Docker 无法在kubernetes的citadel容器中获取炮弹
我有Istio(包括citadel)在minikube运行,使用的说明是 当我试图将炮弹放入citadel容器时,我得到一个错误:Docker 无法在kubernetes的citadel容器中获取炮弹,docker,kubernetes,minikube,istio,Docker,Kubernetes,Minikube,Istio,我有Istio(包括citadel)在minikube运行,使用的说明是 当我试图将炮弹放入citadel容器时,我得到一个错误: $ kubectl exec -it istio-citadel-6d7f9c545b-bkvnx -- /bin/bash OCI runtime exec failed: exec failed: container_linux.go:348: starting container process caused "exec: \"/bin/bash\": st
$ kubectl exec -it istio-citadel-6d7f9c545b-bkvnx -- /bin/bash
OCI runtime exec failed: exec failed: container_linux.go:348: starting container process caused "exec: \"/bin/bash\": stat /bin/bash: no such file or directory": unknown
command terminated with exit code 126
但是,我可以执行到其他容器中,如pilot fine
这些是我的吊舱和容器,如果有帮助的话
shell-demo: nginx,
istio-citadel-6d7f9c545b-bkvnx: docker.io/istio/citadel:1.0.3,
istio-cleanup-secrets-rp4wv: quay.io/coreos/hyperkube:v1.7.6_coreos.0,
istio-egressgateway-866885bb49-6jz9q: docker.io/istio/proxyv2:1.0.3,
istio-galley-6d74549bb9-7nhcl: docker.io/istio/galley:1.0.3,
istio-ingressgateway-6c6ffb7dc8-bvp6b: docker.io/istio/proxyv2:1.0.3,
istio-pilot-685fc95d96-fphc9: docker.io/istio/pilot:1.0.3, docker.io/istio/proxyv2:1.0.3,
istio-policy-688f99c9c4-bpl9w: docker.io/istio/mixer:1.0.3, docker.io/istio/proxyv2:1.0.3,
istio-security-post-install-s6dft: quay.io/coreos/hyperkube:v1.7.6_coreos.0,
istio-sidecar-injector-74855c54b9-6v5xg:docker.io/istio/sidecar_injector:1.0.3,
istio-telemetry-69b794ff59-f7dv4: docker.io/istio/mixer:1.0.3, docker.io/istio/proxyv2:1.0.3,
prometheus-f556886b8-lhdt8: docker.io/prom/prometheus:v2.3.1,
coredns-c4cffd6dc-6xblf: k8s.gcr.io/coredns:1.2.2,
etcd-minikube: k8s.gcr.io/etcd-amd64:3.1.12,
kube-addon-manager-minikube: k8s.gcr.io/kube-addon-manager:v8.6,
kube-apiserver-minikube: k8s.gcr.io/kube-apiserver-amd64:v1.10.0,
kube-controller-manager-minikube: k8s.gcr.io/kube-controller-manager-amd64:v1.10.0,
kube-dns-86f4d74b45-bjk54: k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.8, k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.8, k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.8,
kube-proxy-mqfb9: k8s.gcr.io/kube-proxy-amd64:v1.10.0,
kube-scheduler-minikube: k8s.gcr.io/kube-scheduler-amd64:v1.10.0,
kubernetes-dashboard-6f4cfc5d87-zwk2c: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0,
storage-provisioner: gcr.io/k8s-minikube/storage-provisioner:v1.8.1,
当我执行minikube ssh,然后尝试执行citadel容器时,我会遇到类似的错误:
$ docker ps | grep citadel
f173453f843c istio/citadel "/usr/local/bin/isti…" 3 hours ago Up 3 hours k8s_citadel_istio-citadel-6d7f9c545b-bkvnx_istio-system_3d7b4f08-e120-11e8-bc40-ee7dbbb8f91b_0
7e96617d81ff k8s.gcr.io/pause-amd64:3.1 "/pause" 3 hours ago Up 3 hours k8s_POD_istio-citadel-6d7f9c545b-bkvnx_istio-system_3d7b4f08-e120-11e8-bc40-ee7dbbb8f91b_0
$ docker exec -it f173453f843c sh
