Kubernetes 编辑/更新pod'；斯亚姆

我的EKS集群中有一个pod，我想编辑它的yaml，这样我就可以将

只读

值从

true

更改为

false

。通过这种方式，我希望能够对pod的系统/映像（还没有确切地知道它的名称）进行更改，目前它是

只读文件系统

可能吗？我可以这样做吗

我尝试复制当前的yaml内容，并创建一个只读值设置为false的新yaml文件，以便将其用作当前文件的替换

我尝试使用的命令是：

kubectl apply -f telegraf-new.yaml  --namespace examplenamespace -l app=polling-telegraf-s

我得到的错误是：

警告：kubectl apply应用于由kubectl create--save config或kubectl apply创建的资源 Pod“polling-telegraf-s-79f44d578f-khdjf”无效：规范：禁止：Pod更新不能更改

spec.containers[*]以外的字段。image

，

spec.initContainers[*]。image

，

spec.activeDeadlineSeconds

或

spec.permissions

（仅添加到现有的公差）

我不确定这是否是解决问题的好方法，但我花了最后几天的时间研究，结果并不令人鼓舞。
任何对正确方向的帮助、提示和建议都将不胜感激

编辑：
kubectl get pod中的我的yaml——名称空间tick-l app=polling-telegraf-s-o yaml是：

apiVersion: v1
items:
- apiVersion: v1
  kind: Pod
  metadata:
    annotations:
      checksum/config: 45cc44098254d90e88878e037f6eb5803be739890e26d9070e21ac0c0650debd
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{"checksum/config":"45cc44098254d90e88878e037f6eb5803be739890e26d9070e21ac0c0650debd","kubernetes.io/psp":"eks.privileged"},"creationTimestamp":"2019-10-30T15:49:57Z","generateName":"polling-telegraf-s-79f44d578f-","labels":{"app":"polling-telegraf-s","pod-template-hash":"79f44d578f"},"name":"polling-telegraf-s-79f44d578f-khdjf","namespace":"tick","ownerReferences":[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"polling-telegraf-s-79f44d578f","uid":"ec1e6988-fb2c-11e9-bdf2-02b7fbdf557a"}],"resourceVersion":"134887","selfLink":"/api/v1/namespaces/tick/pods/polling-telegraf-s-79f44d578f-khdjf","uid":"ec1fa8a5-fb2c-11e9-bdf2-02b7fbdf557a"},"spec":{"containers":[{"image":"telegraf:1.10.3-alpine","imagePullPolicy":"IfNotPresent","name":"polling-telegraf-s","resources":{"limits":{"cpu":"1","memory":"2Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/etc/telegraf","name":"config"},{"mountPath":"/var/run/utmp","name":"varrunutmpro","readOnly":true},{"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount","name":"default-token-htxsr","readOnly":true}]}],"dnsPolicy":"ClusterFirst","enableServiceLinks":true,"nodeName":"ip-192-168-179-5.eu-west-2.compute.internal","priority":0,"restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"serviceAccount":"default","serviceAccountName":"default","terminationGracePeriodSeconds":30,"tolerations":[{"effect":"NoExecute","key":"node.kubernetes.io/not-ready","operator":"Exists","tolerationSeconds":300},{"effect":"NoExecute","key":"node.kubernetes.io/unreachable","operator":"Exists","tolerationSeconds":300}],"volumes":[{"hostPath":{"path":"/var/run/utmp","type":""},"name":"varrunutmpro"},{"configMap":{"defaultMode":420,"name":"polling-telegraf-s"},"name":"config"},{"name":"default-token-htxsr","secret":{"defaultMode":420,"secretName":"default-token-htxsr"}}]},"status":{"conditions":[{"lastProbeTime":null,"lastTransitionTime":"2019-10-30T15:49:57Z","status":"True","type":"Initialized"},{"lastProbeTime":null,"lastTransitionTime":"2019-10-30T15:49:58Z","status":"True","type":"Ready"},{"lastProbeTime":null,"lastTransitionTime":"2019-10-30T15:49:58Z","status":"True","type":"ContainersReady"},{"lastProbeTime":null,"lastTransitionTime":"2019-10-30T15:49:57Z","status":"True","type":"PodScheduled"}],"containerStatuses":[{"containerID":"docker://a66f40111474ea28d1b1b7adf6d9e0278adb6d6aefa23b345cc1559174018f27","image":"telegraf:1.10.3-alpine","imageID":"docker-pullable://telegraf@sha256:9106295bc67459633b4d6151c2e1b9949e501560b2e659fe541bda691c566bcf","lastState":{},"name":"polling-telegraf-s","ready":true,"restartCount":0,"state":{"running":{"startedAt":"2019-10-30T15:49:58Z"}}}],"hostIP":"192.168.179.5","phase":"Running","podIP":"192.168.159.179","qosClass":"Burstable","startTime":"2019-10-30T15:49:57Z"}}
