如何在容器内运行kubectl命令? [英] How to run kubectl commands inside a container?

问题描述

在容器内的容器中，如何使用kubectl运行命令?例如，如果我需要在容器内执行以下操作:

In a container inside a pod, how can I run a command using kubectl? For example, if i need to do something like this inside a container:

kubectl获得豆荚

kubectl get pods

我已经尝试过:在我的dockerfile中，我有以下命令:

I have tried this : In my dockerfile, I have these commands :

RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
RUN chmod +x ./kubectl
RUN sudo mv ./kubectl /usr/local/bin/kubectl

我正在尝试OSX文件，我已将其更正为linux二进制文件. (由@svenwltr

EDIT : I was trying the OSX file, I have corrected it to the linux binary file. (corrected by @svenwltr

虽然创建了docker文件，但是成功了，但是当我在容器中运行kubectl get pod时，

While creating the docker file, this is successful, but when I run the kubectl get pods inside a container,

kubectl get pods

我收到此错误:

与服务器的连接:被拒绝-您是否指定了正确的主机或端口?

The connection to the server : was refused - did you specify the right host or port?

当我在本地部署时，如果我的docker-machine没有运行，那么我会遇到此错误，但是在容器内部如何运行docker-machine?

When I was deploying locally, I was encountering this error if my docker-machine was not running, but inside a container how can a docker-machine be running?

在本地，我通过运行以下命令来解决此错误: (dev是docker-machine的名称)

Locally, I get around this error by running the following commands: (dev is the name of the docker-machine)

docker-machine env dev
eval $(docker-machine env dev)

有人可以告诉我我需要做什么吗?

Can someone please tell me what is it that I need to do?

推荐答案

我将使用kubernetes api，您只需要安装curl，而不是kubectl，其余的就好了.

I would use kubernetes api, you just need to install curl, instead of kubectl and the rest is restful.

curl http://localhost:8080/api/v1/namespaces/default/pods

我在我的一个apiserver上运行以上命令.将 localhost 更改为 apiserver ip地址/dns名称.

Im running above command on one of my apiservers. Change the localhost to apiserver ip address/dns name.

根据您的配置，您可能需要使用ssl或提供客户端证书.

Depending on your configuration you may need to use ssl or provide client certificate.

为了找到api端点，可以将--v=8与kubectl结合使用.

In order to find api endpoints, you can use --v=8 with kubectl.

示例:

kubectl get pods --v=8

资源:

Kubernetes API文档

Kubernetes API documentation

RBAC的更新:

我假设您已经配置了rbac，为您的Pod创建了一个服务帐户，然后使用它运行.此服务帐户应在所需名称空间中的Pod上具有列表权限.为此，您需要为该服务帐户创建角色和角色绑定.

I assume you already configured rbac, created a service account for your pod and run using it. This service account should have list permissions on pods in required namespace. In order to do that, you need to create a role and role binding for that service account.

集群中的每个容器都填充有可用于向API服务器进行身份验证的令牌.要验证，请在容器内部运行:

Every container in a cluster is populated with a token that can be used for authenticating to the API server. To verify, Inside the container run:

cat /var/run/secrets/kubernetes.io/serviceaccount/token

要向apiserver发出请求，请在容器内运行:

To make request to apiserver, inside the container run:

curl -ik \
     -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
     https://kubernetes.default.svc.cluster.local/api/v1/namespaces/default/pods

这篇关于如何在容器内运行kubectl命令?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！