如何在Kubernetes集群上获取所有正在运行的POD
[英]How to get all running PODs on Kubernetes cluster
问题描述
This simple Node.js program works fine on local because it pulls the kubernetes config from my local /root/.kube/config file 
这个简单的Node.js程序在本地运行良好,因为它从我的本地/root/.kube/config文件中提取了kubernetes配置。
const Client = require('kubernetes-client').Client;
const Config = require('kubernetes-client/backends/request').config;
const client = new K8sClient({ config: Config.fromKubeconfig(), version: '1.13' });
const pods = await client.api.v1.namespaces('xxxxx').pods.get({ qs: { labelSelector: 'application=test' } });
console.log('Pods: ', JSON.stringify(pods));
Now I want to run it as a Docker container on cluster and get all current cluster's running PODs (for same/current namespace). 现在,我想将其作为Docker容器在集群上运行,并获取当前集群所有正在运行的POD(用于相同/当前名称空间)。 Now of course it fails: 现在当然失败了:
Error: { Error: ENOENT: no such file or directory, open '/root/.kube/config'
So how make it work when deployed as a Docker container to cluster? 那么当它作为Docker容器部署到集群时如何使其工作呢? This little service needs to scan all running PODs... Assume it doesn't need pull config data since it's already deployed.. So it needs to access PODs on current cluster 这个小服务需要扫描所有正在运行的POD ...假设它已经部署了,则不需要拉配置数据。因此,它需要访问当前群集上的POD。
1 个解决方案
解决方案1
2 已采纳 2019-06-12 16:37:45
Couple of concepts to grab your head around first: 首先要抓住几个概念:
To perform you end goal (which if i understand correct): Containerize Node js application 执行最终目标(如果我理解正确的话):容器化Node js应用程序
Step 1: Put application in a container 步骤1:将应用程序放入容器中
Step 2: Create a deployment / statefulset / daemonset as per you requirement using the container created above in step 1 第2步:使用上面在第1步中创建的容器,根据您的要求创建一个Deployment / statefulset / daemonset
Explanation: 说明:
In step 2 above {by default} if you do not (explicitly) mention a serviceaccount (custom) then it will be the default account the credentials of which are mounted inside the container (by default) here 在上面的步骤2中(默认情况下),如果您没有(明确地)提及serviceaccount(自定义),那么它将是默认帐户,其凭据已安装在容器中(默认情况下)
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-xxxx
readOnly: true
which can be verified by this command after (successful) pod creation 在成功创建Pod之后,可以通过此命令验证
kubectl get pod -n {yournamespace(by default is default)} POD_NAME -o yaml
Now (Gotchas!!) if you cannot access the cluster with those credentials then depending on which service account you are using and the rights of that serviceaccount needs to be accessed. 现在(Gotchas !!),如果您无法使用这些凭据访问群集,则取决于您所使用的服务帐户以及该服务帐户的权限。 For example if you are using abc serviceaccount which does not have rolebinding to it then you will not be able to view the cluster. 例如,如果您使用的abc serviceaccount没有角色绑定,则将无法查看集群。 In that case you need to create (first) a role (to read pods) and a rolebinding (for that role) to the serviceaccount. 在这种情况下,您需要创建(首先)一个角色(以读取Pod)和一个角色绑定(用于该角色)到serviceaccount。
UPDATE :
更新 :
The problem got resolved by changing
Config.fromKubeconfig() to Config.getInCluster() Ref
通过将Config.fromKubeconfig()更改为Config.getInCluster() 参考,此问题得以解决
Clarification:
fromKubeconfig() function is good if you are running your application on a node which is a part of kubernetes cluster and has cluster accessing token saved here: /$USER/.kube/config but if you want to run the nodeJS appilcation in a container in a pod then you need this Config.getInCluster() to load the token.
澄清: fromKubeconfig()函数很好,如果您正在作为kubernetes集群一部分的节点上运行应用程序,并且该集群具有访问令牌的令牌保存在此处:/ /$USER/.kube/config但是如果您要在其中运行nodeJS应用程序容器中的容器,则需要此Config.getInCluster()来加载令牌。
if you are nosy enough then check the comments of this answer!
如果您很管闲,请查看此答案的评论!
:P
:P
Note: here the nodejs library in discussion is this 注意:这里讨论中的nodejs库是这个
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.