How to run kubectl commands inside a container?

docker kubernetes dockerfile
Dreams picture Dreams · Mar 7, 2017 · Viewed 34.6k times · Source

In a container inside a pod, how can I run a command using kubectl? For example, if i need to do something like this inside a container:

kubectl get pods

I have tried this : In my dockerfile, I have these commands : 

RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
RUN chmod +x ./kubectl
RUN sudo mv ./kubectl /usr/local/bin/kubectl

EDIT : I was trying the OSX file, I have corrected it to the linux binary file. (corrected by @svenwltr

While creating the docker file, this is successful, but when I run the kubectl get pods inside a container, 

kubectl get pods

I get this error :

The connection to the server : was refused - did you specify the right host or port?

When I was deploying locally, I was encountering this error if my docker-machine was not running, but inside a container how can a docker-machine be running?

Locally, I get around this error by running the following commands: (dev is the name of the docker-machine)

docker-machine env dev
eval $(docker-machine env dev)

Can someone please tell me what is it that I need to do?

Answer

Farhad Farahi picture Farhad Farahi · Mar 7, 2017

I would use kubernetes api, you just need to install curl, instead of kubectl and the rest is restful.

curl http://localhost:8080/api/v1/namespaces/default/pods

Im running above command on one of my apiservers. Change the localhost to apiserver ip address/dns name.

Depending on your configuration you may need to use ssl or provide client certificate.

In order to find api endpoints, you can use --v=8 with kubectl.

example:

kubectl get pods --v=8

Resources:

Kubernetes API documentation

Update for RBAC:

I assume you already configured rbac, created a service account for your pod and run using it. This service account should have list permissions on pods in required namespace. In order to do that, you need to create a role and role binding for that service account.

Every container in a cluster is populated with a token that can be used for authenticating to the API server. To verify, Inside the container run:

cat /var/run/secrets/kubernetes.io/serviceaccount/token

To make request to apiserver, inside the container run:

curl -ik \
     -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
     https://kubernetes.default.svc.cluster.local/api/v1/namespaces/default/pods

Related questions

standard_init_linux.go:211: exec user process caused "exec format error"

I am building the Dockerfile for python script which will run in minikube windows 10 system below is my Dockerfile Building the docker using the below command docker build -t python-helloworld . and loading that in minikube docker demon docker save python-helloworld | (…

Read More
How can I run script automatically after Docker container startup

I'm using Search Guard plugin to secure an elasticsearch cluster composed of multiple nodes. Here is my Dockerfile: #!/bin/sh FROM docker.elastic.co/elasticsearch/elasticsearch:5.6.3 USER root # Install search guard RUN bin/elasticsearch-plugin install --batch com.floragunn:search-guard-5:5.6.3-16 \ &…

Read More
Difference between Docker ENTRYPOINT and Kubernetes container spec COMMAND?

Dockerfile has a parameter for ENTRYPOINT and while writing Kubernetes deployment YAML file, there is a parameter in Container spec for COMMAND. I am not able to figure out what's the difference and how each is used?

Read More