Let's assume we have a pod called nginx
running in the namespace nginx-test
.
kubectl create namespace nginx-test
kubectl run nginx --image=nginx -n nginx-test
If the following command outputs k3d
, it's a k3d cluster:
kubectl get node --selector "node-role.kubernetes.io/master=true" -o name | sed 's/.*\///' | cut -c -3
kubectl get pod nginx -n nginx-test -o jsonpath="{.spec.nodeName}"
On my demo cluster it's k3d-demo-server-0
.
(This command is only applicable if there's just one container in the pod. If there are multiple container within the pod, this case must be handled separately.)
kubectl get pod nginx -n nginx-test -o jsonpath="{.status.containerStatuses[].containerID}" | sed 's/.*\/\///'
In my test the output was 6d100587c71c60facd6d6ef4e18bd4e085b29453d1866bfc736a9035d9848820
.
The name of the container is the output of step 2 (which is k3d-demo-server-0
for me).
docker exec -it k3d-demo-server-0 sh
NOTE: Since the
k3s crictl exec
command has no option to specify the login user we have to use therunc
tool instead.
The runc
command is the "CLI tool for spawning and running containers according to the OCI specification".
The --user
(or -u
) option needs the UID of the user which you want to log in with (0
in case of root). From the doc: --user value, -u value | value: UID (format: <uid>[:<gid>])
We also have to specify the root path of the containers, which is /run/containerd/runc/k8s.io/
.
So we have to execute the following command in order to be able to log into the pod as root:
runc --root /run/containerd/runc/k8s.io/ exec -t -u 0 6d100587c71c60facd6d6ef4e18bd4e085b29453d1866bfc736a9035d9848820 sh