Kubernetes 编辑/更新pod';斯亚姆
我的EKS集群中有一个pod,我想编辑它的yaml,这样我就可以将Kubernetes 编辑/更新pod';斯亚姆,kubernetes,yaml,kubernetes-pod,amazon-eks,Kubernetes,Yaml,Kubernetes Pod,Amazon Eks,我的EKS集群中有一个pod,我想编辑它的yaml,这样我就可以将只读值从true更改为false。通过这种方式,我希望能够对pod的系统/映像(还没有确切地知道它的名称)进行更改,目前它是只读文件系统 可能吗?我可以这样做吗 我尝试复制当前的yaml内容,并创建一个只读值设置为false的新yaml文件,以便将其用作当前文件的替换 我尝试使用的命令是: kubectl apply -f telegraf-new.yaml --namespace examplenamespace -l app
只读
值从true
更改为false
。通过这种方式,我希望能够对pod的系统/映像(还没有确切地知道它的名称)进行更改,目前它是只读文件系统
可能吗?我可以这样做吗
我尝试复制当前的yaml内容,并创建一个只读值设置为false的新yaml文件,以便将其用作当前文件的替换
我尝试使用的命令是:
kubectl apply -f telegraf-new.yaml --namespace examplenamespace -l app=polling-telegraf-s
我得到的错误是:
警告:kubectl apply应用于由kubectl create--save config或kubectl apply创建的资源
Pod“polling-telegraf-s-79f44d578f-khdjf”无效:规范:禁止:Pod更新不能更改spec.containers[*]以外的字段。image
,spec.initContainers[*]。image
,spec.activeDeadlineSeconds
或spec.permissions
(仅添加到现有的公差)
我不确定这是否是解决问题的好方法,但我花了最后几天的时间研究,结果并不令人鼓舞。任何对正确方向的帮助、提示和建议都将不胜感激 编辑:
kubectl get pod中的我的yaml——名称空间tick-l app=polling-telegraf-s-o yaml是:
apiVersion: v1
items:
- apiVersion: v1
kind: Pod
metadata:
annotations:
checksum/config: 45cc44098254d90e88878e037f6eb5803be739890e26d9070e21ac0c0650debd
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{"checksum/config":"45cc44098254d90e88878e037f6eb5803be739890e26d9070e21ac0c0650debd","kubernetes.io/psp":"eks.privileged"},"creationTimestamp":"2019-10-30T15:49:57Z","generateName":"polling-telegraf-s-79f44d578f-","labels":{"app":"polling-telegraf-s","pod-template-hash":"79f44d578f"},"name":"polling-telegraf-s-79f44d578f-khdjf","namespace":"tick","ownerReferences":[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"polling-telegraf-s-79f44d578f","uid":"ec1e6988-fb2c-11e9-bdf2-02b7fbdf557a"}],"resourceVersion":"134887","selfLink":"/api/v1/namespaces/tick/pods/polling-telegraf-s-79f44d578f-khdjf","uid":"ec1fa8a5-fb2c-11e9-bdf2-02b7fbdf557a"},"spec":{"containers":[{"image":"telegraf:1.10.3-alpine","imagePullPolicy":"IfNotPresent","name":"polling-telegraf-s","resources":{"limits":{"cpu":"1","memory":"2Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/etc/telegraf","name":"config"},{"mountPath":"/var/run/utmp","name":"varrunutmpro","readOnly":true},{"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount","name":"default-token-htxsr","readOnly":true}]}],"dnsPolicy":"ClusterFirst","enableServiceLinks":true,"nodeName":"ip-192-168-179-5.eu-west-2.compute.internal","priority":0,"restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"serviceAccount":"default","serviceAccountName":"default","terminationGracePeriodSeconds":30,"tolerations":[{"effect":"NoExecute","key":"node.kubernetes.io/not-ready","operator":"Exists","tolerationSeconds":300},{"effect":"NoExecute","key":"node.kubernetes.io/unreachable","operator":"Exists","tolerationSeconds":300}],"volumes":[{"hostPath":{"path":"/var/run/utmp","type":""},"name":"varrunutmpro"},{"configMap":{"defaultMode":420,"name":"polling-telegraf-s"},"name":"config"},{"name":"default-token-htxsr","secret":{"defaultMode":420,"secretName":"default-token-htxsr"}}]},"status":{"conditions":[{"lastProbeTime":null,"lastTransitionTime":"2019-10-30T15:49:57Z","status":"True","type":"Initialized"},{"lastProbeTime":null,"lastTransitionTime":"2019-10-30T15:49:58Z","status":"True","type":"Ready"},{"lastProbeTime":null,"lastTransitionTime":"2019-10-30T15:49:58Z","status":"True","type":"ContainersReady"},{"lastProbeTime":null,"lastTransitionTime":"2019-10-30T15:49:57Z","status":"True","type":"PodScheduled"}],"containerStatuses":[{"containerID":"docker://a66f40111474ea28d1b1b7adf6d9e0278adb6d6aefa23b345cc1559174018f27","image":"telegraf:1.10.3-alpine","imageID":"docker-pullable://telegraf@sha256:9106295bc67459633b4d6151c2e1b9949e501560b2e659fe541bda691c566bcf","lastState":{},"name":"polling-telegraf-s","ready":true,"restartCount":0,"state":{"running":{"startedAt":"2019-10-30T15:49:58Z"}}}],"hostIP":"192.168.179.5","phase":"Running","podIP":"192.168.159.179","qosClass":"Burstable","startTime":"2019-10-30T15:49:57Z"}}
kubernetes.io/psp: eks.privileged
creationTimestamp: "2019-10-30T15:49:57Z"
generateName: polling-telegraf-s-79f44d578f-
labels:
app: polling-telegraf-s
pod-template-hash: 79f44d578f
name: polling-telegraf-s-79f44d578f-khdjf
namespace: tick
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: polling-telegraf-s-79f44d578f
uid: ec1e6988-fb2c-11e9-bdf2-02b7fbdf557a
resourceVersion: "409255"
selfLink: /api/v1/namespaces/tick/pods/polling-telegraf-s-79f44d578f-khdjf
uid: ec1fa8a5-fb2c-11e9-bdf2-02b7fbdf557a
spec:
containers:
- image: telegraf:1.10.3-alpine
imagePullPolicy: IfNotPresent
name: polling-telegraf-s
resources:
limits:
cpu: "1"
memory: 2Gi
requests:
cpu: 100m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/telegraf
name: config
- mountPath: /var/run/utmp
name: varrunutmpro
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-htxsr
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-192-168-179-5.eu-west-2.compute.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- hostPath:
path: /var/run/utmp
type: ""
name: varrunutmpro
- configMap:
defaultMode: 420
name: polling-telegraf-s
name: config
- name: default-token-htxsr
secret:
defaultMode: 420
secretName: default-token-htxsr
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-10-30T15:49:57Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-10-30T15:49:58Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-10-30T15:49:58Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-10-30T15:49:57Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://a66f40111474ea28d1b1b7adf6d9e0278adb6d6aefa23b345cc1559174018f27
image: telegraf:1.10.3-alpine
imageID: docker-pullable://telegraf@sha256:9106295bc67459633b4d6151c2e1b9949e501560b2e659fe541bda691c566bcf
lastState: {}
name: polling-telegraf-s
ready: true
restartCount: 0
state:
running:
startedAt: "2019-10-30T15:49:58Z"
hostIP: 192.168.179.5
phase: Running
podIP: 192.168.159.179
qosClass: Burstable
startTime: "2019-10-30T15:49:57Z"
kind: List
metadata:
resourceVersion: ""
selfLink: ""
我想将
只读
值从true更改为false 您可以使用kubectl edit pods
动态编辑podyaml
您必须记住,在调度pod时,有一些字段将不允许编辑,这在错误消息中提到
我认为您应该首先删除
pod
并应用新的yaml
文件。您可以使用kubectl edit pods
动态编辑podyaml
您必须记住,在调度pod时,有一些字段将不允许编辑,这在错误消息中提到
我认为您应该首先删除
pod
并应用新的yaml
