cat nsenter-node.sh
#!/bin/sh
set -x
node=${1}
nodeName=$(kubectl get node ${node} -o template --template='{{index .metadata.labels "kubernetes.io/hostname"}}')
nodeSelector='"nodeSelector": { "kubernetes.io/hostname": "'${nodeName:?}'" },'
podName=${USER}-nsenter-${node}
# convert @ to -
podName=${podName//@/-}
# convert . to -
podName=${podName//./-}
# truncate podName to 63 characters which is the kubernetes max length for it
podName=${podName:0:63}
kubectl run ${podName:?} --restart=Never -it --rm --image overriden --overrides '
{
"spec": {
"hostPID": true,
"hostNetwork": true,
'"${nodeSelector?}"'
"tolerations": [{
"operator": "Exists"
}],
"containers": [
{
"name": "nsenter",
"image": "ghcr.io/alexei-led/nsenter:2.38.1",
"command": [
"/nsenter", "--all", "--target=1", "--", "su", "-"
],
"stdin": true,
"tty": true,
"securityContext": {
"privileged": true
},
"resources": {
"requests": {
"cpu": "10m"
}
}
}
]
}
}' --attach "$@"
k8s获取node权限
2024-06-10