姒傝堪鍋囪涓€涓満鏅細鍦ㄧ敓浜х幆澧冧腑锛孨ode闇€瑕侀€氳繃鍫″瀿鏈虹櫥褰曪紝浣嗘槸kubectl鍙互鐩存帴鍦ㄤ釜浜虹數鑴戜笂鐧诲綍銆傚湪杩欎釜鍦烘櫙涓嬶紝鎴戞兂閫氳繃kubectl鐧诲綍K8S闆嗙兢涓殑Node锛屽彲浠ュ悧锛熷ソ鐨勶紒鏈川涓婃槸鍒╃敤瀹瑰櫒锛坮unC锛夌殑寮遍殧绂伙紙鍏变韩鍐呮牳銆丆gruop绛夊疄鐜拌繘绋嬮殧绂伙級瀹炵幇鐨勬潈闄愰€冮€搞€傚鏋滀綘鐨勫叕鍙镐娇鐢ㄤ竴浜涘晢涓氬鍣ㄥ钩鍙帮紙濡傦細openshift銆乺ancher锛夌瓑锛岃繖涓殣鎮e彲鑳藉湪榛樿瀹夎鏃堕€氳繃PSPscc鎴杙olicy棰勫厛灞忚斀銆備絾鏄鏋滄槸鍘熺敓鐨凨ubernetes锛屼笅闈㈢殑鏂规硶寰€寰€鏄彲琛岀殑銆傚師鐞嗘杩板厛璇存湰璐紝鏈川涓婂氨鏄細瀹瑰櫒锛坮unC锛夊急闅旂銆傚浜庤櫄鎷熸満锛岃櫄鎷熸満鍦ㄥ唴鏍哥骇鍒槸闅旂鐨勩€備笉鍚岀殑铏氭嫙鏈烘湁涓嶅悓鐨勫唴鏍革紝鎵€浠ュ畨鍏ㄦ€ц楂樺緢澶氾紝寰堥毦浠庤櫄鎷熸満閫冮€稿埌鎵€鍦ㄧ殑鐗╃悊鏈恒€備絾鏄紝瀹瑰櫒(runC)鏄急闅旂鐨勩€備竴鍙版満鍣ㄤ笂鐨勬墍鏈夊鍣ㄥ叡浜悓涓€涓唴鏍搞€備箣鎵€浠ラ粯璁ょ湅涓嶅埌瀵规柟锛屾槸閫氳繃cgroup銆乶etnamespace绛夊疄鐜扮殑杩涚▼绾ч殧绂汇€傜劧鍚庤ˉ鍏呬竴涓嬶紝浣犲瀹瑰櫒鐨勬潈闄愭病鏈夎繘涓€姝ョ殑闄愬埗锛屾垜鍙互鐩存帴杩涘叆瀹冩墍鍦ㄧ殑鑺傜偣閫氳繃杩愯鐗规潈瀹瑰櫒瀹氫綅銆傚叿浣撴楠ら€傜敤浜嶬8S1.25涔嬪墠鐨勭増鏈€傛楠ゅ緢绠€鍗曪紝灏辨槸鍍忎笂闈㈣鐨勯偅鏍峰垱寤轰竴涓壒鏉冨鍣紝閫氳繃nsenter鍛戒护杩涘叆nodeshell銆傜ず渚媦aml濡備笅锛歛piVersion:v1kind:Podmetadata:labels:run:nsenter-v0l86qname:nsenter-v0l86qnamespace:defaultspec:containers:-command:-nsenter---target-"1"---mount---uts---ipc---net---pid----bash--l鍥剧墖锛歞ocker.io/library/alpineimagePullPolicy锛氬缁堝悕绉帮細nsentersecurityContext锛氱壒鏉冿細鐪焥tdin锛氱湡stdinOnce锛氱湡tty锛歵ruehostNetwork:truehostPID:truerestartPolicy:Nevertolerations:-key:CriticalAddonsOnlyoperator:Exists-effect:NoExecuteoperator:Exists鐩存帴kubectlapply-fnode-shell.yaml杩涘叆鑺傜偣shell銆備互涓妝aml锛岄噸鐐瑰涓嬶細杩涘叆nodeshell鐨勫懡浠わ細nsenter--target1--mount--uts--ipc--net--pid--bash-l锛屽湪Linux绯荤粺涓紝nsenter鏄竴涓敤浜庤繘鍏ュ彟涓€涓懡鍚嶇┖闂寸殑鍛戒护琛屽伐鍏枫€傛瘮濡俷senter-n-t1bash灏辨槸杩涘叆pid涓?鐨勮繘绋嬫墍鍦ㄧ殑缃戠粶鍛藉悕绌洪棿銆備互鍙婅繘鍏ヨ妭鐐箂hell鐨勬潈闄愶細hostPID:true鍒嗕韩瀹夸富鐨刾idhostNetwork:true鍒嗕韩瀹夸富鐨勭綉缁減rivileded:true:PSP鏉冮檺绛栫暐涓虹壒鏉冿紝鍗冲畬鍏ㄦ棤闄愬埗銆傝繘鍏odeshell鐨刾od鍚庯紝鏁堟灉濡備笅锛歎tilities-杩涘叆nodeshell鏇存柟渚裤€傝繖閲屾帹鑽?涓伐鍏凤紝鏇存柟渚跨殑杩涘叆nodeshell銆俴rewnode-shell鍙互閫氳繃kubectl鎻掍欢绠$悊宸ュ叿krew瀹夎node-shell銆傚涓嬶細#瀹夎宸ュ叿kubectlkrewinstallnode-shell#杈撳叆nodeshellKubectlnode-shell
