官方文档:https://kubernetes.io/zh-cn/docs/concepts/workloads/pods/ephemeral-containers/
一、临时容器用来干什么?
如果我们运行中的Pod出现故障,无法进入到Pod内部交互界面,或者我们创建的Pod本来就没有交互界面,那么如果Pod运行出现问题,很难排查问题所在,kubernetes提供的临时容器就是用于Pod故障排查,来检查环境是否正常。
临时容器是一种特殊的容器,并不是普通的容器,仅仅是用于调试而已。
二、有哪些前提条件?
kubernetes默认没有起开临时容器功能,在使用之前需要前开启,否则会出现类似以下的问题。
error: ephemeral containers are disabled for this cluster (error from server: "the server could not find the requested resource").
解决方法如下:
(1)修改kube-apiserver、kube-scheduler、kube-controller-manager、 kube-proxy、kubelet启动配置参数,添加–feature-gates=EphemeralContainers=true
注意,–feature-gates=EphemeralContainers=true需要添加到最后,否则可能会出现意想不到的问题。
二进制安装kubernetes : https://greaterway.cn/archives/er-jin-zhi-an-zhuang-kubernetes-ce-shi-huan-jing-
vim /usr/lib/systemd/system/kube-apiserver.service
vim /usr/lib/systemd/system/kubelet.service
vim /usr/lib/systemd/system/kube-scheduler.service
vim /usr/lib/systemd/system/kube-controller-manager.service
vim /usr/lib/systemd/system/kube-proxy.service
(2)重启服务
systemctl daemon-reload
systemctl restart kube-apiserver kube-scheduler kube-controller-manager kube-proxy kubelet
三、怎么用?
(1)假设我们现在运行一个Pod
kubectl run ephemeral-demo --image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.4.1 --image-pull-policy=IfNotPresent --restart=Never
(2)通过kubectl exec -it进入容器内部
[root@test-99 ~]# kubectl exec -it ephemeral-demo -- sh
Defaulted container "ephemeral-demo" out of: ephemeral-demo, debugger-nz42z (ephem), debugger-msprn (ephem), debugger-7fv7m (ephem)
OCI runtime exec failed: exec failed: unable to start container process: exec: "sh": executable file not found in $PATH: unknown
command terminated with exit code 126
发现上面的容器ephemeral-demo不能直接进入容器内部进行交互
(3)创建临时容器
通过kubectl debug命令,通过–target 绑定目标容器
[root@test-99 ~]# kubectl debug -it ephemeral-demo --image=busybox:1.28 --image-pull-policy=IfNotPresent --target=ephemeral-demo
Defaulting debug container name to debugger-5z7df.
If you don't see a command prompt, try pressing enter.
/ #
(4)删除掉Pod,那么挂载到该Pod上的临时容器也会一并删除
kubectl delete pod