      kubernetes.io/psp: eks.privileged
    creationTimestamp: "2019-10-30T15:49:57Z"
    generateName: polling-telegraf-s-79f44d578f-
    labels:
      app: polling-telegraf-s
      pod-template-hash: 79f44d578f
    name: polling-telegraf-s-79f44d578f-khdjf
    namespace: tick
    ownerReferences:
    - apiVersion: apps/v1
      blockOwnerDeletion: true
      controller: true
      kind: ReplicaSet
      name: polling-telegraf-s-79f44d578f
      uid: ec1e6988-fb2c-11e9-bdf2-02b7fbdf557a
    resourceVersion: "409255"
    selfLink: /api/v1/namespaces/tick/pods/polling-telegraf-s-79f44d578f-khdjf
    uid: ec1fa8a5-fb2c-11e9-bdf2-02b7fbdf557a
  spec:
    containers:
    - image: telegraf:1.10.3-alpine
      imagePullPolicy: IfNotPresent
      name: polling-telegraf-s
      resources:
        limits:
          cpu: "1"
          memory: 2Gi
        requests:
          cpu: 100m
          memory: 256Mi
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
      - mountPath: /etc/telegraf
        name: config
      - mountPath: /var/run/utmp
        name: varrunutmpro
        readOnly: true
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: default-token-htxsr
        readOnly: true
    dnsPolicy: ClusterFirst
    enableServiceLinks: true
    nodeName: ip-192-168-179-5.eu-west-2.compute.internal
    priority: 0
    restartPolicy: Always
    schedulerName: default-scheduler
    securityContext: {}
    serviceAccount: default
    serviceAccountName: default
    terminationGracePeriodSeconds: 30
    tolerations:
    - effect: NoExecute
      key: node.kubernetes.io/not-ready
      operator: Exists
      tolerationSeconds: 300
    - effect: NoExecute
      key: node.kubernetes.io/unreachable
      operator: Exists
      tolerationSeconds: 300
    volumes:
    - hostPath:
        path: /var/run/utmp
        type: ""
      name: varrunutmpro
    - configMap:
        defaultMode: 420
        name: polling-telegraf-s
      name: config
    - name: default-token-htxsr
      secret:
        defaultMode: 420
        secretName: default-token-htxsr
  status:
    conditions:
    - lastProbeTime: null
      lastTransitionTime: "2019-10-30T15:49:57Z"
      status: "True"
      type: Initialized
    - lastProbeTime: null
      lastTransitionTime: "2019-10-30T15:49:58Z"
      status: "True"
      type: Ready
    - lastProbeTime: null
      lastTransitionTime: "2019-10-30T15:49:58Z"
      status: "True"
      type: ContainersReady
    - lastProbeTime: null
      lastTransitionTime: "2019-10-30T15:49:57Z"
      status: "True"
      type: PodScheduled
    containerStatuses:
    - containerID: docker://a66f40111474ea28d1b1b7adf6d9e0278adb6d6aefa23b345cc1559174018f27
      image: telegraf:1.10.3-alpine
      imageID: docker-pullable://telegraf@sha256:9106295bc67459633b4d6151c2e1b9949e501560b2e659fe541bda691c566bcf
      lastState: {}
      name: polling-telegraf-s
      ready: true
      restartCount: 0
      state:
        running:
          startedAt: "2019-10-30T15:49:58Z"
    hostIP: 192.168.179.5
    phase: Running
    podIP: 192.168.159.179
    qosClass: Burstable
    startTime: "2019-10-30T15:49:57Z"
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

---

我想将

只读

值从true更改为false

您可以使用

kubectl edit pods

动态编辑pod

yaml

您必须记住，在调度pod时，有一些字段将不允许编辑，这在错误消息中提到

---

我认为您应该首先删除

pod

并应用新的

yaml

文件。

您可以使用

kubectl edit pods

动态编辑pod

yaml

您必须记住，在调度pod时，有一些字段将不允许编辑，这在错误消息中提到

---

我认为您应该首先删除

pod

并应用新的

yaml

文件。

您可以使用命令

kubectl edit[resource][UID]

