{"id":13496147,"url":"https://github.com/kvaps/kubectl-node-shell","last_synced_at":"2025-10-23T02:26:48.387Z","repository":{"id":39332374,"uuid":"175691263","full_name":"kvaps/kubectl-node-shell","owner":"kvaps","description":"Exec into node via kubectl","archived":false,"fork":false,"pushed_at":"2025-03-04T18:44:27.000Z","size":64,"stargazers_count":1631,"open_issues_count":18,"forks_count":183,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-05-04T22:02:24.861Z","etag":null,"topics":["kubectl","kubectl-enter","kubectl-node-shell","kubectl-plugin","kubectl-plugins","kubernetes","nsenter"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kvaps.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-14T20:03:40.000Z","updated_at":"2025-05-02T13:54:26.000Z","dependencies_parsed_at":"2023-12-26T10:30:08.472Z","dependency_job_id":"db2170f4-c675-45e8-9612-1d0f497b6e9a","html_url":"https://github.com/kvaps/kubectl-node-shell","commit_stats":null,"previous_names":[],"tags_count":28,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kvaps%2Fkubectl-node-shell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kvaps%2Fkubectl-node-shell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kvaps%2Fkubectl-node-shell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kvaps%2Fkubectl-node-shell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kvaps","download_url":"https://codeload.github.com/kvaps/kubectl-node-shell/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254355333,"owners_count":22057354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubectl","kubectl-enter","kubectl-node-shell","kubectl-plugin","kubectl-plugins","kubernetes","nsenter"],"created_at":"2024-07-31T19:01:43.016Z","updated_at":"2025-10-23T02:26:48.282Z","avatar_url":"https://github.com/kvaps.png","language":"Shell","funding_links":[],"categories":["Shell","Links to the Charts:","kubernetes"],"sub_categories":["Example of pushing to Docker hosted repo"],"readme":"# kubectl node-shell\n*(formerly known as **kubectl-enter**)*\n\nStart a root shell in the node's host OS running. Uses an alpine pod with nsenter for Linux nodes and a [HostProcess pod](https://kubernetes.io/docs/tasks/configure-pod-container/create-hostprocess-pod/) with PowerShell for Windows nodes.\n\n![demo](https://gist.githubusercontent.com/kvaps/2e3d77975a844654ec297893e21a0829/raw/c778a8405ff8c686e4e807a97e9721b423e7208f/kubectl-node-shell.gif)\n\n## Installation\n\nusing [krew](https://krew.sigs.k8s.io/):\n\nPlugin can be installed from the official krew repository:\n\n\u003cpre\u003e\nkubectl krew install node-shell\n\u003c/pre\u003e\n\nOr from our own krew repository:\n\u003cpre\u003e\nkubectl krew index add kvaps \u003ca href=\"https://github.com/kvaps/krew-index\"\u003ehttps://github.com/kvaps/krew-index\u003c/a\u003e\nkubectl krew install kvaps/node-shell\n\u003c/pre\u003e\n\nor using curl:\n\n```bash\ncurl -LO https://github.com/kvaps/kubectl-node-shell/raw/master/kubectl-node_shell\nchmod +x ./kubectl-node_shell\nsudo mv ./kubectl-node_shell /usr/local/bin/kubectl-node_shell\n```\n\n## Usage\n\n```bash\n# Get standard bash shell\nkubectl node-shell \u003cnode\u003e\n\n# Use custom image for pod\nkubectl node-shell \u003cnode\u003e --image \u003cimage\u003e\n\n# Use X-mode (mount /host, and do not enter host namespace)\nkubectl node-shell -x \u003cnode\u003e\n\n# Skip specific namespace types to enter, choose any of ipc, mount, pid, net, uts\nkubectl node-shell \u003cnode\u003e --no-ipc\n\n# Execute custom command\nkubectl node-shell \u003cnode\u003e -- echo 123\n\n# Use stdin\ncat /etc/passwd | kubectl node-shell \u003cnode\u003e -- sh -c 'cat \u003e /tmp/passwd'\n\n# Run oneliner script\nkubectl node-shell \u003cnode\u003e -- sh -c 'cat /tmp/passwd; rm -f /tmp/passwd'\n```\n\n## X-mode\n\nX-mode can be useful for debugging minimal systems that do not have a built-in shell (eg. Talos).  \nHere's an example of how you can debug the network for a rootless kube-apiserver container without a filesystem:\n\n```bash\nkubectl node-shell -x \u003cnode\u003e\n\n# Download crictl\nwget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.28.0/crictl-v1.28.0-linux-amd64.tar.gz -O- | \\\n  tar -xzf- -C /usr/local/bin/\n\n# Setup CRI endpoint\nexport CONTAINER_RUNTIME_ENDPOINT=unix:///host/run/containerd/containerd.sock\n\n# Find your container\ncrictl ps | grep kube-apiserver\n#3ff4626a9f10e       e7972205b6614       6 hours ago         Running             kube-apiserver         0                   215107b47bd7e       kube-apiserver-talos-rzq-nkg\n\n# Find pid of the container\ncrictl inspect 3ff4626a9f10e | grep pid\n#    \"pid\": 2152,\n#            \"pid\": 1\n#            \"type\": \"pid\"\n#                \"getpid\",\n#                \"getppid\",\n#                \"pidfd_open\",\n#                \"pidfd_send_signal\",\n#                \"waitpid\",\n\n# Go to network namespace of the pid, but keep mount namespace of the debug container\nnsenter -t 2152 -n\n```\n\n*You need to be able to start privileged containers for that.*\n\n## Mounting External CSI Volumes\n\nYou can mount volumes from your CSI storage layer using the `-m` flag. This allows you to move data to/from node devices seamlessly. The PVC will be mounted at `/opt-pvc`. This is useful for failover in minimal systems that do not have a built in shell (eg. Talos). \nHere is an example of how you can retrieve zfs/lvm data from a volume on a failed CSI node and put it back in your distributed storage layer:\n\n```bash\nk node-shell -n \u003cnamespace\u003e -x \u003cnode_with_data\u003e -m \u003cpvc_name\u003e\n\n# install rsync\napk add rsync\n\n# Add lvm/zfs libs\n# ZFS\nmount -o bind /host/dev /dev\nmount -o bind /host/usr/local /usr/local\ntouch /lib/libuuid.so.1\nmount -o bind /host/lib/libuuid.so.1 /lib/libuuid.so.1\ntouch /lib/libuuid.so.1.3.0\nmount -o bind /host/lib/libuuid.so.1.3.0 /lib/libuuid.so.1.3.0\ntouch /lib/libblkid.so.1\nmount -o bind /host/lib/libblkid.so.1 /lib/libblkid.so.1\ntouch /lib/libblkid.so.1.1.0\nmount -o bind /host/lib/libblkid.so.1.1.0 /lib/libblkid.so.1.1.0\n#LVM\ntouch /usr/lib/libaio.so.1\nmount -o bind /host/usr/lib/libaio.so.1.0.2 /usr/lib/libaio.so.1\ntouch /usr/lib/libudev.so.1\nmount -o bind /host/usr/lib/libudev.so.1 /usr/lib/libudev.so.1\nexport PATH=$PATH:/host/sbin\nmkdir /lib/modules\nmount -o bind /host/lib/modules /lib/modules\n\n# look for data to recover\nzfs list\nNAME                                                     USED  AVAIL  REFER  MOUNTPOINT\nhdd-1                                                   15.9T  7.52T    96K  /hdd-1\nhdd-1/SOME-OLD-PVC-FROM-PREVIOUS-NODE-INSTALL            361G  7.52T   361G  -                  -\n\n# mount the failed volume\nzfs set mountpoint=/mnt hdd-1/SOME-OLD-PVC-FROM-PREVIOUS-NODE-INSTALL\nzfs mount /hdd-1/SOME-OLD-PVC-FROM-PREVIOUS-NODE-INSTALL\n\n# recover the data : copy it to the mounted CSI volume\nrsync -avh --info=progress2 /mnt/ /opt-pvc/\n```\n\nthe above exemple assumes `pvc_name` already exists in `namespace`. *You need to be able to start privileged containers.*","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkvaps%2Fkubectl-node-shell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkvaps%2Fkubectl-node-shell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkvaps%2Fkubectl-node-shell/lists"}