Applications running in Kubernetes are usually long-lived services that you dont have to connect to. Sometimes you might like to manually run a command in the container though, perhaps for a one-off maintenance operation or even to assist a debugging procedure.
In this post well show how exactly to run commands and obtain interactive shell sessions inside Kubernetes containers. This can enable you to start processes in the container making use of your local terminal. Its fully integrated with Kubernetes and its own Kubectl CLI, which means you dont need to pollute your container images having an SSH daemon to enables remote access.
Using Kubectl Exec
kubectl exec executes a command in the running container. It gets the following basic syntax:
$ kubectl exec demo-pod -- demo-command
This can run demo-command in the first container of the demo-pod Pod. The command is executed with root privileges.
Additional flags are essential to create an interactive terminal session:
--stdin(-i) Pass your terminals standard input stream in to the container.--tty(-t) Mark the typical input stream as a TTY, rendering it interactive.
Heres a good example of obtaining a shell to the initial container in a Pod:
$ kubectl exec -it demo-pod -- /bin/sh
Everything following the -- becomes portion of the command thats executed in the container. kubectl exec ignores the containers default entrypoint, instead launching a fresh process with the command you specify. You shouldnt wrap the command with quotation marks ("/bin/sh") unless youd utilize them normally when running the command locally.
Selecting a Different Container
kubectl exec connects to the Pods default container when no other arguments receive. The default container may be the one with the kubectl.kubernetes.io/default-container annotation. This is the initial container in the Pod if youve not manually added the annotation to any.
Heres a Pod that runs two containers:
apiVersion: v1kind: Podmetadata: name: demo-podspec: containers: - name: app-container image: nginx:latest - name: sidecar-container image: busybox:latest
It is possible to run a command in the sidecar-container with the addition of the -c flag to kubectl exec:
$ kubectl exec --it demo-pod -c sidecar-container -- /bin/sh
Looking forward to Pods to Be Running
Kubectl will wait one minute for the Pod to be Running if its containers havent already started once you run the exec command. This timeout value could be changed with the --pod-running-timeout flag. Its useful when you wish to perform a command straight after developing a new Pod, when it could not need been scheduled to a Node.
$ kubectl exec --pod-running-timeout=5m demo-pod -- demo-command
When MUST I UTILIZE IT?
kubectl exec is most beneficial reserved for specialist situations where you will need to directly connect to a containers filesystem. You could utilize it to gain access to logs or caches following a problem or even to run an infrequently used housekeeping script thats provided in a container image.
Although kubectl exec enables you to run any command, you need to avoid dramatically modifying the containers environment. This may cause the container to drift from the expected state. Containers shouldnt normally require intervention so usage of kubectl exec inside production environments usually signals that somethings gone wrong.
Dont utilize this command to set up packages or apply updates in the container. This type of operation ought to be handled because they build a fresh container image which includes the changes, then replacing your Kubernetes Pods with ones that run the revised build. Third , principle ensures your changes wont be lost once the Pod restarts and reverts to its container images filesystem. Maintaining your containers immutable also guarantees they could be reliably reproduced from their images, which enhances reliability and simple debugging.
Summary
Owning a one-off command in the Kubernetes container enables you to debug issues, perform maintenance tasks, and inspect the containers filesystem. In each one of these situations, you may use kubectl exec to obtain a link with a container.
Adding the -it flag combination will forward your terminals standard input stream as a TTY, providing an interactive shell session. This wont continually be necessary based on the command you need to use: if it only produces output, without requiring any input, it is possible to safely omit the flags.
