如何在容器内运行 kubectl 命令? [英] How to run kubectl commands inside a container?
问题描述
在 pod 内的容器中,如何使用 kubectl 运行命令?例如,如果我需要在容器内做这样的事情:
<块引用>kubectl 获取 pods
我已经尝试过:在我的 dockerfile 中,我有以下命令:
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl运行 chmod +x ./kubectl运行 sudo mv ./kubectl/usr/local/bin/kubectl<块引用>
我正在尝试 OSX 文件,我已将其更正为 linux 二进制文件.(由@svenwltr 更正
在创建 docker 文件时,这是成功的,但是当我在容器内运行 kubectl get pods 时,
kubectl 获取 pods我收到此错误:
<块引用>与服务器的连接:被拒绝 - 您是否指定了正确的主机或端口?
当我在本地部署时,如果我的 docker-machine 没有运行,我会遇到这个错误,但是在一个容器中,一个 docker-machine 如何运行?
在本地,我通过运行以下命令来解决此错误:(dev 是 docker-machine 的名字)
docker-machine env deveval $(docker-machine env dev)有人可以告诉我我需要做什么吗?
我会用kubernetes api,你只需要安装curl,而不是kubectl,剩下的就是restful.
curl http://localhost:8080/api/v1/namespaces/default/pods我在我的一个 apiserver 上运行上面的命令.将 localhost 更改为 apiserver ip 地址/dns 名称.
根据您的配置,您可能需要使用 ssl 或提供客户端证书.
为了找到 api 端点,您可以使用 --v=8 和 kubectl.
示例:
kubectl 获取 pods --v=8资源:
Kubernetes API 文档
RBAC 更新:
我假设您已经配置了 rbac,为您的 pod 创建了一个服务帐户并使用它运行.此服务帐户应该对所需命名空间中的 pod 具有列表权限.为此,您需要为该服务帐号创建角色和角色绑定.
集群中的每个容器都填充有可用于对 API 服务器进行身份验证的令牌.为了验证,在容器内运行:
cat/var/run/secrets/kubernetes.io/serviceaccount/token要向 apiserver 发出请求,在容器内运行:
curl -ik -H "授权:不记名 $(cat/var/run/secrets/kubernetes.io/serviceaccount/token)" https://kubernetes.default.svc.cluster.local/api/v1/namespaces/default/podsIn a container inside a pod, how can I run a command using kubectl? For example, if i need to do something like this inside a container:
kubectl get pods
I have tried this : In my dockerfile, I have these commands :
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
RUN chmod +x ./kubectl
RUN sudo mv ./kubectl /usr/local/bin/kubectl
EDIT : I was trying the OSX file, I have corrected it to the linux binary file. (corrected by @svenwltr
While creating the docker file, this is successful, but when I run the kubectl get pods inside a container,
kubectl get pods
I get this error :
The connection to the server : was refused - did you specify the right host or port?
When I was deploying locally, I was encountering this error if my docker-machine was not running, but inside a container how can a docker-machine be running?
Locally, I get around this error by running the following commands: (dev is the name of the docker-machine)
docker-machine env dev
eval $(docker-machine env dev)
Can someone please tell me what is it that I need to do?
I would use kubernetes api, you just need to install curl, instead of kubectl and the rest is restful.
curl http://localhost:8080/api/v1/namespaces/default/pods
Im running above command on one of my apiservers. Change the localhost to apiserver ip address/dns name.
Depending on your configuration you may need to use ssl or provide client certificate.
In order to find api endpoints, you can use --v=8 with kubectl.
example:
kubectl get pods --v=8
Resources:
Kubernetes API documentation
Update for RBAC:
I assume you already configured rbac, created a service account for your pod and run using it. This service account should have list permissions on pods in required namespace. In order to do that, you need to create a role and role binding for that service account.
Every container in a cluster is populated with a token that can be used for authenticating to the API server. To verify, Inside the container run:
cat /var/run/secrets/kubernetes.io/serviceaccount/token
To make request to apiserver, inside the container run:
curl -ik
-H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
https://kubernetes.default.svc.cluster.local/api/v1/namespaces/default/pods
这篇关于如何在容器内运行 kubectl 命令?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
