How to execute command from one pod inside another pod using kubectl exec which are inside a same k8s cluster

▼魔方 西西 提交于 2021-02-10 04:22:24

问题


I have two pods in a cluster. Lets call them A and B. I've installed kubectl inside pod A and I am trying to run a command inside pod B from pod A using kubectl exec -it podB -- bash. I am getting the following error

Error from server (Forbidden): pods "B" is forbidden: User "system:serviceaccount:default:default" cannot create pods/exec in the namespace "default"

I've created the following Role and RoleBinding to get access. Role yaml

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: api-role
  namespace: default
  labels:
    app: tools-rbac
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

RoleBinding yaml

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: global-rolebinding
  namespace: default
  labels:
    app: tools-rbac
subjects:
- kind: Group
  name: system:serviceaccounts
  apiGroup: rbac.authorization.k8s.io

Any help is greatly appreciated. Thank you


回答1:


You would need to give access to the pods/exec subresource in addition to pods like you have there. That said, this is a very weird thing to do and probably think very hard as to if this is the best solution.



来源:https://stackoverflow.com/questions/54196533/how-to-execute-command-from-one-pod-inside-another-pod-using-kubectl-exec-which

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!