Log in as root to the node.

This executes simple container in host IPC, network and PID space. Then is uses nsenter to switch other namespaces and execute BASH.
derailed · Feb 2, 2025 · 8f203f8 · 8f203f8
1 parent 18b2ada
commit 8f203f8
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/plugins/node-root-shell.yaml b/plugins/node-root-shell.yaml
@@ -0,0 +1,34 @@
+plugins:
+  node-root-shell:
+    shortCut: a
+    description: Run root shell on node
+    dangerous: true
+    scopes:
+      - nodes
+    command: bash
+    background: false
+    confirm: true
+    args:
+      - -c
+      - |
+        host="$1"
+        json='
+        {
+          "apiVersion": "v1",
+          "spec": {
+            "hostIPC": true,
+            "hostNetwork": true,
+            "hostPID": true
+        '
+        if ! [[ -z "$host" ]]; then
+          json+=",
+          \"nodeSelector\" : {
+            \"kubernetes.io/hostname\" : \"$host\"
+          }
+          ";
+        fi
+        json+='
+          }
+        }
+        '
+        kubectl run -ti --image alpine:3.8 --rm --privileged --restart=Never --overrides="$json" root --command -- nsenter -t 1 -m -u -n -i -- bash -l