I deployed istio/bookinfo on kubernetes, and I want to install stress on the microservice container to inject fault. However, When I use
kubectl exec -it reviews-v1-f55d74d54-kpxr2 -c reviews --username=root -- /bin/bash
to log in the container, it show that the user is still default. and the command 'apt-get' got
default@reviews-v2-6f4995984d-4752v:/$ apt-get update
Reading package lists... Done
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
I tried to use 'su root' but I don't know the answer. I searched some answer say that I can use 'docker exec', it works but it is not convenient, so I want to know how to log in the container by use the command kubectl exec.
This is not supported.
Source code suggests it's a TODO feature: kubernetes/kubectl/pkg/cmd/exec/exec.go
The --username flag explained by kubectl:
➜ ~ kubectl options | grep user
--user='': The name of the kubeconfig user to use
--username='': Username for basic authentication to the API server
As you probably see, none of the user flags can change user/UID for exec.
All flags supported by exec command:
➜ ~ kubectl exec --help
[...]
Options:
-c, --container='': Container name. If omitted, the first container in the pod will be chosen
-f, --filename=[]: to use to exec into the resource
--pod-running-timeout=1m0s: The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one
pod is running
-i, --stdin=false: Pass stdin to the container
-t, --tty=false: Stdin is a TTY
Additionally, apt-get update is best to be run at build time, not at a run time.
It is a good practise to keep your containers immutable. For testing purpouses you should stick with docker exec because ther is no other known alternative.
Also, If you have a specific problem to solve, explain the problem, not the solution. xyproblem