I went to a presentation on Sysdig thinking that would be some kind of solution. Not really; not unless you want to hunt down or write syscall filters (or find some online) or pay for the Enterprise version.
I just wish there was a way to do the basics:
1. Look at files within my running container (maybe even modify them, without needing vim or nano installed inside it).
2. Ping/ICMP something from within the container (again, without ping being in the container itself)
3. DNS lookups from within the container
4. Connect to a port on an IP or DNS name from within the container
5. Inspect the contents of a dead container that won't start without having to commit it first.
I did a post a while back on how I feel about debuggin within containers, and I should probably write another one because I don't think I cover those 5 things:
For point one you can grab the running container tag and then add a layer on top with any tools you need.
You obviously won’t get the same operational state but if you want to poke around a container you’ve built and see what’s in it, you can just extend it.
I just wish there was a way to do the basics:
I did a post a while back on how I feel about debuggin within containers, and I should probably write another one because I don't think I cover those 5 things:https://battlepenguin.com/tech/my-love-hate-relationship-wit...