change debug image to terminate automatically NIS-207911 (#4)

Co-authored-by: Peter Foldberg <pfoldberg@live.dk>

Author: pfo-netic

Dockerfile

@@ -9,4 +9,5 @@ RUN pip3 install websocket-client azure-storage-blob azure-identity azure-cli==$
 RUN npm install -g wscat
 
 USER 10001:30001
-ENTRYPOINT ["/bin/bash"]
+ENTRYPOINT ["sleep"]
+CMD ["1800"]

README.md

@@ -1,65 +1,37 @@
 # kubernetes-debug-image
 Debug image for debugging within a kubernetes cluster.
 
-
-# Dockerfile
-Example of dockerfile with tools for debugging.\
-Tools can be added or removed in ```apt install```. 
-
-```
-FROM ubuntu:22.04
-
-ARG AZ_CLI_VERSION=2.40.0
-
-RUN useradd -u 10001 scratchuser
-RUN groupadd -g 30001 debuggroup
-RUN apt update; apt -y install vim netcat-openbsd curl wget bind9-host bind9-dnsutils python3 python3-pip postgresql-client; apt clean
-RUN pip3 install azure-storage-blob azure-identity azure-cli==${AZ_CLI_VERSION}
-
-USER 10001:30001
-ENTRYPOINT ["tail", "-f", "/dev/null"]
-```
-
 # Debug deployment
 Example of yaml file containing the deployment of debugger pods.\
 Namespace needs to be changed to match the environment it's deployed in.\
 Currently the image is set to the default debug-image.\
-Consider adding egress rules for debugging the network.
-
+Consider adding egress rules for debugging the network. \
+Default duration before container terminates is 30 minutes. \
+This can be overwritten in the args field on the container. \
+The time must be set in seconds. 
 ```
----
-apiVersion: apps/v1
-kind: Deployment
+apiVersion: v1
+kind: Pod
 metadata:
-  name: debug-deployment
-  namespace: your-namespace
+  name: debug-pod
+  namespace: <namespace>
+  labels:
+    appName: debug
+    netic.dk/network-rules-egress: app-name
+    netic.dk/network-component: other-app-name
 spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      appName: debug
-  template:
-    metadata:
-      labels:
-        appName: debug
-        netic.dk/network-rules-egress: app-name
-        netic.dk/network-component: other-app-name
-    spec:
-      securityContext:
-        runAsUser: 10001
-        runAsGroup: 30001
-      containers:
-      - name: debug-pod
-        image: ghcr.io/neticdk/kubernetes-debug-image:<tag>
-        command:
-          - /bin/tail
-          - -f
-          - /dev/null
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-              - "ALL"
+  securityContext:
+    runAsUser: 10001
+    runAsGroup: 30001
+  containers:
+  - name: debug-pod
+    image: ghcr.io/neticdk/kubernetes-debug-image:<tag>
+    args: ["1800"]
+    securityContext:
+      capabilities:
+        drop:
+        - "ALL"
+      allowPrivilegeEscalation: false
 ```
 
 # Installation

debugger.yaml

@@ -1,29 +1,23 @@
 ---
-apiVersion: apps/v1
-kind: Deployment
+apiVersion: v1
+kind: Pod
 metadata:
-  name: debug-deployment
-  namespace: default
+  name: debug-pod
+  namespace: <namespace>
+  labels:
+    appName: debug
+    netic.dk/network-rules-egress: app-name
+    netic.dk/network-component: other-app-name
 spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      appName: debug
-  template:
-    metadata:
-      labels:
-        appName: debug
-        netic.dk/network-rules-egress: app-name
-        netic.dk/network-component: other-app-name
-    spec:
-      securityContext:
-        runAsUser: 10001
-        runAsGroup: 30001
-      containers:
-      - name: debug-pod
-        image: ghcr.io/neticdk/kubernetes-debug-image:latest
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-              - "ALL"
+  securityContext:
+    runAsUser: 10001
+    runAsGroup: 30001
+  containers:
+  - name: debug-pod
+    image: ghcr.io/neticdk/kubernetes-debug-image:<tag>
+    args: ["1800"]
+    securityContext:
+      capabilities:
+        drop:
+        - "ALL"
+      allowPrivilegeEscalation: false