如何使用Kubernetes API执行pod exec(并运行命令)？

zzoitvuj 于 2023-04-29 发布在 Kubernetes

关注(0)|答案(1)|浏览(254)

在使用Kubernetes API时，我遇到了这个问题，我无法使用API将pod exec转换到另一个pod中。
我确保我运行的pod和serviceAccount具有正确的RBAC权限（并且两个pods位于相同的命名空间中）。我尝试使用curl（7.74.0），但我偶然发现了this，因此回答说curl可能不是正确的实用程序。我已经尝试过其他可能的选项（这个和this）在同一篇文章的评论中提到，但没有运气。

TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)    

curl -k -H "Upgrade: SPDY/3.1" -H "Authorization: Bearer $TOKEN" -H "Connection: Upgrade" -H "Sec-WebSocket-Version: 13" -H "Accept: application/json" "https://kuberne
    tes.default.svc/api/v1/namespaces/$NAMESPACE/pods/nginx-deployment-5c547569b4-jgm85/exec?command=ls"
    {
      "kind": "Status",
      "apiVersion": "v1",
      "metadata": {},
      "status": "Failure",
      "message": "Upgrade request required",
      "reason": "BadRequest",
      "code": 400
    }

已经尝试添加/删除其中的一些头。
接下来我尝试的是wscat（5.2.0）。尝试了几个变化，但不用说，“没有运气”再次。

wscat -n -H "Authorization: Bearer $TOKEN" -c wss://kubernetes.default.svc/api/v1/namespaces/$NAMESPACE/pods/nginx-deployment-5c547569b4-jgm85/exec?command=ls

error: Unexpected server response: 403

此命令不输出任何内容（根本不输出）：

wscat -c wss://kubernetes.default.svc/api/v1/namespaces/$NAMESPACE/pods/nginx-deployment-5c547569b4-jgm85/exec?command=ls&stdin=true&stdout=true&tty=true&token=$TOKEN&namespace=$NAMESPACE

我看了this的帖子，但它不适合我。

wscat  -n -H "Authorization: Bearer $TOKEN" -c 'https://kubernetes.default.svc/api/v1/namespaces/$NAMESPACE/pods/nginx-deployment-5c547569b4-jgm85/exec?command=ls&stdin=true&stdout=true&tty=true'

...
SyntaxError: The URL's protocol must be one of "ws:", "wss:", or "ws+unix:"
...

不知道这家伙是怎么使用http(s)的。
有人能好心地建议我做什么或替代品（不能使用kubectl）做同样的事情是否有问题吗？TIA

kubernetes

来源：https://stackoverflow.com/questions/76119545/how-can-i-pod-exec-and-run-a-command-using-kubernetes-api

1条答案

按热度按时间

ercv8c1e1#

curl 魔术和试验和错误。请确保用户具有正确的权限，这样您就不会收到403。

curl -k \
  --http1.1 \
  -H "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
  -H "Sec-WebSocket-Version: 13" \
  -i \
  -N \
  -L \
  -k \
  -H "Connection: Upgrade" \
  -H "Upgrade: websocket" \
  -H "Authorization: Bearer $TOKEN" \
  "https://127.0.0.1:53329/api/v1/namespaces/default/pods/single-wrong-arch/exec?command=ls&command=-l&stdin=true&stdout=true&stderr=true"

HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: qGEgH3En71di5rrssAZTmtRTyFk=
Sec-WebSocket-Protocol:

total 56
~drwxr-xr-x    2 root     root          4096 Mar 29 14:45 bin
drwxr-xr-x    5 root     root           360 Apr 27 11:03 dev
drwxr-xr-x    1 root     root          4096 Apr 27 11:03 etc
drwxr-xr-x    2 root     root          4096 Mar 29 14:45 home
drwxr-xr-x    7 root     root          4096 Mar 29 14:45 lib
drwxr-xr-x    5 root     root          4096 Mar 29 14:45 media
drwxr-xr-x    2 root     root          4096 Mar 29 14:45 mnt
drwxr-xr-x    2 root     root          4096 Mar 29 14:45 opt
dr-xr-xr-x  248 root     root             0 Apr 27 11:03 proc
drwx------    2 root     root          4096 Mar 29 14:45 root
drwxr-xr-x    1 root     root          4096 Apr 27 11:03 run
drwxr-xr-x    2 root     root          4096 Mar 29 14:45 sbin
drwxr-xr-x    2 root     root          4096 Mar 29 14:45 srv
dr-xr-xr-x   13 root     root             0 Apr 27 11:03 sys
drwxrwxrwt    2 root     root          4096 Mar 29 14:45 tmp
drwxr-xr-x    7 root     root          4096 Mar 29 14:45 usr
drwxr-xr-x   12 root     root          4096 Mar 29 14:45 var

这是针对minikube集群的，这应该解释了端口选择，下面是环境的其余部分：

$ curl --version
curl 7.87.0 (x86_64-apple-darwin22.0) libcurl/7.87.0 (SecureTransport) LibreSSL/3.3.6 zlib/1.2.11 nghttp2/1.51.0
Release-Date: 2022-12-21
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL threadsafe UnixSockets

$ minikube version
minikube version: v1.30.1
commit: 08896fd1dc362c097c925146c4a0d0dac715ace0

$ kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short.  Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.0", GitCommit:"1b4df30b3cdfeaba6024e81e559a6cd09a089d65", GitTreeState:"clean", BuildDate:"2023-04-11T17:04:23Z", GoVersion:"go1.20.3", Compiler:"gc", Platform:"darwin/arm64"}
Kustomize Version: v5.0.1
Server Version: version.Info{Major:"1", Minor:"26", GitVersion:"v1.26.3", GitCommit:"9e644106593f3f4aa98f8a84b23db5fa378900bd", GitTreeState:"clean", BuildDate:"2023-03-15T13:33:12Z", GoVersion:"go1.19.7", Compiler:"gc", Platform:"linux/arm64"}

$ uname -a
Darwin 22.4.0 Darwin Kernel Version 22.4.0: Mon Mar  6 21:00:41 PST 2023; root:xnu-8796.101.5~3/RELEASE_ARM64_T8103 arm64

赞(0）回复(0）举报 2023-04-29

我来回答

如何使用Kubernetes API执行pod exec(并运行命令)？

1条答案

相关问题

热门标签

最新问答