A MetalK8s installation comes with a container image called metalk8s-utils
in the embedded registry. This image contains several tools an operator can use to analyze a cluster environment or troubleshoot various system issues.
The image can be used to create a Pod on a node, after which a shell inside the container can be created to run the various utilities. Depending on the use-case, the Pod could be created using the host network namespace, the host PID namespace, elevated privileges, mounting host directories as volumes, etc.
See the metalk8s-utils
Dockerfile <../../images/metalk8s-utils/Dockerfile>
for a list of all packages installed in the image.
To run a metalk8s-utils
container as a simple shell, execute the following command:
- kubectl run shell \
--image=metalk8s-registry-from-config.invalid/metalk8s-/metalk8s-utils: \ --restart=Never \ --attach \ --stdin \ --tty \ --rm
This will create a Pod called shell
with a container running the metalk8s-utils
image, and present you with a shell in this container.
Note
This procedure expects no other shell
Pod to be running. Adjust the name accordingly, or use a dedicated namespace if conflicts occur.
In the example above, the lifetime of the container is tied to the invocation of kubectl run
. In some situations it's more efficient to keep such container running and attach to it (and detach from it) dynamically.
- Create the Pod:
- kubectl run shell \
--image=metalk8s-registry-from-config.invalid/metalk8s-/metalk8s-utils: \ --restart=Never \ --command -- sleep infinity
This creates the shell
Pod including a metalk8s-utils
container running sleep infinity
, effectivelly causing the Pod to remain alive until deleted.
Get a shell in the container:
kubectl exec -ti shell -- bash
Note
The screen
and tmux
utilities are installed in the image for terminal multiplexing.
- Exit the shell to detach
Remove the Pod once the container is no longer needed:
kubectl delete pod shell
To pin the Pod in which the metalk8s-utils
container is launched to a particular node, add the following options to a suitable kubectl run
invocation:
--overrides='{ "apiVersion": "v1", "spec": { "nodeName": "NODE_NAME" } }'
Note
In the above, replace NODE_NAME
by the desired node name.
To run a metalk8s-utils
container in the host network namespace, e.g., to use utilities such as ip
, iperf
or tcpdump
as if they're executed on the host, add the following options to a suitable kubectl run
invocation:
--overrides='{ "apiVersion": "v1", "spec": { "hostNetwork": true } }'
Note
If multiple overrides
need to be combined, the JSON objects must be merged.
- Adding tolerations for various taints when using nodeName
- Mounting a host directory
- Exposing Salt and containerd sockets
- Running a privileged container, exposing the host /dev in the container for parted etc. to work