1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl debug - Create debugging sessions for troubleshooting workloads
10 and nodes
11
15 kubectl debug [OPTIONS]
16
20 Debug cluster resources using interactive debugging containers.
21 'debug' provides automation for common debugging tasks for cluster ob‐
24 jects identified by resource and name. Pods will be used by default if
25 no resource is specified.
26 The action taken by 'debug' varies depending on what resource is speci‐
29 fied. Supported actions include:
30 • Workload: Create a copy of an existing pod with certain at‐
33 tributes changed, for example changing the image tag to a new
34 version.
35 • Workload: Add an ephemeral container to an already running
37 pod, for example to add debugging utilities without restarting
38 the pod.
39 • Node: Create a new pod that runs in the node's host namespaces
41 and can access the node's filesystem.
42
47 --arguments-only=false If specified, everything after -- will be
48 passed to the new container as Args instead of Command.
49 --attach=false If true, wait for the container to start running,
52 and then attach as if 'kubectl attach ...' were called. Default false,
53 unless '-i/--stdin' is set, in which case the default is true.
54 -c, --container="" Container name to use for debug container.
57 --copy-to="" Create a copy of the target Pod with this name.
60 --env=[] Environment variables to set in the container.
63 --image="" Container image to use for debug container.
66 --image-pull-policy="" The image pull policy for the container. If
69 left empty, this value will not be specified by the client and de‐
70 faulted by the server.
71 --quiet=false If true, suppress informational messages.
74 --replace=false When used with '--copy-to', delete the original
77 Pod.
78 --same-node=false When used with '--copy-to', schedule the copy of
81 target Pod on the same node.
82 --set-image=[] When used with '--copy-to', a list of name=image
85 pairs for changing container images, similar to how 'kubectl set image'
86 works.
87 --share-processes=true When used with '--copy-to', enable process
90 namespace sharing in the copy.
91 -i, --stdin=false Keep stdin open on the container(s) in the pod,
94 even if nothing is attached.
95 --target="" When using an ephemeral container, target processes in
98 this container name.
99 -t, --tty=false Allocate a TTY for the debugging container.
102
106 --add-dir-header=false If true, adds the file directory to the
107 header of the log messages
108 --alsologtostderr=false log to standard error as well as files
111 --application-metrics-count-limit=100 Max number of application
114 metrics to store (per container)
115 --as="" Username to impersonate for the operation
118 --as-group=[] Group to impersonate for the operation, this flag
121 can be repeated to specify multiple groups.
122 --azure-container-registry-config="" Path to the file containing
125 Azure container registry configuration information.
126 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
129 list of files to check for boot-id. Use the first one that exists.
130 --cache-dir="/builddir/.kube/cache" Default cache directory
133 --certificate-authority="" Path to a cert file for the certificate
136 authority
137 --client-certificate="" Path to a client certificate file for TLS
140 --client-key="" Path to a client key file for TLS
143 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
146 CIDRs opened in GCE firewall for L7 LB traffic proxy health
147 checks
148 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
151 CIDRs opened in GCE firewall for L4 LB traffic proxy health
152 checks
153 --cluster="" The name of the kubeconfig cluster to use
156 --container-hints="/etc/cadvisor/container_hints.json" location of
159 the container hints file
160 --containerd="/run/containerd/containerd.sock" containerd endpoint
163 --containerd-namespace="k8s.io" containerd namespace
166 --context="" The name of the kubeconfig context to use
169 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
172 tionSeconds of the toleration for notReady:NoExecute that is added by
173 default to every pod that does not already have such a toleration.
174 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
177 tionSeconds of the toleration for unreachable:NoExecute that is added
178 by default to every pod that does not already have such a toleration.
179 --disable-root-cgroup-stats=false Disable collecting root Cgroup
182 stats
183 --docker="unix:///var/run/docker.sock" docker endpoint
186 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
189 ronment variable keys matched with specified prefix that needs to be
190 collected for docker containers
191 --docker-only=false Only report docker containers in addition to
194 root stats
195 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
198 from docker info (this is a fallback, default: /var/lib/docker)
199 --docker-tls=false use TLS to connect to docker
202 --docker-tls-ca="ca.pem" path to trusted CA
205 --docker-tls-cert="cert.pem" path to client certificate
208 --docker-tls-key="key.pem" path to private key
211 --enable-load-reader=false Whether to enable cpu load reader
214 --event-storage-age-limit="default=0" Max length of time for which
217 to store events (per type). Value is a comma separated list of key val‐
218 ues, where the keys are event types (e.g.: creation, oom) or "default"
219 and the value is a duration. Default is applied to all non-specified
220 event types
221 --event-storage-event-limit="default=0" Max number of events to
224 store (per type). Value is a comma separated list of key values, where
225 the keys are event types (e.g.: creation, oom) or "default" and the
226 value is an integer. Default is applied to all non-specified event
227 types
228 --global-housekeeping-interval=1m0s Interval between global house‐
231 keepings
232 --housekeeping-interval=10s Interval between container housekeep‐
235 ings
236 --insecure-skip-tls-verify=false If true, the server's certificate
239 will not be checked for validity. This will make your HTTPS connections
240 insecure
241 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
244 quests.
