Debug Kubernetes pods, nodes, and workloads using kubectl debug. Covers ephemeral containers, pod copying, node debugging, debug profiles, and interactive troubleshooting sessions. Use when user mentions kubectl debug, debugging pods, ephemeral containers, node debugging, or interactive troubleshooting in Kubernetes clusters.
/plugin marketplace add laurigates/claude-plugins/plugin install kubernetes-plugin@lgates-claude-pluginsThis skill is limited to using the following tools:
REFERENCE.mdExpert knowledge for debugging Kubernetes resources using kubectl debug - ephemeral containers, pod copies, and node access.
kubectl debug automates common debugging tasks:
Always specify --context explicitly in every kubectl command:
# CORRECT: Explicit context
kubectl --context=prod-cluster debug mypod -it --image=busybox
# WRONG: Relying on current context
kubectl debug mypod -it --image=busybox # Which cluster?
# Interactive debugging with busybox
kubectl --context=my-context debug mypod -it --image=busybox
# Target specific container's process namespace
kubectl --context=my-context debug mypod -it --image=busybox --target=mycontainer
# Use a specific debug profile
kubectl --context=my-context debug mypod -it --image=busybox --profile=netadmin
# Create debug copy
kubectl --context=my-context debug mypod -it --copy-to=mypod-debug --image=busybox
# Copy and change container image
kubectl --context=my-context debug mypod --copy-to=mypod-debug --set-image=app=busybox
# Copy and modify command
kubectl --context=my-context debug mypod -it --copy-to=mypod-debug --container=myapp -- sh
# Copy on same node
kubectl --context=my-context debug mypod -it --copy-to=mypod-debug --same-node --image=busybox
# Interactive node debugging (host namespaces, filesystem at /host)
kubectl --context=my-context debug node/mynode -it --image=busybox
# With sysadmin profile for full capabilities
kubectl --context=my-context debug node/mynode -it --image=ubuntu --profile=sysadmin
| Profile | Use Case | Capabilities |
|---|---|---|
legacy | Default, unrestricted | Full access (backwards compatible) |
general | General purpose | Moderate restrictions |
baseline | Minimal restrictions | Pod security baseline |
netadmin | Network troubleshooting | NET_ADMIN capability |
restricted | High security environments | Strictest restrictions |
sysadmin | System administration | SYS_PTRACE, SYS_ADMIN |
# Network debugging (tcpdump, netstat, ss)
kubectl --context=my-context debug mypod -it --image=nicolaka/netshoot --profile=netadmin
# System debugging (strace, perf)
kubectl --context=my-context debug mypod -it --image=ubuntu --profile=sysadmin
| Image | Size | Use Case |
|---|---|---|
busybox | ~1MB | Basic shell, common utilities |
alpine | ~5MB | Shell with apk package manager |
ubuntu | ~77MB | Full Linux with apt |
nicolaka/netshoot | ~350MB | Network debugging (tcpdump, dig, curl, netstat) |
gcr.io/k8s-debug/debug | Varies | Official Kubernetes debug image |
# Add netshoot container for network debugging
kubectl --context=my-context debug mypod -it \
--image=nicolaka/netshoot \
--profile=netadmin
# Inside container:
# - tcpdump -i any port 80
# - dig kubernetes.default
# - curl -v http://service:port
# - ss -tlnp
# - netstat -an
# Copy pod with different entrypoint to inspect
kubectl --context=my-context debug mypod -it \
--copy-to=mypod-debug \
--container=app \
-- sh
# Inside: check filesystem, env vars, config files
# Target container's process namespace
kubectl --context=my-context debug mypod -it \
--image=busybox \
--target=mycontainer
# Inside: ps aux, /proc inspection
# Debug node with host access
kubectl --context=my-context debug node/worker-1 -it \
--image=ubuntu \
--profile=sysadmin
# Inside:
# - Host filesystem at /host
# - chroot /host for full access
# - journalctl, systemctl, dmesg
# Create copy, keeping original running
kubectl --context=my-context debug mypod -it \
--copy-to=mypod-debug \
--same-node \
--share-processes \
--image=busybox
# Original pod continues serving traffic
# Debug copy shares storage if on same node
| Option | Description |
|---|---|
-it | Interactive TTY (required for shell access) |
--image | Debug container image |
--container | Name for the debug container |
--target | Share process namespace with this container |
--copy-to | Create a copy instead of ephemeral container |
--same-node | Schedule copy on same node (with --copy-to) |
--set-image | Change container images in copy |
--profile | Security profile (legacy, netadmin, sysadmin, etc.) |
--share-processes | Enable process namespace sharing (default: true with --copy-to) |
--replace | Delete original pod when creating copy |
--copy-to for invasive debugging - Preserve original pod--same-node - For accessing shared storage/network conditions# List debug pod copies
kubectl --context=my-context get pods | grep -E "debug|copy"
# Delete debug pods
kubectl --context=my-context delete pod mypod-debug
For detailed option reference, examples, and troubleshooting patterns, see REFERENCE.md.
This skill should be used when the user asks about libraries, frameworks, API references, or needs code examples. Activates for setup questions, code generation involving libraries, or mentions of specific frameworks like React, Vue, Next.js, Prisma, Supabase, etc.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.