Updated kube-shell to work in rerstricted clusters
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
This commit is contained in:
parent
d7469d40ae
commit
329f4124ae
@ -6,8 +6,8 @@ NAMESPACE="$(kubectl config view --minify --output 'jsonpath={..namespace}' &>/d
|
|||||||
set -e
|
set -e
|
||||||
NAMESPACE=${NAMESPACE:-default}
|
NAMESPACE=${NAMESPACE:-default}
|
||||||
POD="shell"
|
POD="shell"
|
||||||
IMAGE="bash"
|
IMAGE="digitalocean/doks-debug"
|
||||||
CMD="sh"
|
CMD="bash"
|
||||||
|
|
||||||
print_usage() {
|
print_usage() {
|
||||||
blue "kube-shell - create a new pod and exec into it's shell"
|
blue "kube-shell - create a new pod and exec into it's shell"
|
||||||
@ -19,7 +19,7 @@ print_usage() {
|
|||||||
echo "-h, --help show this help text"
|
echo "-h, --help show this help text"
|
||||||
echo "-n, --namespace the namespace the pod should launch in"
|
echo "-n, --namespace the namespace the pod should launch in"
|
||||||
echo "-p, --pod the name of the pod to get logs for (default: shell)"
|
echo "-p, --pod the name of the pod to get logs for (default: shell)"
|
||||||
echo "-i, --image the image to use for the shell container (default: bash)"
|
echo "-i, --image the image to use for the shell container (default: digitalocean/doks-debug)"
|
||||||
echo "-c, --command the initial command to execute in the container (default: sh)"
|
echo "-c, --command the initial command to execute in the container (default: sh)"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -57,5 +57,16 @@ done
|
|||||||
|
|
||||||
NAMESPACE=${NAMESPACE:-default}
|
NAMESPACE=${NAMESPACE:-default}
|
||||||
|
|
||||||
echo kubectl run -it --namespace $NAMESPACE $POD --image $IMAGE --restart Never --rm -- $CMD
|
OVERRIDES='{
|
||||||
kubectl run -it --namespace $NAMESPACE $POD --image $IMAGE --restart Never --rm -- $CMD
|
"spec": {
|
||||||
|
"securityContext": {"runAsGroup": 1000,"runAsNonRoot": true,"runAsUser": 1000,"seccompProfile": {"type": "RuntimeDefault"}},
|
||||||
|
"containers": [
|
||||||
|
{
|
||||||
|
"name":"'$POD'","image":"'$IMAGE'", "command": ["'$CMD'"],
|
||||||
|
"stdin": true,"stdinOnce": true,"tty": true,
|
||||||
|
"securityContext": {"allowPrivilegeEscalation": false,"capabilities": {"drop": ["ALL"]},"privileged": false,"runAsGroup": 1000,"runAsNonRoot": true,"runAsUser": 1000,"seccompProfile": {"type": "RuntimeDefault"}}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}'
|
||||||
|
kubectl run -it --namespace $NAMESPACE $POD --image $IMAGE --restart Never --overrides "${OVERRIDES}" --rm -- $CMD
|
||||||
|
Loading…
Reference in New Issue
Block a user