We would like to harden our Docker Image and remove redundant software from it. Our Devs and Ops asked to keep some Linux tools used for debugging on the containers running on our Kubernetes Prod environment.
I’ve read this post: https://www.digitalocean.com/community/tutorials/how-to-inspect-kubernetes-networking
And it made me wonder, is it possible to run commands that exist only on the host, on a container (which those commands have been removed from)?
If so is there a difference between commands that have been removed from the container than ones that the user don’t have permissions to run?
P.S. How do the tools in the above mentioned post work?
Thanks for the help! 🙂