Skip to content

Latest commit

 

History

History
42 lines (35 loc) · 2.57 KB

README.md

File metadata and controls

42 lines (35 loc) · 2.57 KB

Accessing kubectl from the Kubernetes pod

Introduction

If you want to access Kubernetes within the pod, for example, using kubectl commands to access resources as you would on your local machine, you must assign a ServiceAccount with appropriate permissions to your pod or deployment. Alternatively, you can assign appropriate permissions to the default ServiceAccount. The script generate-kubectl-access-rbac.sh generates permissions and the ServiceAccount "kubectl-access". Note that you must have the appropriate permissions to apply the generated file to the cluster. Then you need to add the following line to the specification of your pod or deployment:

serviceAccountName: kubectl-access

The deployment example can be found in the file kubectl-shell-pod.yaml, which deploys a single pod using the Ubuntu Linux shell and installs the tools kubectl, kubectl autocompletion and rakkess there.

The k8s-rbac.yaml file contains RBAC rules generated by the generate-kubectl-access-rbac.sh script for the dmrub namespace. You can also replace the namespace either manually or with the set-namespace.sh script.

Instructions

  1. If necessary, replace the namespace field in the yaml files with your own or delete it if you want to use your default namespace. You can use for this following shell command in this directory or use script set-namespace.sh: 
    ./set-namespace.sh NEW_NAMESPACE_NAME
# Or
for f in *.yaml; do echo "$f"; sed -i "s/dmrub/NEW_NAMESPACE_NAME/g" "$f"; done
  2. Either generate an RBAC description or use the k8s-rbac.yaml file. Apply the resources from the generated file. Note that you must have the appropriate permissions to apply them: 
    ./generate-kubectl-access-rbac.sh -o k8s-rbac.yaml dmrub;
kubectl apply -f k8s-rbac.yaml;
# Or
./generate-kubectl-access-rbac.sh dmrub | kubectl apply -f -;
  3. Start the kubectl shell pod, enter the pod shell, and test kubectl in the pod. Before entering the pod with the kubectl exec command, use kubectl log to verify that all installation steps are complete. 
    kubectl apply -f kubectl-shell-pod.yaml;
kubectl logs kubectl-shell -f;
# Wait until you see the execution of the command sleep
# Press Ctrl-c
kubectl exec -ti -n dmrub kubectl-shell -- /bin/bash
# Test the kubectl command inside the pod
kubectl get pods;
kubectl get nodes;
exit