|
1 | 1 | # Debug a container within a cluster |
2 | 2 |
|
3 | | -The container build also publishes a debug container for each tagged release of the container with the tag suffixed with `-debug`. This container contains the workspace and has an alternative entrypoint which allows the devcontainer to attach: so if you have configured a `livenessProbe` that requires the service to have started it should be disabled. The container also installs debugpy and makes the service install editable. Any custom `command` or `args` defined for the container should be disabled. |
| 3 | +The container build also publishes a debug container for each tagged release of the container with the tag suffixed with `-debug`. This container contains the workspace and has an alternative entrypoint which allows the devcontainer to attach: if you have configured a `livenessProbe` that requires the service to have started it should be disabled. The container also installs debugpy and makes the service install editable. Any custom `command` or `args` defined for the container should be disabled. |
4 | 4 |
|
5 | | -With the [Kubernetes plugin for vscode](https://marketplace.visualstudio.com/items?itemName=ms-kubernetes-tools.vscode-kubernetes-tools) it is then possible to attach to the container inside the cluster. This may require that the kubeconfig is at `~/.kube/config`, rather than referenced from the environment variable `KUBECONFIG`. It may also be necessary to [add additional contextual information](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-context/), such as the namespace in use. |
| 5 | +With the [Kubernetes plugin for vscode](https://marketplace.visualstudio.com/items?itemName=ms-kubernetes-tools.vscode-kubernetes-tools) it is then possible to attach to the container inside the cluster. This may require that your targeted kubeconfig is at `~/.kube/config`, rather than referenced from the environment variable `KUBECONFIG`. It may also be necessary to [add additional contextual information](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-context/), such as the namespace. |
6 | 6 |
|
7 | | - |
8 | | -The Kubernetes plugin can be found in the plugin bar. Expanding the Clusters>`cluster`>Workloads>Pods views, your service should be visible. Right Click>Attach Visual Studio Code will initiate connecting to the workspace in the cluster. Select your service container from the top menu. |
| 7 | + |
| 8 | +The Kubernetes plugin can be found in the plugin bar. Expanding the Clusters>`cluster`>Workloads>Pods views, your service should be visible. Right Click>Attach Visual Studio Code will initiate connecting to the workspace in the cluster. Select your service container from the top menu when prompted. |
9 | 9 |
|
10 | | -After the connection to the cluster has been established, it may be necessary to open the workspace folder by clicking the Explorer option in the plugin bar, it should be mounted at `/workspaces/<service name>`, equivalent to a local devcontainer. |
| 10 | +After the connection to the cluster has been established, it may be necessary to open the workspace folder by clicking the Explorer option in the plugin bar, the repository will be mounted at `/workspaces/<service name>`, equivalent to when working with a local devcontainer. |
11 | 11 |
|
12 | | -Starting your service with the command usually executed by the container definition starts it on the node, with access to kubernetes resources as usual, however it's also now possible to attach a debugger, configured to autoReload code, or to start and stop the service rapidly to implement prospective changes. |
| 12 | +Starting your service with the command in the container definition starts it on the node, with access to Kubernetes resources, however it is also now possible to run with or attach a debugger, potentially configured to autoReload code, or to start and stop the service rapidly to implement prospective changes. |
13 | 13 |
|
14 | | -After you are happy with the changes, commit them and release a new version of your container. Changes will otherwise not be persisted across container restarts! Your git configuration should be mounted inside the container. |
| 14 | +After you are happy with the changes, commit them and release a new version of your container. Changes will otherwise not be persisted across container restarts. Your git and ssh config will be mounted inside the devcontainer while connected and for containers on github, the remote `origin` will be configured to use ssh. |
15 | 15 |
|
16 | 16 | ## Debugging containers that run as non-root |
17 | | -For containers running in the Diamond Kubernetes infrastructure that run as a specific uid (e.g. if mounting the filesystem), it is required to use a sidecar container to provide name resolution with Diamond's LDAP infrastructure and to mount a home directory to download vscode plugins. |
| 17 | +For containers running in the Diamond Kubernetes infrastructure that run as a specific uid (e.g. if mounting the filesystem), it is required to use a sidecar container to provide name resolution from Diamond's LDAP infrastructure and to mount a home directory to house vscode plugins. |
18 | 18 |
|
19 | 19 | A sidecar for the Debian-based Python image this template uses is published as a container from this repository, the version should match the version of the python-copier-template you are using, to ensure compatibility with the underlying container infrastructure. |
20 | 20 |
|
21 | 21 | ```yaml |
22 | 22 | - name: debug-account-sync |
23 | | - image: ghcr.io/diamondlightsource/python-copier-template/account-sync:<version> |
24 | | - volumeMounts: |
25 | | - # This allows the nslcd socket to be shared between the main container and the sidecar |
26 | | - - mountPath: /var/run/nslcd |
| 23 | + image: ghcr.io/diamondlightsource/python-copier-template/account-sync:<version> |
| 24 | + volumeMounts: |
| 25 | + # The nslcd socket will be shared between the service and the sidecar |
| 26 | + - mountPath: /var/run/nslcd |
27 | 27 | name: nslcd |
28 | 28 | ``` |
29 | 29 |
|
30 | | -The following changes/additions to your `values.yaml` will be required to connect vscode when using the sidecar. |
| 30 | +The following changes/additions to your `values.yaml` may be required to connect vscode when using the sidecar. |
| 31 | +It is recommended to set the `HOME` environment variable on your container to be debugged to the same value used in the volume below. |
31 | 32 |
|
32 | 33 | ```yaml |
33 | 34 | volumes: |
34 | | -- name: home # Required for vscode to install plugins |
| 35 | +- name: home # Required for vscode to start and install plugins |
35 | 36 | hostPath: |
36 | | - path: /home/ |
| 37 | + path: /home/<fedid> |
37 | 38 | - name: nslcd # Shared volume between main and sidecar container |
38 | 39 | emptyDir: |
39 | 40 | sizeLimit: 500Mi |
40 | 41 |
|
41 | 42 | volumeMounts: |
42 | | -- mountPath: /home/ |
| 43 | +- mountPath: /home/<fedid> |
43 | 44 | name: home |
44 | 45 | - mountPath: /var/run/nslcd |
45 | 46 | name: nslcd |
46 | 47 |
|
47 | 48 | # Disable any liveness probe, as will not start service automatically |
48 | | -livenessProbe: |
| 49 | +livenessProbe: null |
| 50 | +readinessProbe: null |
49 | 51 |
|
50 | 52 | # Required to mount /home/, /dls/ etc. |
51 | 53 | podSecurityContext: |
52 | | - runAsUser: <uid> |
53 | | - runAsGroup: <gid> |
| 54 | + runAsUser: <uid of fedid> |
| 55 | + runAsGroup: <gid of fedid> |
54 | 56 |
|
55 | 57 | image: |
56 | 58 | tag: "<version>-debug" |
|
0 commit comments