nlm · March 4, 2022 13:33
diff --git a/kubectl-shell b/kubectl-shell
 #!/bin/bash -eu
 # This script starts a new pod with a privileged container to run admin commands
 if [ "$#" -ne 1 ]; then
    echo "usage: $0 nodeName" >&2
    exit 1
 fi
 node=${1:?}
 nodeName=$(kubectl get node ${node} -o template --template='{{index .metadata.labels "kubernetes.io/hostname"}}')
 podName=${USER:-unknown}-shell-${nodeName}
 exec kubectl run ${podName:?} --restart=Never -it --rm --image overriden --overrides '
 {
  "spec": {
    "priorityClassName": "system-node-critical",
    "hostPID": true,
    "hostNetwork": true,
    "nodeSelector": { "kubernetes.io/hostname": "'${nodeName:?}'" },
    "tolerations": [{
        "operator": "Exists"
    }],
    "containers": [
      {
        "name": "nsenter",
        "image": "ubuntu:latest",
        "command": [
          "nsenter", "--all", "--target=1", "--", "su", "-"
        ],
        "stdin": true,
        "tty": true,
        "securityContext": {
          "privileged": true
        }
      }
    ]
  }
 }' --attach "$@"
	#!/bin/bash -eu
	# This script starts a new pod with a privileged container to run admin commands
	if [ "$#" -ne 1 ]; then
	echo "usage: $0 nodeName" >&2
	exit 1
	fi
	node=${1:?}
	nodeName=$(kubectl get node ${node} -o template --template='{{index .metadata.labels "kubernetes.io/hostname"}}')
	podName=${USER:-unknown}-shell-${nodeName}
	exec kubectl run ${podName:?} --restart=Never -it --rm --image overriden --overrides '
	{
	"spec": {
	"priorityClassName": "system-node-critical",
	"hostPID": true,
	"hostNetwork": true,
	"nodeSelector": { "kubernetes.io/hostname": "'${nodeName:?}'" },
	"tolerations": [{
	"operator": "Exists"
	}],
	"containers": [
	{
	"name": "nsenter",
	"image": "ubuntu:latest",
	"command": [
	"nsenter", "--all", "--target=1", "--", "su", "-"
	],
	"stdin": true,
	"tty": true,
	"securityContext": {
	"privileged": true
	}
	}
	]
	}
	}' --attach "$@"