In a distant kube cluster I have some pod with C++ application. I need to debug them with gdb or gdbserver but :
- No capabilities (like SYS_PTRACE) allowed on the images
- No privileged user
- No CustomResourceDefinitions allowed in the cluster
- No SELinux in the images (it's a no from the security team)
I tried Squash (can't use CRD), NSenter (no access to the host, only some access to create or delete kube resources), SELinux (not possible), can't edit /proc/sys/kernel/yama/ptrace_scope.