From kubernetes-plugin
Debugs Kubernetes pods, nodes, and workloads using kubectl debug: ephemeral containers, pod copies, node access, debug profiles, and interactive sessions.
npx claudepluginhub laurigates/claude-plugins --plugin kubernetes-pluginThis skill is limited to using the following tools:
Expert knowledge for debugging Kubernetes resources using `kubectl debug` - ephemeral containers, pod copies, and node access.
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
Expert knowledge for debugging Kubernetes resources using kubectl debug - ephemeral containers, pod copies, and node access.
kubectl debug automates common debugging tasks:
Always specify --context explicitly in every kubectl command:
# CORRECT: Explicit context
kubectl --context=prod-cluster debug mypod -it --image=busybox
# WRONG: Relying on current context
kubectl debug mypod -it --image=busybox # Which cluster?
# Interactive debugging with busybox
kubectl --context=my-context debug mypod -it --image=busybox
# Target specific container's process namespace
kubectl --context=my-context debug mypod -it --image=busybox --target=mycontainer
# Use a specific debug profile
kubectl --context=my-context debug mypod -it --image=busybox --profile=netadmin
# Create debug copy
kubectl --context=my-context debug mypod -it --copy-to=mypod-debug --image=busybox
# Copy and change container image
kubectl --context=my-context debug mypod --copy-to=mypod-debug --set-image=app=busybox
# Copy and modify command
kubectl --context=my-context debug mypod -it --copy-to=mypod-debug --container=myapp -- sh
# Copy on same node
kubectl --context=my-context debug mypod -it --copy-to=mypod-debug --same-node --image=busybox
# Interactive node debugging (host namespaces, filesystem at /host)
kubectl --context=my-context debug node/mynode -it --image=busybox
# With sysadmin profile for full capabilities
kubectl --context=my-context debug node/mynode -it --image=ubuntu --profile=sysadmin
| Profile | Use Case | Capabilities |
|---|---|---|
legacy | Default, unrestricted | Full access (backwards compatible) |
general | General purpose | Moderate restrictions |
baseline | Minimal restrictions | Pod security baseline |
netadmin | Network troubleshooting | NET_ADMIN capability |
restricted | High security environments | Strictest restrictions |
sysadmin | System administration | SYS_PTRACE, SYS_ADMIN |
# Network debugging (tcpdump, netstat, ss)
kubectl --context=my-context debug mypod -it --image=nicolaka/netshoot --profile=netadmin
# System debugging (strace, perf)
kubectl --context=my-context debug mypod -it --image=ubuntu --profile=sysadmin
| Image | Size | Use Case |
|---|---|---|
busybox | ~1MB | Basic shell, common utilities |
alpine | ~5MB | Shell with apk package manager |
ubuntu | ~77MB | Full Linux with apt |
nicolaka/netshoot | ~350MB | Network debugging (tcpdump, dig, curl, netstat) |
gcr.io/k8s-debug/debug | Varies | Official Kubernetes debug image |
# Add netshoot container for network debugging
kubectl --context=my-context debug mypod -it \
--image=nicolaka/netshoot \
--profile=netadmin
# Inside container:
# - tcpdump -i any port 80
# - dig kubernetes.default
# - curl -v http://service:port
# - ss -tlnp
# - netstat -an
# Copy pod with different entrypoint to inspect
kubectl --context=my-context debug mypod -it \
--copy-to=mypod-debug \
--container=app \
-- sh
# Inside: check filesystem, env vars, config files
# Target container's process namespace
kubectl --context=my-context debug mypod -it \
--image=busybox \
--target=mycontainer
# Inside: ps aux, /proc inspection
# Debug node with host access
kubectl --context=my-context debug node/worker-1 -it \
--image=ubuntu \
--profile=sysadmin
# Inside:
# - Host filesystem at /host
# - chroot /host for full access
# - journalctl, systemctl, dmesg
# Create copy, keeping original running
kubectl --context=my-context debug mypod -it \
--copy-to=mypod-debug \
--same-node \
--share-processes \
--image=busybox
# Original pod continues serving traffic
# Debug copy shares storage if on same node
| Option | Description |
|---|---|
-it | Interactive TTY (required for shell access) |
--image | Debug container image |
--container | Name for the debug container |
--target | Share process namespace with this container |
--copy-to | Create a copy instead of ephemeral container |
--same-node | Schedule copy on same node (with --copy-to) |
--set-image | Change container images in copy |
--profile | Security profile (legacy, netadmin, sysadmin, etc.) |
--share-processes | Enable process namespace sharing (default: true with --copy-to) |
--replace | Delete original pod when creating copy |
--copy-to for invasive debugging - Preserve original pod--same-node - For accessing shared storage/network conditions# List debug pod copies
kubectl --context=my-context get pods | grep -E "debug|copy"
# Delete debug pods
kubectl --context=my-context delete pod mypod-debug
For detailed option reference, examples, and troubleshooting patterns, see REFERENCE.md.