Skip to content

Ops Container

DaemonSet

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# 
# oc adm new-project --node-selector="" ops-container
# oc project ops-container
# oc adm policy add-scc-to-user privileged -z default
# 
# How to do on K8s: https://itnext.io/get-a-shell-to-a-kubernetes-node-9b720a15a4fe
# Or use "oc debug node/..." 
oc create -f - <<EOF
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: ops-container
spec:
  selector:
    matchLabels:
      name: ops-container
  template:
    metadata:
      labels:
        name: ops-container
    spec:
      hostPID: true
      hostIPC: true
      hostNetwork: true
      hostname: ops
      # nodeSelector:
      #   kubernetes.io/hostname: node3.novalocal
      # nodeName: node3.novalocal
      volumes:
        - name: host
          hostPath:
            path: /
        - name: run
          hostPath:
            path: /run
        - name: log
          hostPath:
            path: /var/log
        - name: localtime
          hostPath:
            path: /etc/localtime
      containers:
        - name: rhel
          image: rhel7/rhel-tools
          command: [ "/bin/sh", "-c", "while true ; do date; sleep 1; done;" ]
          securityContext:
            privileged: true
          env:
            - name: HOST
              value: "/host"
            - name: NAME
              value: "ops"
            - name: IMAGE
              value: "rhel/rhel-tools"
          volumeMounts:
            - name: host
              mountPath: /host
            - name: run
              mountPath: /run
            - name: log
              mountPath: /var/log
            - name: localtime
              mountPath: /etc/localtime
EOF

RHEL Pod

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
apiVersion: v1
kind: Pod
metadata:
  name: rhel
spec:
  hostPID: true
  hostIPC: true
  hostNetwork: true
  hostname: toor
  # nodeSelector:
  #   kubernetes.io/hostname: node3.novalocal
  # nodeName: node3.novalocal
  volumes:
    - name: host
      hostPath:
        path: /
    - name: run
      hostPath:
        path: /run
    - name: log
      hostPath:
        path: /var/log
    - name: localtime
      hostPath:
        path: /etc/localtime
  containers:
    - name: rhel
      image: rhel7/rhel-tools
      command: [ "/bin/sh", "-c", "while true ; do date; sleep 1; done;" ]
      securityContext:
        privileged: true
      env:
        - name: HOST
          value: "/host"
        - name: NAME
          value: "toor"
        - name: IMAGE
          value: "rhel/rhel-tools"
      volumeMounts:
        - name: host
          mountPath: /host
        - name: run
          mountPath: /run
        - name: log
          mountPath: /var/log
        - name: localtime
          mountPath: /etc/localtime
  restartPolicy: Never

Last update: April 12, 2020