copy of mypod adding a debug container and attach to it
397 kubectl debug mypod -it --image=busybox --copy-to=my-debugger
398 # Create a copy of mypod changing the command of mycontainer
400 kubectl debug mypod -it --copy-to=my-debugger --container=mycontainer -- sh
401 # Create a copy of mypod changing all container images to busybox
403 kubectl debug mypod --copy-to=my-debugger --set-image=*=busybox
404 # Create a copy of mypod adding a debug container and changing container images
406 kubectl debug mypod -it --copy-to=my-debugger --image=debian --set-image=app=app:debug,sidecar=sidecar:debug
407 # Create an interactive debugging session on a node and immediately attach to it.
409 # The container will run in the host namespaces and the host's filesystem will be mounted at /host
410 kubectl debug node/mynode -it --image=busybox
411
416 kubectl-alpha(1),
417
421 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
422 com) based on the kubernetes source material, but hopefully they have
423 been automatically generated since!
424Manuals User KUBERNETES(1)(kubernetes)