Git Product home page Git Product logo

kubexec's Introduction

Kubernetes Pod Executor

This image is a trivial wrapper around bitnami/kubectl which simplifies the task of running Jobs targeting specific workloads in a Kubernetes cluster. This is particularly useful for Deployments, which use ephemeral pod names.

This image exists solely to assist with the migration of legacy applications into a Kubernetes cluster. It should not be used with a properly designed cluster-native application.

Usage

When executed, the image creates a kubeconfig file to access the cluster that the job is scheduled to run on.

The entrypoint script interprets the first argument of the provided command line as a grep pattern used to filter actively running pods by name. The first pod returned will be used as the target to run the job. The rest of the command line is passed as-is to kubectl exec.

Limitations

The entrypoint script makes these assumptions:

  • The target pod is in the same cluster and namespace as the job; and
  • The service account associated with the job has been granted permission to execute arbitary commands in the target pod.

Examples

To run a simple command in the first pod with a name starting with mypod-:

^mypod- node cleanuptask.js

Because the comnand line after the first argument is passed as-is to kubectl exec, you may find that arguments to your command are interpreted by kubectl instead of your command. To resolve this, use -- to indicate that anything further should be passed to the target command:

^mypod- -- rm -f /tmp/myapp_*

Configuring permissions

If your cluster uses RBAC you will need configure access for the service account to list pods and execute commands. Modify the following YAML object, replacing the target namespace and, if necessary, the service account:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: pod-exec
  namespace: targetnamespace
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: pod-exec
  namespace: targetnamespace
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: pod-exec
subjects:
- kind: ServiceAccount
  name: default
  namespace: targetnamespace

Use kubectl apply with the resulting object to configure the changes.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.