245 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
248 trace
249 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
252 sor container
253 --log-dir="" If non-empty, write log files in this directory
256 --log-file="" If non-empty, use this log file
259 --log-file-max-size=1800 Defines the maximum size a log file can
262 grow to. Unit is megabytes. If the value is 0, the maximum file size is
263 unlimited.
264 --log-flush-frequency=5s Maximum number of seconds between log
267 flushes
268 --logtostderr=true log to standard error instead of files
271 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
274 Comma-separated list of files to check for machine-id. Use the
275 first one that exists.
276 --match-server-version=false Require server version to match
279 client version
280 -n, --namespace="" If present, the namespace scope for this CLI
283 request
284 --one-output=false If true, only write logs to their native sever‐
287 ity level (vs also writing to each lower severity level
288 --password="" Password for basic authentication to the API server
291 --profile="none" Name of profile to capture. One of
294 (none|cpu|heap|goroutine|threadcreate|block|mutex)
295 --profile-output="profile.pprof" Name of the file to write the
298 profile to
299 --referenced-reset-interval=0 Reset interval for referenced bytes
302 (container_referenced_bytes metric), number of measurement cycles after
303 which referenced bytes are cleared, if set to 0 referenced bytes are
304 never cleared (default: 0)
305 --request-timeout="0" The length of time to wait before giving up
308 on a single server request. Non-zero values should contain a corre‐
309 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
310 out requests.
311 -s, --server="" The address and port of the Kubernetes API server
314 --skip-headers=false If true, avoid header prefixes in the log
317 messages
318 --skip-log-headers=false If true, avoid headers when opening log
321 files
322 --stderrthreshold=2 logs at or above this threshold go to stderr
325 --storage-driver-buffer-duration=1m0s Writes in the storage driver
328 will be buffered for this duration, and committed to the non memory
329 backends as a single transaction
330 --storage-driver-db="cadvisor" database name
333 --storage-driver-host="localhost:8086" database host:port
336 --storage-driver-password="root" database password
339 --storage-driver-secure=false use secure connection with database
342 --storage-driver-table="stats" table name
345 --storage-driver-user="root" database username
348 --tls-server-name="" Server name to use for server certificate
351 validation. If it is not provided, the hostname used to contact the
352 server is used
353 --token="" Bearer token for authentication to the API server
356 --update-machine-info-interval=5m0s Interval between machine info
359 updates.
360 --user="" The name of the kubeconfig user to use
363 --username="" Username for basic authentication to the API server
366 -v, --v=0 number for the log level verbosity
369 --version=false Print version information and quit
372 --vmodule= comma-separated list of pattern=N settings for
375 file-filtered logging
376 --warnings-as-errors=false Treat warnings received from the server
379 as errors and exit with a non-zero exit code
380
384 # Create an interactive debugging session in pod mypod and immediately attach to it.
385 # (requires the EphemeralContainers feature to be enabled in the cluster)
386 kubectl debug mypod -it --image=busybox
387 # Create a debug container named debugger using a custom automated debugging image.
389 # (requires the EphemeralContainers feature to be enabled in the cluster)
390 kubectl debug --image=myproj/debug-tools -c debugger mypod
391 # Create a copy of mypod adding a debug container and attach to it
393 kubectl debug mypod -it --image=busybox --copy-to=my-debugger
394 # Create a copy of mypod changing the command of mycontainer
396 kubectl debug mypod -it --copy-to=my-debugger --container=mycontainer -- sh
397 # Create a copy of mypod changing all container images to busybox
399 kubectl debug mypod --copy-to=my-debugger --set-image=*=busybox
400 # Create a copy of mypod adding a debug container and changing container images
402 kubectl debug mypod -it --copy-to=my-debugger --image=debian --set-image=app=app:debug,sidecar=sidecar:debug
403 # Create an interactive debugging session on a node and immediately attach to it.
405 # The container will run in the host namespaces and the host's filesystem will be mounted at /host
406 kubectl debug node/mynode -it --image=busybox
407
412 kubectl(1),
413
417 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
418 com) based on the kubernetes source material, but hopefully they have
419 been automatically generated since!
420Manuals User KUBERNETES(1)(kubernetes)