1. 问题
平时排错时经常碰到容器中没有某些调试命令,有时候网络环境也不允许我们在这些容器中安装调试命令。或者就是这些容器是生产环境我们的任何改动可能都会引起不必要的麻烦。那么应该怎么做呢?
1.1 现象再现
我们拿这个容器做测试
bash
root@k8s-133-master01:~# kubectl get pods -o wide -n default
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
synergy-leverager-6dbb59cd5d-5psfj 2/2 Running 2 (81m ago) 183d 10.244.82.218 k8s-133-node02 <none> <none>尝试在synergy-leverager-6dbb59cd5d-5psfj上执行curl 命令
bash
root@k8s-133-master01:~# kubectl exec -it synergy-leverager-6dbb59cd5d-5psfj -- curl www.baidu.com
Defaulted container "synergy-leverager" out of: synergy-leverager, sidecar
error: Internal error occurred: Internal error occurred: error executing command in container: failed to exec in container: failed to start exec "83441eb783e9d65ff5ada6fa87d37320d611b5c6697d343cb4a780e7ac7581d0": OCI runtime exec failed: exec failed: unable to start container process: exec: "curl": executable file not found in $PATH: unknown2. 解决方法
2.1 获取容器所在的服务器
- 先在master上先获取这个容器是在哪个机器上运行的。
这里我们看到是在node02上
bash
root@k8s-133-master01:~# kubectl get pods -o wide -n default
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
synergy-leverager-6dbb59cd5d-5psfj 2/2 Running 2 (81m ago) 183d 10.244.82.218 k8s-133-node02 <none> <none>- 在node02上找到容器
由于这个Pod存在Sidecar所以会看到2个ID,我们需要的是synergy-leverager这个也就是ID为31954460b60c5的这个
bash
root@k8s-133-node02:~# crictl ps |grep synergy-leverager-6dbb59cd5d-5psfj
c744b3f17ec5a 8c811b4aec35f 31 minutes ago Running sidecar 1 0d1e2b23c5648 synergy-leverager-6dbb59cd5d-5psfj
31954460b60c5 8c811b4aec35f 31 minutes ago Running synergy-leverager 1 0d1e2b23c5648 synergy-leverager-6dbb59cd5d-5psfj- 获取到容器的Pid
bash
root@k8s-133-node02:~# crictl inspect 31954460b60c5 | jq .info.pid
3681- 通过Pid 来尝试用curl命令进行测试
bash
root@k8s-133-node02:~# nsenter -t 3681 -n -- curl www.baidu.com
<!DOCTYPE html>
<!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta content=always name=referrer><link rel=stylesheet type=text/css href=http://s1.bdstatic.com/r/www/cache/bdorz/baidu.min.css><title>百度一下,你就知道</title></head> <body link=#0000cc> <div id=wrapper> <div id=head> <div class=head_wrapper> <div class=s_form> <div class=s_form_wrapper> <div id=lg> <img hidefocus=true src=//www.baidu.com/img/bd_logo1.png width=270 height=129> </div> <form id=form name=f action=//www.baidu.com/s class=fm> <input type=hidden name=bdorz_come value=1> <input type=hidden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> <input type=hidden name=rsv_idx value=1> <input type=hidden name=tn value=baidu><span class="bg s_ipt_wr"><input id=kw name=wd class=s_ipt value maxlength=255 autocomplete=off autofocus></span><span class="bg s_btn_wr"><input type=submit id=su value=百度一下 class="bg s_btn"></span> </form> </div> </div> <div id=u1> <a href=http://news.baidu.com name=tj_trnews class=mnav>新闻</a> <a href=http://www.hao123.com name=tj_trhao123 class=mnav>hao123</a> <a href=http://map.baidu.com name=tj_trmap class=mnav>地图</a> <a href=http://v.baidu.com name=tj_trvideo class=mnav>视频</a> <a href=http://tieba.baidu.com name=tj_trtieba class=mnav>贴吧</a> <noscript> <a href=http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2f%3fbdorz_come%3d1 name=tj_login class=lb>登录</a> </noscript> <script>document.write('<a href="http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u='+ encodeURIComponent(window.location.href+ (window.location.search === "" ? "?" : "&")+ "bdorz_come=1")+ '" name="tj_login" class="lb">登录</a>');</script> <a href=//www.baidu.com/more/ name=tj_briicon class=bri style="display: block;">更多产品</a> </div> </div> </div> <div id=ftCon> <div id=ftConw> <p id=lh> <a href=http://home.baidu.com>关于百度</a> <a href=http://ir.baidu.com>About Baidu</a> </p> <p id=cp>©2017 Baidu <a href=http://www.baidu.com/duty/>使用百度前必读</a> <a href=http://jianyi.baidu.com/ class=cp-feedback>意见反馈</a> 京ICP证030173号 <img src=//www.baidu.com/img/gs.gif> </p> </div> </div> </div> </body> </html>看上去命令可以被执行了。我们再看下容器下是否真的没有这个命令。
bash
root@k8s-133-node02:~# crictl exec -it 31954460b60c5 sh
/ # which curl
/ # curl
sh: curl: not found显然我们的测试是成功的,容器下没有curl,我们利用了宿主机的命令来实现了测试的功能。