{"id":29287907,"url":"https://github.com/maximewewer/privileged-exec-daemonset","last_synced_at":"2026-05-19T02:08:33.179Z","repository":{"id":302792835,"uuid":"1013630393","full_name":"MaximeWewer/privileged-exec-daemonset","owner":"MaximeWewer","description":"Kubernetes DaemonSet for privileged shell access on every node","archived":false,"fork":false,"pushed_at":"2025-07-04T08:15:52.000Z","size":3,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-04T09:28:52.159Z","etag":null,"topics":["busybox","daemonset","kubernetes","shell"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MaximeWewer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-04T07:59:55.000Z","updated_at":"2025-07-04T08:17:31.000Z","dependencies_parsed_at":"2025-07-04T09:29:09.665Z","dependency_job_id":"89c5f8b1-e022-42a7-a48d-dd9ab11dded2","html_url":"https://github.com/MaximeWewer/privileged-exec-daemonset","commit_stats":null,"previous_names":["maximewewer/privileged-exec-daemonset"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/MaximeWewer/privileged-exec-daemonset","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaximeWewer%2Fprivileged-exec-daemonset","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaximeWewer%2Fprivileged-exec-daemonset/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaximeWewer%2Fprivileged-exec-daemonset/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaximeWewer%2Fprivileged-exec-daemonset/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MaximeWewer","download_url":"https://codeload.github.com/MaximeWewer/privileged-exec-daemonset/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaximeWewer%2Fprivileged-exec-daemonset/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263837473,"owners_count":23517952,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["busybox","daemonset","kubernetes","shell"],"created_at":"2025-07-06T02:07:48.009Z","updated_at":"2026-05-19T02:08:33.138Z","avatar_url":"https://github.com/MaximeWewer.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Privileged-Exec DaemonSet\n\nThis repository contains an example Kubernetes deployment of a **privileged-exec** DaemonSet that provides a privileged shell on every cluster node.\n\n\u003e **Warning**: This DaemonSet grants root-level permissions on the host (`privileged: true`, `hostPID: true`, `hostNetwork: true`, etc.). Use it only for testing or troubleshooting purposes, and **never** in production environments or at your own risk.\n\n---\n\n## Table of contents\n\n1. [Purpose](#purpose)\n2. [How it works](#how-it-works)\n3. [Usage instructions](#usage-instructions)\n4. [Cleanup](#cleanup)\n\n---\n\n## Purpose\n\nEnable an administrator to access a **shell** on each Kubernetes node via a privileged pod. Useful for diagnosing node issues or installing packages directly on the host.\n\n## How it works\n\n- **DaemonSet**: Schedules one pod per node in the cluster.\n- **Privileged**: Container runs with full Linux capabilities and root access.\n- **hostPID**, **hostIPC**, **hostNetwork**: Shares the PID, IPC, and network namespaces of the host.\n- **hostPath**: Mounts the host’s root filesystem (`/`) into the pod at `/noderoot`.\n- From the BusyBox container, you can `chroot` into `/noderoot` and launch Bash.\n\n## Usage instructions\n\n1. **Clone the repository**:\n\n   ```sh\n   git clone git@github.com:MaximeWewer/privileged-exec-daemonset.git\n   cd privileged-exec-daemonset\n   ```\n\n2. **Apply the namespace and DaemonSet**:\n\n   ```sh\n   kubectl apply -f privileged-exec-daemonset.yaml\n   ```\n\n3. **Open a shell on a node**:\n\n   - List the pods:\n\n     ```sh\n     kubectl -n privileged-exec-daemonset get pods\n     ```\n\n   - Execute a host shell:\n\n     ```sh\n     kubectl -n privileged-exec-daemonset exec -it privileged-exec-\u003cpod_id\u003e -- /bin/sh -c 'chroot /noderoot /bin/bash -c \"YOUR COMMAND\"'\n     ```\n\n4. **Install a package (Debian/Ubuntu example)**:\n\n   Inside the chrooted shell:\n\n   ```sh\n   kubectl -n privileged-exec-daemonset exec -it privileged-exec-\u003cpod_id\u003e -- /bin/sh -c 'chroot /noderoot /bin/bash -c \"apt update \u0026\u0026 apt install -y \u003cpackage_name\u003e\"'\n   ```\n\n## Cleanup\n\nTo remove the DaemonSet and its namespace:\n\n```sh\nkubectl delete namespace privileged-exec-daemonset\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaximewewer%2Fprivileged-exec-daemonset","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaximewewer%2Fprivileged-exec-daemonset","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaximewewer%2Fprivileged-exec-daemonset/lists"}