文件。您可以使用命令kubectl edit[resource][UID]
编辑kubernetes资源yaml。例如,要更改pod的yaml,可以运行kubectl edit$pod\u UID
但是,这在您的情况下不起作用,因为您正在编辑一个mount
,这需要重新启动pod
。从这个意义上讲,最好的方法是你已经做过的事情。首先通过运行kubectl get pod$pod_UID-o yaml
从api中提取yaml,然后编辑其内容以再次部署它。但是,正如错误描述的那样,不允许编辑yaml的某些部分。所以你必须移除那些部分
仅保留日志已指向的部分:spec.containers[*].image、spec.initContainers[*].image、spec.activeDeadlineSeconds或spec.tolerations
否则,以下是您必须删除的部分:
metadata:
creationTimestamp: 2019-11-01T13:22:50Z
generateName:
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name:
uid: 947fb7b7-f1ab-11e9-adfb-42010a8001b2
resourceVersion: "103002009"
selfLink:
uid: b3f96ba4-fcaa-11e9-adfb-42010a8001b2
spec:
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-ff27n
readOnly: true
nodeName:
priority: 0
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-ff27n
secret:
defaultMode: 420
secretName: default-token-ff27n
status:
conditions:
- lastProbeTime: null
lastTransitionTime: 2019-11-01T13:22:50Z
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: 2019-11-01T13:22:55Z
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: null
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: 2019-11-01T13:22:50Z
status: "True"
type: PodScheduled
containerStatuses:
- containerID:
image:
imageID:
lastState: {}
name: proxy
ready: true
restartCount: 0
state:
running:
startedAt: 2019-11-01T13:22:55Z
hostIP:
phase: Running
podIP:
qosClass: Burstable
startTime: 2019-11-01T13:22:50Z
您可以使用命令
kubectl edit[resource][UID]
编辑kubernetes资源yaml。例如,要更改pod的yaml,可以运行kubectl edit$pod\u UID
但是,这在您的情况下不起作用,因为您正在编辑一个mount
,这需要重新启动pod
。从这个意义上讲,最好的方法是你已经做过的事情。首先通过运行kubectl get pod$pod_UID-o yaml
从api中提取yaml,然后编辑其内容以再次部署它。但是,正如错误描述的那样,不允许编辑yaml的某些部分。所以你必须移除那些部分
仅保留日志已指向的部分:spec.containers[*].image、spec.initContainers[*].image、spec.activeDeadlineSeconds或spec.tolerations
否则,以下是您必须删除的部分:
metadata:
creationTimestamp: 2019-11-01T13:22:50Z
generateName:
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name:
uid: 947fb7b7-f1ab-11e9-adfb-42010a8001b2
resourceVersion: "103002009"
selfLink:
uid: b3f96ba4-fcaa-11e9-adfb-42010a8001b2
spec:
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-ff27n
readOnly: true
nodeName:
priority: 0
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-ff27n
secret:
defaultMode: 420
secretName: default-token-ff27n
status:
conditions:
- lastProbeTime: null
lastTransitionTime: 2019-11-01T13:22:50Z
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: 2019-11-01T13:22:55Z
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: null
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: 2019-11-01T13:22:50Z
status: "True"
type: PodScheduled
containerStatuses:
- containerID:
image:
imageID:
lastState: {}
name: proxy
ready: true
restartCount: 0
state:
running:
startedAt: 2019-11-01T13:22:55Z
hostIP:
phase: Running
podIP:
qosClass: Burstable
startTime: 2019-11-01T13:22:50Z
谢谢你的回答。问题是,如果我删除
spec
,那么我将不会更改readOnly
字段,这样我就不会得到想要的结果,即使系统文件可写。不要删除spec。我没有告诉您删除它。你必须保留它。这是必需的。请删除规范
下的子变量
。若你们用yaml更新你们的答案,我可以为你们格式化。我刚刚在我的问题中添加了它。谢谢你们的回答。问题是,如果我删除spec
,那么我将不会更改readOnly
字段,这样我就不会得到想要的结果,即使系统文件可写。不要删除spec。我没有告诉您删除它。你必须保留它。这是必需的。请删除规范
下的子变量
。若你们用yaml更新你们的答案,我可以为你们格式化。我只是在我的问题中添加了它