Ephemeral Containers Kubernetes is an interesting idea for debugging problems in containers which, in addition to the executable binar, do not contain anything.
Some information is available on the Kubernetes website and several examples can be found in the vast.
This function is experimental, in the wilds of the description of alpha beta versions of the cubera did not understand.
Tested on Kubernetes v1.16.3
In order to be able to start the ephemeral container in the hearth, you need to activate the corresponding function / and through
feature-gates .
In the general case, feature-gates is an option with which the necessary component of the cube should be launched (we look in the parameters of the running processes via ps) i.e. just a cublet launched with this parameter is likely to be insufficient, or rather different features require activation on the corresponding components of the cube.
Depending on the mode of use of the cube, there are the following options
1.
minikube start --feature-gates="EphemeralContainers=true"
2. expand the cluster by adding to the section
apiVersion: kubeadm.k8s.io/v1beta2 kind: InitConfiguration localAPIEndpoint: {} nodeRegistration: kubeletExtraArgs: "feature-gates": "EphemeralContainers=true" --- apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration apiServer: extraArgs: "feature-gates": "EphemeralContainers=true" scheduler: extraArgs: "feature-gates": "EphemeralContainers=true" controllerManager: extraArgs: "feature-gates": "EphemeralContainers=true"
3. On a live cluster
/var/lib/kubelet/kubeadm-flags.env
Add to parameters
--feature-gates=EphemeralContainers=true
To make it look like
KUBELET_KUBEADM_ARGS="--cgroup-driver=cgroupfs --feature-gates=EphemeralContainers=true --network-plugin=cni --pod-infra-container-image=k8s.gcr.io/pause:3.1"
Restart service kubelet restart
/etc/kubernetes/manifests/kube-apiserver.yaml
Add the following variables to the end of the cmd list:
spec: containers: - command: - --feature-gates=EphemeralContainers=true
Similarly, we rule
kube-scheduler.yaml kube-controller-manager.yaml
After
kubectl get pods -A
In namespace kube-system, we look for pods containing the name
kube-apiserver kube-scheduler kube-controller-manager
Let's remove these pods via kubectl delete pod
They are recreated with the parameters from the corrected files.
4. Theoretically, there is another option, but it did not work for me
kubeadm upgrade plan --feature-gates EphemeralContainers=true
We try to connect to the pod containers.
A small copy from the Coober site.
We make an ec.json file in which we replace example-pod with the name of the pod to which it gently connects, in image we write a container with debugging tools (for example, ubuntu):
{ "apiVersion": "v1", "kind": "EphemeralContainers", "metadata": { "name": "example-pod" }, "ephemeralContainers": [{ "command": [ "sh" ], "image": "busybox", "imagePullPolicy": "IfNotPresent", "name": "debugger", "stdin": true, "tty": true, "terminationMessagePolicy": "File" }] }
Patch the properties of the counter to which we are going to connect, do not forget about namespace
kubectl replace --raw /api/v1/namespaces/<b>default</b>/pods/<b>example-pod</b>/ephemeralcontainers -f ec.json
Attach and run the shell in the container:
kubectl attach -it example-pod -c debugger
If you make "ps auxww" then nothing interesting will come of it. need support Share Process Namespace.