Find host PIDs for processes in Kind cluster
Project description
Find host PIDs for processes in Kind cluster
Introduction
This Python script identifies the host PID for a process running inside a pod in a Kind Kubernetes cluster.
It uses docker exec to execute crictl on the Kind node to list the pods and containers running on the node.
It then navigates through /sys/fs/cgroup/ and the nested cgroups to find the host PIDs.
Finally /proc/ is used to get the process details.
The script requires only Python and does not depend on any external packages.
Since it directly accesses the cgroup and proc filesystems, it works only on Linux hosts where kind is executed and is not compatible with MacOS.
usage: kindps [-h] [-o {tabular,json}] [--debug] [-v] docker_filter [pod_filter]
Find host PIDs for processes in Kind cluster
positional arguments:
docker_filter filter for Kind Docker container names
pod_filter optional filter for pod names
options:
-h, --help show this help message and exit
-o {tabular,json}, --output {tabular,json}
output format (default: tabular)
--debug activate debug logging
-v, --version show program's version number and exit
Installation
Either download kindps.py or install as a Python package:
pip install kindps
Example usage
First, list the nodes in the Kind cluster:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
contour-control-plane Ready control-plane 11h v1.32.0
contour-worker Ready <none> 11h v1.32.0
These nodes correspond to the Docker containers that are running:
$ docker ps --format "table {{.ID}}\t{{.Names}}"
CONTAINER ID NAMES
992ec6ccbeed contour-control-plane
22c9d82b69f2 contour-worker
To list the containers running in pods that contain envoy in their names and are running on nodes that contain contour in their names, run:
$ kindps contour envoy
Result is printed in tabular format by default:
Containers:
envoy:
Pod: envoy-z5lp9
Node: contour-worker
Process:
pid: 2367787
cmd: envoy -c /config/envoy.json --service-cluster projectcontour --service-node
envoy-z5lp9 --log-level info
Image: docker.io/envoyproxy/envoy:v1.31.5
Created: 2025-01-18T10:37:07.655928
Labels:
app: envoy
controller-revision-hash: dd8c68b4b
pod-template-generation: 1
shutdown-manager:
Pod: envoy-z5lp9
Node: contour-worker
Process:
pid: 2367735
cmd: /bin/contour envoy shutdown-manager
Image: ghcr.io/projectcontour/contour:v1.30.2
Created: 2025-01-18T10:37:07.511818
Labels:
app: envoy
controller-revision-hash: dd8c68b4b
pod-template-generation: 1
Summary:
Containers: 2
Processes: 2
To get JSON format output, include the --output json option:
[
{
"node": "contour-worker",
"pod": "envoy-z5lp9",
"container": "envoy",
"image": "docker.io/envoyproxy/envoy:v1.31.5",
"created": "2025-01-18T10:37:07.655928",
"pids": [
{
"pid": "2367787",
"cmd": "envoy -c /config/envoy.json --service-cluster projectcontour --service-node envoy-z5lp9 --log-level info"
}
],
"labels": {
"app": "envoy",
"controller-revision-hash": "dd8c68b4b",
"pod-template-generation": "1"
}
},
{
"node": "contour-worker",
"pod": "envoy-z5lp9",
"container": "shutdown-manager",
"image": "ghcr.io/projectcontour/contour:v1.30.2",
"created": "2025-01-18T10:37:07.511818",
"pids": [
{
"pid": "2367735",
"cmd": "/bin/contour envoy shutdown-manager"
}
],
"labels": {
"app": "envoy",
"controller-revision-hash": "dd8c68b4b",
"pod-template-generation": "1"
}
}
]
The PIDs listed are the host PIDs for the processes running inside the containers. These PIDs can be used on the host to access the process:
$ ps 2367787
PID TTY STAT TIME COMMAND
2367787 ? Ssl 0:00 envoy -c /config/envoy.json --service-cluster projectcontour
--service-node envoy-z5lp9 --log-level info
For example, to access the root filesystem of the container:
$ sudo ls /proc/2367787/root/
admin config home libx32 proc run tmp
bin dev lib media product_name sbin usr
boot docker-entrypoint.sh lib32 mnt product_uuid srv var
certs etc lib64 opt root sys
To send a signal to the process, even if the container lacks the kill command:
$ sudo kill -STOP 2367787
Alternatively, nsenter can be used to enter the network namespace of the process to run wireshark:
$ sudo nsenter \
--target $(kindps contour-worker envoy --output json | jq -r '.[0].pids[0].pid') \
--net wireshark -i any -k
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file kindps-0.1.0.tar.gz.
File metadata
- Download URL: kindps-0.1.0.tar.gz
- Upload date:
- Size: 10.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: python-requests/2.32.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4b4cbb1bb9225e97a09d93c8c34a42d02d71d289bd1938d78d4047c803c1ed33
|
|
| MD5 |
1fc1e23ef41aec066008ad72273817c8
|
|
| BLAKE2b-256 |
f5f8aa570c684f85b52f5936a12f2239c3e507e46bd9a84801219dfdab2d5197
|
File details
Details for the file kindps-0.1.0-py3-none-any.whl.
File metadata
- Download URL: kindps-0.1.0-py3-none-any.whl
- Upload date:
- Size: 10.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: python-requests/2.32.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
177f67c13ccd4b9a84a6be74a1667f84d12c0e622ba25be943d15bb3a17a9d12
|
|
| MD5 |
1f47ee96ee2d730b07ca84ca2eedfd6f
|
|
| BLAKE2b-256 |
f6faa5effe45c8015afd8d9d9562d6ac58e7c59944b2386c121fcc06fe8bb776
|
