Debug your golang app running inside k8s or Docker
(attaching an ephemeral container with Delve inside)
Ad-hoc guides are provided for some projects:
- Rancher
- Rancher fleet and its components
- k3d (k3s in Docker)
For other use cases follow instructions below.
- the binary to debug should be compiled using
go buildwith the following options (that disable optimizations):
-gcflags='all=-N -l'
- the binary to debug must not be compiled with the following options (that strip symbols):
-ldflags '-s -w'
For Kubernetes:
- have
kubectlavailable - use k8s >= v1.18
For Kubernetes:
./delve-debugger.sh <NAMESPACE> <POD> <CONTAINER> <EXECUTABLE>
For Docker:
./delve-debugger-docker.sh <CONTAINER> <EXECUTABLE>
This will open local port 4000, which you can attach to from GoLand. If you need a port other than 4000, add the number as the last parameter.
Enjoy breakpoints, watches and stack inspection!
Q: I get the error:
Could not attach to pid 1: this could be caused by a kernel security setting, try writing "0" to /proc/sys/kernel/yama/ptrace_scope
A: /proc/sys/kernel/yama/ptrace_scope is a host (node) kernel setting, its default value depends on your distro and configuration. You can change it as suggested via echo 0 >/proc/sys/kernel/yama/ptrace_scope as root on the node running the delve pod. If you do not have root shell access to the node but can run privileged containers, please refer to these instructions.