Is it a good idea to enable --inspect for nodejs in production (kubernetes)?

1/15/2020

I have a nodejs pod running in kubernetes production environment. Additionally there is staging and review environment in the same cluster running the same app. I recently added --inspect to the start command in the dockerfile which gets deployed to all environments. My question is, if I enable debugging in production as well, will it impact performance or memory usage? Is it a good practice in general? Otherwise I'll need to create a separate dockerfile for production.

-- Jayadeep KM
debugging
kubernetes
node.js
production-environment
remote-debugging

3 Answers

2/10/2020

You could use Rookout. It's a platform that lets you debug your code while in production, without stopping the runtime - and it also supports Kubernetes.

Basically, you install the Rookout SDK by installing its npm package:

npm install --save rookout

or (if you're using yarn)

yarn add rookout

Then, just initiate the sdk in your code with the token you're provided:

const rookout = require('rookout');

rookout.start({
    token: 'YOUR_ROOKOUT_TOKEN'
});

Then just redeploy your app, and you'll never have to redeploy again to debug. You can just log into the Rookout Web IDE and then you'll be able to place non-breaking breakpoints to get whatever data from your code that you need.

Also, it's important to note that using Rookout has little to no performance impact. In terms of performance, it's pretty much the same as setting a console.log statement; hardly noticeable.

-- Tal Koren
Source: StackOverflow

1/16/2020

Figured a better solution. Create a wrapper script which enables debugging only for non-production environments. For production if it is absolutely necessary, it is better to manually exec into pod and debug. Here is the script: start.sh

#!/bin/sh
if [ "$ENVIRONMENT" = "production" ] ;then
 npm start;
else
 npm run debug;
fi

and in the dockerfile,

CMD [ "/app/src/start.sh" ]
-- Jayadeep KM
Source: StackOverflow

1/15/2020

will it impact performance or memory usage?

Both probably negligiable if just having the flag enabled, mileage may vary if actually live debugging.

Is it good practice

I would say no, and it does have security implications. Although, this would only be a problem if you were to set a public IP, by default debugging would only be permitted on the localhost.

My.advice would be create a separate Dockerfile for prod.

-- James
Source: StackOverflow