Running the Diagnose Container

The quay.io/mantisnet/diagnose container image is a great way to inspect a running Tawon container. It contains a networking and debugging tools. It is based on the netshoot container image as well as readelf and objdump.

The container image is available on Quay.io.

Usage with Docker

If you’re having networking issues with your application’s container, you can launch diagnose with that container’s network namespace like this:

$ docker run -it --net container:<container_name> quay.io/mantisnet/diagnose

If you think the networking issue is on the host itself, you can launch netshoot with that host’s network namespace:

$ docker run -it --net host quay.io/mantisnet/diagnose

Usage with Kubernetes

If you want to debug using an ephemeral container in an existing pod (since Kubernetes 1.25):

$ kubectl debug my-tawon-agent -it --image=quay.io/mantisnet/diagnose

If you want to spin up a throw away pod for debugging.

$ kubectl run tmp-shell --rm -i --tty --image quay.io/mantisnet/diagnose

If you want to spin up a container on the host’s network namespace.

$ kubectl run tmp-shell --rm -i --tty --overrides='{"spec": {"hostNetwork": true}}'  --image quay.io/mantisnet/diagnose

If you want to spin up a standalone pod with full privileges and the host volume, you can use the following manifest. This is useful for node level debugging.

oc apply -n tawon -f diagnose.yaml
oc exec -it pod/tawon-diagnose zsh

apiVersion: v1
kind: Pod
metadata:
  name: tawon-diagnose
spec:
  containers:
  - image: quay.io/mantisnet/diagnose:latest
    imagePullPolicy: Always
    name: diagnose
    command: ['sh', '-c', 'sleep infinity']
    volumeMounts:
    - mountPath: /var/run/tawon/host
      name: host
    securityContext:
      privileged: true
  volumes:
  - name: host
    hostPath:
      path: /
      type: Directory