« Previous 1 2 3
Troubleshooting Kubernetes and Docker with a SuperContainer
Super Powers
Super Filesystems
In order to access the target container's filesystem, I need to enter the local SuperContainer pseudo filesystem, which resides under /proc
.
In Figure 4, you can see a directory listing for the path /proc/1/root
.
It's agreed, however, that the file listing in Figure 4 could potentially be from the local container and not the target container. In Figure 5, you can see the proof of the pudding. The figure shows the index.html
file. The full path from the SuperContainer directory /proc/1/root
is accessed at usr/share/nginx/html/index.html
.
Super Network Stacks
Next I'll check to see if I can access the target container's network. I'll run a couple of the networking tools I chucked into the Dockerfile earlier (see Figure 6).
I used the networking tools in Figure 6 to check the internal IP address. I could see TCP port 80, which HTTP runs on, but I need to confirm that I am actually seeing the correct network stack from outside the target container. This time I work from the host with the following command:
$ docker inspect nginx | grep IPAddress | tail -1
Figure 7 shows the output from the docker inspect
command after querying the container, which is named nginx
.
Step Away
With a smattering of lateral thinking, I am certain that this tool can be extremely useful in a number of differing scenarios. Using debugging tools like strace (carefully) on production services is just one suggestion.
If you use the concept creatively, a SuperContainer might just save the day sometime in the future.
I for one will enjoy experimenting with SuperContainers across different use cases. You don't necessarily need access to a remote registry to pull the prebuilt image. Once you've memorized the command-line switches, you can create that simple Dockerfile with ease.
Infos
- Justin Garrison's blog post: https://medium.com/@rothgar/how-to-debug-a-running-docker-container-from-a-separate-container-983f11740dc6
- Justin Cormack: https://twitter.com/justincormack
- Linux capabilities: http://man7.org/linux/man-pages/man7/capabilities.7.html
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)