本人已参与[新人创作礼] 活动，一起开启掘金创作之路

POD 特权模式

有时候pod中无法使用root权限的命令和程序，比如ifconfig等网络操作命令，这个时候可以修改ymal文件 新增如下配置：

containers:

- name: $PODNAME
  image: hub.xyz.blocal/cloud/centos7ssh:1.0
  command: ["..."]
  securityContext:
    privileged: true
    
    
    

POD 进入pod的netns配置nfv功能

获取pod的Container ID

#kubectl describe pod fe -n fe

Containers:

fe:

Container ID:   docker://9dd4171e55f8f12fb72ba539c5147c891b9d07827845024a6636f745d34fc953
Image:          hub.baymax.oppo.local/cloud/centos7ssh:1.0
Image ID:       docker-xxxxxxx

....... 获取容器的Pid docker inspect 9dd4171e55f8f12fb72ba539c5147c891b9d07827845024a6636f745d34fc953

[ { ... ], "State": {

        "Status": "running",
        
        "Running": true,
        
        "Paused": false,
        
        "Restarting": false,
        "OOMKilled": false,
        "Dead": false,
        **"Pid": 479428,**
        "ExitCode": 0,
        "Error": "",
        "StartedAt": "2022-02-22T09:42:16.375956412Z",
        "FinishedAt": "0001-01-01T00:00:00Z"

进入pod的网络空间

nsenter -n --target 479428

ip r

default via 192.168.30.1 dev eth0

192.168.30.0/24 dev eth0 proto kernel scope link src 192.168.30.3

linux 给一个网卡配置多个地址方法:

#ifconfig eth0:1 192.168.30.4/24

#ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever

505: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000

link/ether fa:16:2f:46:10:de brd ff:ff:ff:ff:ff:ff
inet 192.168.30.3/24 scope global eth0
   valid_lft forever preferred_lft forever
inet 192.168.30.4/24 brd 192.168.30.255 scope global secondary eth0:1
   valid_lft forever preferred_lft forever