OCI runtime exec failed: exec failed: container_linux.go:348: starting container process caused "exec: \"sh\": executable file not found in $PATH": unknown
$ docker exec -it f173453f843c /bin/sh
OCI runtime exec failed: exec failed: container_linux.go:348: starting container process caused "exec: \"/bin/sh\": stat /bin/sh: no such file or directory": unknown
$ docker exec -it f173453f843c ls
OCI runtime exec failed: exec failed: container_linux.go:348: starting container process caused "exec: \"ls\": executable file not found in $PATH": unknown
我可以很好地看到城堡。日志可在
你知道为什么我们不能进入城堡集装箱吗
谢谢阅读。您无法插入,因为容器中既没有
sh
也没有bash
。很多时候,为了提高效率和获得最小的容器映像,会删除这些内容
如果您想将外壳放入容器中,我建议您在includebash
或sh
中构建自己的图像
您可以在这里看到,构建的映像只有静态二进制文件。为此,您需要更改基础图像。例如:
FROM alpine
而不是:
FROM scratch
希望能有帮助
shell-demo: nginx,
istio-citadel-6d7f9c545b-bkvnx: docker.io/istio/citadel:1.0.3,
istio-cleanup-secrets-rp4wv: quay.io/coreos/hyperkube:v1.7.6_coreos.0,
istio-egressgateway-866885bb49-6jz9q: docker.io/istio/proxyv2:1.0.3,
istio-galley-6d74549bb9-7nhcl: docker.io/istio/galley:1.0.3,
istio-ingressgateway-6c6ffb7dc8-bvp6b: docker.io/istio/proxyv2:1.0.3,
istio-pilot-685fc95d96-fphc9: docker.io/istio/pilot:1.0.3, docker.io/istio/proxyv2:1.0.3,
istio-policy-688f99c9c4-bpl9w: docker.io/istio/mixer:1.0.3, docker.io/istio/proxyv2:1.0.3,
istio-security-post-install-s6dft: quay.io/coreos/hyperkube:v1.7.6_coreos.0,
istio-sidecar-injector-74855c54b9-6v5xg:docker.io/istio/sidecar_injector:1.0.3,
istio-telemetry-69b794ff59-f7dv4: docker.io/istio/mixer:1.0.3, docker.io/istio/proxyv2:1.0.3,
prometheus-f556886b8-lhdt8: docker.io/prom/prometheus:v2.3.1,
coredns-c4cffd6dc-6xblf: k8s.gcr.io/coredns:1.2.2,
etcd-minikube: k8s.gcr.io/etcd-amd64:3.1.12,
kube-addon-manager-minikube: k8s.gcr.io/kube-addon-manager:v8.6,
kube-apiserver-minikube: k8s.gcr.io/kube-apiserver-amd64:v1.10.0,
kube-controller-manager-minikube: k8s.gcr.io/kube-controller-manager-amd64:v1.10.0,
kube-dns-86f4d74b45-bjk54: k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.8, k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.8, k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.8,
kube-proxy-mqfb9: k8s.gcr.io/kube-proxy-amd64:v1.10.0,
kube-scheduler-minikube: k8s.gcr.io/kube-scheduler-amd64:v1.10.0,
kubernetes-dashboard-6f4cfc5d87-zwk2c: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0,
storage-provisioner: gcr.io/k8s-minikube/storage-provisioner:v1.8.1,
你知道为什么我们不能进入城堡集装箱吗
从下一个Kubernetes版本(1.16+,2019年第3季度)开始,您可以
请参阅(PR=“pull request”):“将临时容器添加到Kubernetes核心API”()。用以获取文档 这是为了解决:“支持对不可分发容器进行故障排除” (这是一个解决办法) 临时容器是一种临时容器,可以添加到现有的吊舱中,以便 用户启动的活动,如调试。临时容器没有资源或调度保证,它们在退出或移除或重新启动pod时不会重新启动
回答得很好。当我运行$kubectl exec-it istio-citadel-6d7f9c545b-bkvnx--/usr/local/bin/istio_ca时,它实际运行。(2018-11-05T21:32:15.587814Z错误未指定签名证书。请通过“-signing cert”选项指定证书文件或使用“-self signed ca”。命令以退出代码255终止)