Problem
Sometimes you need to quickly check or change files on a specific node in your cluster, but you don't have SSH access to the node.
Solution
1. Create the following pod definition file:
# node-explorer.pod.yaml
apiVersion: v1 kind: Pod metadata: name: node-explorer spec: nodeName: ip-10-0-146-145.us-west-2.compute.internal volumes: - name: host-root hostPath: path: / containers: - name: node-explorer image: alpine command: ["sleep", "9999999999"] volumeMounts: - name: host-root mountPath: /host
2. Replace the value of the nodeName field with the name of the node that filesystem you want to explore.
3. Deploy the pod:
kubectl apply -f node-explorer.pod.yaml
4. Attach your terminal to the pod:
kubectl exec -it node-explorer -- sh
5. Explore the filesystem:
/ # ls -l /host/etc/kubernetes/pki/
total 64
-rw-r--r-- 1 root root 1159 Oct 25 09:28 apiserver-etcd-client.crt
-rw------- 1 root root 1675 Oct 25 09:28 apiserver-etcd-client.key
-rw-r--r-- 1 root root 1164 Oct 25 09:28 apiserver-kubelet-client.crt
-rw------- 1 root root 1679 Oct 25 09:28 apiserver-kubelet-client.key
-rw-r--r-- 1 root root 1428 Oct 25 09:28 apiserver.crt
-rw------- 1 root root 1675 Oct 25 09:28 apiserver.key
-rw-r----- 1 root root 1070 Oct 25 09:27 ca.crt
-rw------- 1 root root 1679 Oct 25 09:27 ca.key
-rw-r----- 1 root root 258 Oct 25 09:27 encryption-config.yaml
drwxr-xr-x 2 root root 4096 Oct 25 09:28 etcd
-rw-r----- 1 root root 1070 Oct 25 09:27 front-proxy-ca.crt
-rw------- 1 root root 1675 Oct 25 09:27 front-proxy-ca.key
-rw-r--r-- 1 root root 1115 Oct 25 09:28 front-proxy-client.crt
-rw------- 1 root root 1679 Oct 25 09:28 front-proxy-client.key
-rw------- 1 root root 1675 Oct 25 09:27 sa.key
-rw-r----- 1 root root 451 Oct 25 09:27 sa.pub
6. Don't forget to remove the pod:
kubectl delete pod node-explorer