Stats
Actions
Tags
From kubernetes-plugin
Debugs Kubernetes pods, nodes, and workloads using kubectl debug: ephemeral containers, pod copies, node access, debug profiles, and interactive sessions.
How this skill is triggered — by the user, by Claude, or both
Slash command
/kubernetes-plugin:kubectl-debugginghaikuThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Expert knowledge for debugging Kubernetes resources using `kubectl debug` - ephemeral containers, pod copies, and node access.
Expert knowledge for debugging Kubernetes resources using kubectl debug - ephemeral containers, pod copies, and node access.
kubectl debug automates common debugging tasks:
Always specify --context explicitly in every kubectl command:
# CORRECT: Explicit context
kubectl --context=prod-cluster debug mypod -it --image=busybox
# WRONG: Relying on current context
kubectl debug mypod -it --image=busybox # Which cluster?
# Interactive debugging with busybox
kubectl --context=my-context debug mypod -it --image=busybox
# Target specific container's process namespace
kubectl --context=my-context debug mypod -it --image=busybox --target=mycontainer
# Use a specific debug profile
kubectl --context=my-context debug mypod -it --image=busybox --profile=netadmin
# Create debug copy
kubectl --context=my-context debug mypod -it --copy-to=mypod-debug --image=busybox
# Copy and change container image
kubectl --context=my-context debug mypod --copy-to=mypod-debug --set-image=app=busybox
# Copy and modify command
kubectl --context=my-context debug mypod -it --copy-to=mypod-debug --container=myapp -- sh
# Copy on same node
kubectl --context=my-context debug mypod -it --copy-to=mypod-debug --same-node --image=busybox
# Interactive node debugging (host namespaces, filesystem at /host)
kubectl --context=my-context debug node/mynode -it --image=busybox
# With sysadmin profile for full capabilities
kubectl --context=my-context debug node/mynode -it --image=ubuntu --profile=sysadmin
| Profile | Use Case | Capabilities |
|---|---|---|
legacy | Default, unrestricted | Full access (backwards compatible) |
general | General purpose | Moderate restrictions |
baseline | Minimal restrictions | Pod security baseline |
netadmin | Network troubleshooting | NET_ADMIN capability |
restricted | High security environments | Strictest restrictions |
sysadmin | System administration | SYS_PTRACE, SYS_ADMIN |
# Network debugging (tcpdump, netstat, ss)
kubectl --context=my-context debug mypod -it --image=nicolaka/netshoot --profile=netadmin
# System debugging (strace, perf)
kubectl --context=my-context debug mypod -it --image=ubuntu --profile=sysadmin
| Image | Size | Use Case |
|---|---|---|
busybox | ~1MB | Basic shell, common utilities |
alpine | ~5MB | Shell with apk package manager |
ubuntu | ~77MB | Full Linux with apt |
nicolaka/netshoot | ~350MB | Network debugging (tcpdump, dig, curl, netstat) |
gcr.io/k8s-debug/debug | Varies | Official Kubernetes debug image |
# Add netshoot container for network debugging
kubectl --context=my-context debug mypod -it \
--image=nicolaka/netshoot \
--profile=netadmin
# Inside container:
# - tcpdump -i any port 80
# - dig kubernetes.default
# - curl -v http://service:port
# - ss -tlnp
# - netstat -an
# Copy pod with different entrypoint to inspect
kubectl --context=my-context debug mypod -it \
--copy-to=mypod-debug \
--container=app \
-- sh
# Inside: check filesystem, env vars, config files
# Target container's process namespace
kubectl --context=my-context debug mypod -it \
--image=busybox \
--target=mycontainer
# Inside: ps aux, /proc inspection
# Debug node with host access
kubectl --context=my-context debug node/worker-1 -it \
--image=ubuntu \
--profile=sysadmin
# Inside:
# - Host filesystem at /host
# - chroot /host for full access
# - journalctl, systemctl, dmesg
# Create copy, keeping original running
kubectl --context=my-context debug mypod -it \
--copy-to=mypod-debug \
--same-node \
--share-processes \
--image=busybox
# Original pod continues serving traffic
# Debug copy shares storage if on same node
| Option | Description |
|---|---|
-it | Interactive TTY (required for shell access) |
--image | Debug container image |
--container | Name for the debug container |
--target | Share process namespace with this container |
--copy-to | Create a copy instead of ephemeral container |
--same-node | Schedule copy on same node (with --copy-to) |
--set-image | Change container images in copy |
--profile | Security profile (legacy, netadmin, sysadmin, etc.) |
--share-processes | Enable process namespace sharing (default: true with --copy-to) |
--replace | Delete original pod when creating copy |
--copy-to for invasive debugging - Preserve original pod--same-node - For accessing shared storage/network conditions# List debug pod copies
kubectl --context=my-context get pods | grep -E "debug|copy"
# Delete debug pods
kubectl --context=my-context delete pod mypod-debug
For detailed option reference, examples, and troubleshooting patterns, see REFERENCE.md.
npx claudepluginhub laurigates/claude-plugins --plugin kubernetes-pluginAssists with Kubernetes kubectl operations: debugging (logs, describe, exec, port-forward), managing resources (deployments, services, configmaps, secrets), and cluster tasks (scaling, rollouts, nodes). Use for pods, services, or troubleshooting.
Manages Kubernetes operations: deployments, workloads, networking, storage, troubleshooting, kubectl mastery, and cluster stability for pods and services.
Diagnoses and fixes Kubernetes pod failures like CrashLoopBackOff, Pending, DNS, networking, storage mounts, and rollout issues using kubectl workflows and scripts.