CloudCopsCloudCops Resources

← Back to snippets

Access Kubernetes Nodes Without SSH

February 5, 2026Salih Kayiplar

kubernetes
debugging
security
nodes

Quick: kubectl debug

kubectl debug node/<node-name> -it \
  --image=mcr.microsoft.com/cbl-mariner/busybox:2.0

# Inside the container:
chroot /host

Full access: privileged pod + nsenter

apiVersion: v1
kind: Pod
metadata:
  name: node-shell
spec:
  hostPID: true
  containers:
  - name: shell
    image: ubuntu
    command: ["sleep", "3600"]
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /run/dbus/system_bus_socket
      name: dbus-socket
    - mountPath: /run/systemd/system
      name: systemd-socket
  volumes:
  - name: dbus-socket
    hostPath:
      path: /run/dbus/system_bus_socket
      type: Socket
  - name: systemd-socket
    hostPath:
      path: /run/systemd/system
      type: Directory

kubectl apply -f node-shell.yaml
kubectl exec -it node-shell -- bash

# Enter node namespace
nsenter --target 1 --mount --uts --ipc --net --pid /bin/bash

# Now you have full node access:
systemctl status kubelet
journalctl -u kubelet --no-pager -n 50
df -h
crictl ps

nsenter flags

FlagDoes
--target 1PID 1 (systemd) namespace
--mountNode filesystem
--netNode network
--pidNode processes

Gotcha

  • Delete the pod immediately after: kubectl delete pod node-shell
  • privileged: true + hostPID: true = full root on the node
  • On GKE Autopilot, privileged pods are blocked by policy
  • kubectl debug node/ doesn't give you systemctl — use the privileged pod method if you need daemon control

Ready to scale your cloud infrastructure?

Let's discuss how CloudCops can help you build secure, scalable, and modern DevOps workflows. Schedule a free discovery call today.

Book a Meeting with an Expert

Related Snippets

HashiCorp Vault AppRole for External Secrets Operator

Set up a Vault AppRole with non-expiring secret IDs for the External Secrets Operator on Kubernetes.

Jan 28, 2026
vault
kubernetes
secrets

Kubernetes Useful Commands Cheat Sheet

Battle-tested kubectl commands for daily cluster operations — pod cleanup, version checks, network debugging, bulk patching, and more.

Feb 15, 2026
kubernetes
kubectl
bash

Zalando Postgres Operator: Backup & Restore on Azure

Complete guide to setting up WAL-G backups with Azure Blob Storage for the Zalando Postgres Operator, including restore procedures and troubleshooting.

Feb 10, 2026
kubernetes
postgresql
azure