From 8f203f8ffdcdc3038a58122c28a47e250bb6b30c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C5=82awek=20Piotrowski?= <sentinel@atteo.com>
Date: Sun, 2 Feb 2025 13:57:59 +0100
Subject: [PATCH] Log in as root to the node.

This executes simple container in host IPC, network and PID space.
Then is uses nsenter to switch other namespaces and execute BASH.
---
 plugins/node-root-shell.yaml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 plugins/node-root-shell.yaml

diff --git a/plugins/node-root-shell.yaml b/plugins/node-root-shell.yaml
new file mode 100644
index 0000000000..0342f79b5b
--- /dev/null
+++ b/plugins/node-root-shell.yaml
@@ -0,0 +1,34 @@
+plugins:
+  node-root-shell:
+    shortCut: a
+    description: Run root shell on node
+    dangerous: true
+    scopes:
+      - nodes
+    command: bash
+    background: false
+    confirm: true
+    args:
+      - -c
+      - |
+        host="$1"
+        json='
+        {
+          "apiVersion": "v1",
+          "spec": {
+            "hostIPC": true,
+            "hostNetwork": true,
+            "hostPID": true
+        '
+        if ! [[ -z "$host" ]]; then
+          json+=",
+          \"nodeSelector\" : {
+            \"kubernetes.io/hostname\" : \"$host\"
+          }
+          ";
+        fi
+        json+='
+          }
+        }
+        '
+        kubectl run -ti --image alpine:3.8 --rm --privileged --restart=Never --overrides="$json" root --command -- nsenter -t 1 -m -u -n -i -- bash -l