Skip to main content

The Podshell Alias

Kubernetes is a powerful container orchestration platform we use to manage the Hosted Web Infrastructure at the OSU Office of Technology & Digital Innovation. (OTDI)  The platform includes a built-in function called ‘pod shell’ that gives administrative (root) users access to the environment inside a running container, through a terminal shell. This is a powerful tool when it comes to performing important maintenance & debugging tasks, but it’s also very dangerous from a security perspective. 

Occasionally, non-root users require this access to perform important maintenance & debugging tasks. Without it, managing sites with tools like Composer® or Drush® becomes virtually impossible.  So, we’ve developed a podshell alias command to provide ‘pod shell’ functionality in a controlled way that doesn’t reduce your container security.  Specifically, it only allows modifications to non-ephemeral components to those users who are members of the account’s ‘Shell’ user group.

Using Podshell

  1. Ensure you’re a member of the site’s ‘Shell’ user group.
  2. Connect to your Site’s Backend with Secure Shell (SSH).
  3. Type podshell , hit Enter, and choose a container from the provided list of running containers. (Containers with the same prefix name are redundant copies of themselves)
[SiteID@cio-whaappd01]$ podshell
   1: apache-5f5d54fbcc-4862l
   2: apache-5f5d54fbcc-7d6n7
   3: apache-5f5d54fbcc-7d7v6
   4: phpfpm-869f6b79f6-586k2
   5: phpfpm-869f6b79f6-jgzb2
   6: phpfpm-869f6b79f6-xgdvl
Please choose [1 - 6]: 1
[SiteID@apache-5f5d54fbcc-4862l ~]$
  1. You’ll know you’re inside the container when your prompt includes the container’s name. 
[SiteID@apache-5f5d54fbcc-4862l ~]$

Troubleshooting

If you’re having problems getting podshell to work in your OTDI Web Hosted Environment, please follow these troubleshooting steps:

  1. Ensure your name.# is a member of the ‘Shell’ User Group.
  2. Check your site’s logfiles:
    1. Log in to your OTDI Web Hosting account with Secure SHell (SSH) or sFTP and navigate to /user/local/logs/[SiteID].  (Your SiteID is your account’s unique identifier within the OTDI Web Hosting system)
  3. Contact us.