I have a pod named "test-pod" in k8s in GCP. This pod has a container named test-pod (same name as pod). I want to attach a ephemeral container to this container and want to run few commands e.g. ip route add command to add some routes on the "test-pod" container from ephemeral container. I have created pod/container "test-pod" with following securityConetext:
Spec section of the pod of the yaml file:
spec:
shareProcessNamespace: true
containers:
- name: test-pod
image: xxx:1.0
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN", "NET_ADMIN", "SYS_PTRACE"]
This pod is up and running. now I am trying to attach a debug container as follows:
kubectl debug -it test-pod --image=yyy:1.0 -n test
In the debugger container I am giving following command:
ip route add 10.10.10.0/24 dev eth2
It gives me following error:
RTNETLINK answers: Operation not permitted
whereas this ip route add command is working fine in the test-pod container.
"ip route show" command is working fine from debugger container.
Is it possible to run this command from debugger container? if yes then what I am missing? please let me know.
