This repo demonstrates using .NET diagnostic tools such as dotnet-dump from a conditionally enabled sidecar container in pods deployed to Kubernetes. This approach allows us to:
- Run application more securely under normal circumstances (read-only root file system, no additional tools installed that increase attack surface), and
- Enable diagnostics and tools on demand when needed.
This repo contains:
- A sample ASP.NET Core app and accompanying Dockerfile.
- A Dockerfile Dockerfile.dotnettools for building a dotnet tools image to use as a sidecar.
- A Helm chart in the helm directory.
- The setup.sh script with the commands needed to set up the demo.
- The get-dotnet-dump.sh file with commands to run a
dotnet-dumpusing the sidecar container. - A sample -Dockerfile.builtin-dotnettools to show how to install the tools right in your application container if desired, using the .NET SDK in a stage.
- .NET 6.0 SDK
- Docker
- Azure CLI
- Helm 3 or later.
- A Microsoft Azure account.
- Recommended: Visual Studio Code with the Docker and Kubernetes extensions.
To setup and run the demo, follow along the steps in the setup.sh script. This will walk through:
- Creating the ACR and AKS cluster in Azure.
- Building and pushing the container images.
- Deploying the application via Helm.
- Running a
dotnet-dumpto get a dump on our application container from a sidecar container.