I have a nodejs pod running in kubernetes production environment. Additionally there is staging and review environment in the same cluster running the same app. I recently added --inspect to the start command in the dockerfile which gets deployed to all environments. My question is, if I enable debugging in production as well, will it impact performance or memory usage? Is it a good practice in general? Otherwise I'll need to create a separate dockerfile for production.
You could use Rookout. It's a platform that lets you debug your code while in production, without stopping the runtime - and it also supports Kubernetes.
Basically, you install the Rookout SDK by installing its npm package:
npm install --save rookout
or (if you're using yarn)
yarn add rookout
Then, just initiate the sdk in your code with the token you're provided:
const rookout = require('rookout');
rookout.start({
token: 'YOUR_ROOKOUT_TOKEN'
});
Then just redeploy your app, and you'll never have to redeploy again to debug. You can just log into the Rookout Web IDE and then you'll be able to place non-breaking breakpoints to get whatever data from your code that you need.
Also, it's important to note that using Rookout has little to no performance impact. In terms of performance, it's pretty much the same as setting a console.log
statement; hardly noticeable.
Figured a better solution. Create a wrapper script which enables debugging only for non-production environments. For production if it is absolutely necessary, it is better to manually exec into pod and debug. Here is the script: start.sh
#!/bin/sh
if [ "$ENVIRONMENT" = "production" ] ;then
npm start;
else
npm run debug;
fi
and in the dockerfile,
CMD [ "/app/src/start.sh" ]
will it impact performance or memory usage?
Both probably negligiable if just having the flag enabled, mileage may vary if actually live debugging.
Is it good practice
I would say no, and it does have security implications. Although, this would only be a problem if you were to set a public IP, by default debugging would only be permitted on the localhost.
My.advice would be create a separate Dockerfile for prod.