编辑kubernetes资源yaml。例如，要更改pod的yaml，可以运行

kubectl edit$pod\u UID

但是，这在您的情况下不起作用，因为您正在编辑一个

mount

，这需要重新启动

pod

。从这个意义上讲，最好的方法是你已经做过的事情。首先通过运行

kubectl get pod$pod_UID-o yaml

从api中提取yaml，然后编辑其内容以再次部署它。但是，正如错误描述的那样，不允许编辑yaml的某些部分。所以你必须移除那些部分

仅保留日志已指向的部分：

spec.containers[*].image、spec.initContainers[*].image、spec.activeDeadlineSeconds或spec.tolerations

否则，以下是您必须删除的部分：

metadata:
  creationTimestamp: 2019-11-01T13:22:50Z
  generateName:
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name:
    uid: 947fb7b7-f1ab-11e9-adfb-42010a8001b2
  resourceVersion: "103002009"
  selfLink:
  uid: b3f96ba4-fcaa-11e9-adfb-42010a8001b2
spec:
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-ff27n
      readOnly: true
  nodeName:
  priority: 0
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: default-token-ff27n
    secret:
      defaultMode: 420
      secretName: default-token-ff27n
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: 2019-11-01T13:22:50Z
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: 2019-11-01T13:22:55Z
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: null
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: 2019-11-01T13:22:50Z
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID:
    image:
    imageID:
    lastState: {}
    name: proxy
    ready: true
    restartCount: 0
    state:
      running:
        startedAt: 2019-11-01T13:22:55Z
  hostIP:
  phase: Running
  podIP:
  qosClass: Burstable
  startTime: 2019-11-01T13:22:50Z

---

您可以使用命令

kubectl edit[resource][UID]

编辑kubernetes资源yaml。例如，要更改pod的yaml，可以运行

kubectl edit$pod\u UID

但是，这在您的情况下不起作用，因为您正在编辑一个

mount

，这需要重新启动

pod

。从这个意义上讲，最好的方法是你已经做过的事情。首先通过运行

kubectl get pod$pod_UID-o yaml

从api中提取yaml，然后编辑其内容以再次部署它。但是，正如错误描述的那样，不允许编辑yaml的某些部分。所以你必须移除那些部分

仅保留日志已指向的部分：

spec.containers[*].image、spec.initContainers[*].image、spec.activeDeadlineSeconds或spec.tolerations

否则，以下是您必须删除的部分：

metadata:
  creationTimestamp: 2019-11-01T13:22:50Z
  generateName:
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name:
    uid: 947fb7b7-f1ab-11e9-adfb-42010a8001b2
  resourceVersion: "103002009"
  selfLink:
  uid: b3f96ba4-fcaa-11e9-adfb-42010a8001b2
spec:
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-ff27n
      readOnly: true
  nodeName:
  priority: 0
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: default-token-ff27n
    secret:
      defaultMode: 420
      secretName: default-token-ff27n
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: 2019-11-01T13:22:50Z
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: 2019-11-01T13:22:55Z
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: null
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: 2019-11-01T13:22:50Z
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID:
    image:
    imageID:
    lastState: {}
    name: proxy
    ready: true
    restartCount: 0
    state:
      running:
        startedAt: 2019-11-01T13:22:55Z
  hostIP:
  phase: Running
  podIP:
  qosClass: Burstable
  startTime: 2019-11-01T13:22:50Z

---

谢谢你的回答。问题是，如果我删除

spec

，那么我将不会更改

readOnly

字段，这样我就不会得到想要的结果，即使系统文件可写。不要删除spec。我没有告诉您删除它。你必须保留它。这是必需的。请删除

规范

下的

子变量

。若你们用yaml更新你们的答案，我可以为你们格式化。我刚刚在我的问题中添加了它。谢谢你们的回答。问题是，如果我删除

spec

，那么我将不会更改

readOnly

字段，这样我就不会得到想要的结果，即使系统文件可写。不要删除spec。我没有告诉您删除它。你必须保留它。这是必需的。请删除

规范

下的

子变量

。若你们用yaml更新你们的答案，我可以为你们格式化。我只是在我的问题中添加了它