RSS

Exec into Node via Kubectl

ankitg121 pts0 comments

GitHub - kvaps/kubectl-node-shell: Exec into node via kubectl · GitHub

/" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

kvaps

kubectl-node-shell

Public

Notifications<br>You must be signed in to change notification settings

Fork<br>194

Star<br>1.8k

master

BranchesTags

Go to file

CodeOpen more actions menu

Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit

History<br>71 Commits<br>71 Commits

LICENSE

LICENSE

README.md

README.md

k9s-plugin.yaml

k9s-plugin.yaml

kubectl-node_shell

kubectl-node_shell

test.sh

test.sh

View all files

Repository files navigation

kubectl node-shell

(formerly known as kubectl-enter )

Start a root shell in the node's host OS running. Uses an alpine pod with nsenter for Linux nodes and a HostProcess pod with PowerShell for Windows nodes.

Installation

using krew:

Plugin can be installed from the official krew repository:

kubectl krew install node-shell

Or from our own krew repository:

kubectl krew index add kvaps https://github.com/kvaps/krew-index<br>kubectl krew install kvaps/node-shell

or using curl:

curl -LO https://github.com/kvaps/kubectl-node-shell/raw/master/kubectl-node_shell<br>chmod +x ./kubectl-node_shell<br>sudo mv ./kubectl-node_shell /usr/local/bin/kubectl-node_shell

Usage

# Use custom image for pod<br>kubectl node-shell --image

# Use X-mode (mount /host, and do not enter host namespace)<br>kubectl node-shell -x

# Skip specific namespace types to enter, choose any of ipc, mount, pid, net, uts<br>kubectl node-shell --no-ipc

# Execute custom command<br>kubectl node-shell -- echo 123

# Use stdin<br>cat /etc/passwd | kubectl node-shell -- sh -c 'cat > /tmp/passwd'

# Run oneliner script<br>kubectl node-shell -- sh -c 'cat /tmp/passwd; rm -f /tmp/passwd'"># Get standard bash shell<br>kubectl node-shell node>

# Use custom image for pod<br>kubectl node-shell node> --image image>

# Use X-mode (mount /host, and do not enter host namespace)<br>kubectl node-shell -x node>

# Skip specific namespace types to enter, choose any of ipc, mount, pid, net, uts<br>kubectl node-shell node> --no-ipc

# Execute custom command<br>kubectl node-shell node> -- echo 123

# Use stdin<br>cat /etc/passwd | kubectl node-shell node> -- sh -c 'cat > /tmp/passwd'

# Run oneliner script<br>kubectl node-shell node> -- sh -c 'cat /tmp/passwd; rm -f /tmp/passwd'

X-mode

X-mode can be useful for debugging minimal systems that do not have a built-in shell (eg. Talos).

Here's an example of how you can debug the network for a rootless kube-apiserver container without a filesystem:

# Download crictl<br>wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.28.0/crictl-v1.28.0-linux-amd64.tar.gz -O- | \<br>tar -xzf- -C /usr/local/bin/

# Setup CRI endpoint<br>export CONTAINER_RUNTIME_ENDPOINT=unix:///host/run/containerd/containerd.sock

# Find your container<br>crictl ps | grep kube-apiserver<br>#3ff4626a9f10e e7972205b6614 6 hours ago Running kube-apiserver 0 215107b47bd7e kube-apiserver-talos-rzq-nkg

# Find pid of the container<br>crictl inspect 3ff4626a9f10e | grep pid<br># "pid": 2152,<br># "pid": 1<br># "type": "pid"<br># "getpid",<br># "getppid",<br># "pidfd_open",<br># "pidfd_send_signal",<br># "waitpid",

# Go to network namespace of the pid, but keep mount namespace of the debug container<br>nsenter -t 2152 -n">kubectl node-shell -x node>

# Download crictl<br>wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.28.0/crictl-v1.28.0-linux-amd64.tar.gz -O- | \<br>tar -xzf- -C /usr/local/bin/

# Setup CRI endpoint<br>export CONTAINER_RUNTIME_ENDPOINT=unix:///host/run/containerd/containerd.sock

# Find your container<br>crictl ps | grep kube-apiserver<br>#3ff4626a9f10e e7972205b6614 6 hours ago Running kube-apiserver 0 215107b47bd7e kube-apiserver-talos-rzq-nkg

# Find pid of the container<br>crictl inspect 3ff4626a9f10e | grep pid<br># "pid": 2152,<br># "pid": 1<br># "type": "pid"<br># "getpid",<br># "getppid",<br># "pidfd_open",<br># "pidfd_send_signal",<br># "waitpid",

# Go to network namespace of the pid, but keep mount namespace of the debug container<br>nsenter -t 2152 -n

You need to be able to start privileged containers for that.

Mounting External CSI Volumes

You can mount volumes from your CSI storage layer using the -m flag. This...

node kubectl shell namespace passwd crictl

Related Articles

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.