Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deployment.spec.containers.lifecycle.postStart.exec.command 修改容器 /etc/hosts 文件,提示权限不足 #8

Open
MrYueQ opened this issue Apr 13, 2019 · 1 comment
Open

Deployment.spec.containers.lifecycle.postStart.exec.command 修改容器 /etc/hosts 文件,提示权限不足 #8

MrYueQ opened this issue Apr 13, 2019 · 1 comment

Comments

@MrYueQ
Copy link

MrYueQ commented Apr 13, 2019

老师,您好。 我在 debug 的时候, 想通过容器启动前,利用 Deployment.spec.containers.lifecycle.postStart.exec.command 修改应用容器的 hots 文件。 先注入依赖环境,从而进入定位问题,但一直提示 权限不足。
depolyment parts:

create k8s deployment

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: ops-container-grok-service
namespace: elasticstack
labels:
type: ops-elk
role: container-grok-service

spec:
replicas: 1
selector:
matchLabels:
app: container-grok-service
envior: prod
template:
metadata:
labels:
app: container-grok-service
envior: prod
spec:
volumes:
- name: container-grok-config
configMap:
name: ops-elk-container-grok
containers:
- name: container-nginx-application
image: registURL
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: [ "/bin/sh", "-c", "echo -n 10.33.66.43 kafka03-ops-prod-bj1 >> /etc/hosts"]
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 6
successThreshold: 1
httpGet:
port: 9600
path: "/"
ports:
- containerPort: 9600
volumeMounts:
- name: container-grok-config
readOnly: true
mountPath: /usr/share/logstash/pipeline
restartPolicy: Always

日志报错
Warning FailedPostStartHook 21s (x3 over 40s) kubelet, 10.10.50.41 Exec lifecycle hook ([/bin/sh -c echo -n 10.33.66.43 kafka03-ops-prod-bj1 >> /etc/hosts]) for Container "container-nginx-application" in Pod "ops-container-grok-service-dd5d846-b29xh_elasticstack(c7b93718-5d8f-11e9-8a82-fa31c1372500)" failed - error: command '/bin/sh -c echo -n 10.33.66.43 kafka03-ops-prod-bj1 >> /etc/hosts' exited with 1: /bin/sh: /etc/hosts: Permission denied
, message: "/bin/sh: /etc/hosts: Permission denied\n"
Normal Killing 21s (x3 over 39s) kubelet, 10.10.50.41 Killing container with id docker:https://container-nginx-application:FailedPostStartHook
Warning BackOff 3s (x6 over 38s) kubelet, 10.10.50.41 Back-off restarting failed container
@MrYueQ
Copy link
Author

MrYueQ commented Apr 14, 2019

老师,我查阅了kubernetes 中文版本的文档。官网不建议这么玩,官方建议使用 kubelet 的方式管理容器 hosts 文件,使用 hostaliases 的方式变更容器 hosts 文件。但接踵而来一个小纠结,追加的文件行
kubectl exec -it -n elasticstack ops-container-grok-service-5f695b8ff4-qxxph -- cat /etc/hosts

Kubernetes-managed hosts file.

127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
172.130.75.5 ops-container-grok-service-5f695b8ff4-qxxph

Entries added by HostAliases.

10.33.66.43 kafka03-ops-prod-bj1
10.33.66.43 kafka03-ops-prod-bj1.cluster.local
10.33.66.42 kafka02-ops-prod-bj1
10.33.66.42 kafka02-ops-prod-bj1.cluster.local
10.33.66.41 kafka01-ops-prod-bj1
10.33.66.41 kafka01-ops-prod-bj1.cluster.local

而不能以
10.33.66.43 kafka03-ops-prod-bj1 kafka03-ops-prod-bj1.cluster.local

hostAliases 的yaml 内容
hostAliases:
- ip: "10.33.66.43"
hostnames:
- "kafka03-ops-prod-bj1"
- "kafka03-ops-prod-bj1.cluster.local"
- ip: "10.33.66.42"
hostnames:
- "kafka02-ops-prod-bj1"
- "kafka02-ops-prod-bj1.cluster.local"
- ip: "10.33.66.41"
hostnames:
- "kafka01-ops-prod-bj1"
- "kafka01-ops-prod-bj1.cluster.local"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MrYueQ