编辑/更新 pod 的 yaml

Question

我的 EKS 集群中有一个 pod，我想编辑它的 yaml，以便我可以将 read-only 值从 true 更改为 false 。通过这种方式，我希望能够更改 pod 的系统/映像（还没有完全弄清楚它的名称），目前它是 read-only file system。

这可能吗？我可以这样做吗？

我尝试复制当前的 yaml 内容并创建一个新的 yaml 文件，并将只读值设置为 false ，以便将其用作当前文件的替代品。

我尝试使用的命令是：

kubectl apply -f telegraf-new.yaml  --namespace examplenamespace -l app=polling-telegraf-s

我得到的错误是：

警告：kubectl apply 应该用于由 kubectl create --save-config 或 kubectl apply 创建的资源 Pod "polling-telegraf-s-79f44d578f-khdjf" 无效：规范：禁止：Pod 更新可能不会更改除 spec.containers[*].image、spec.initContainers[*].image、spec.activeDeadlineSeconds 或 spec.tolerations 以外的字段（仅添加到现有容忍度）

我不确定这是否是解决我的问题的好方法，但我最近几天都在研究它，结果并不那么令人鼓舞。
任何有关正确方向的帮助、提示和建议将不胜感激。

编辑：
我来自 kubectl get pod --namespace tick -l app=polling-telegraf-s -o yaml 的 yaml 是：

apiVersion: v1
items:
- apiVersion: v1
  kind: Pod
  metadata:
    annotations:
      checksum/config: 45cc44098254d90e88878e037f6eb5803be739890e26d9070e21ac0c0650debd
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{"checksum/config":"45cc44098254d90e88878e037f6eb5803be739890e26d9070e21ac0c0650debd","kubernetes.io/psp":"eks.privileged"},"creationTimestamp":"2019-10-30T15:49:57Z","generateName":"polling-telegraf-s-79f44d578f-","labels":{"app":"polling-telegraf-s","pod-template-hash":"79f44d578f"},"name":"polling-telegraf-s-79f44d578f-khdjf","namespace":"tick","ownerReferences":[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"polling-telegraf-s-79f44d578f","uid":"ec1e6988-fb2c-11e9-bdf2-02b7fbdf557a"}],"resourceVersion":"134887","selfLink":"/api/v1/namespaces/tick/pods/polling-telegraf-s-79f44d578f-khdjf","uid":"ec1fa8a5-fb2c-11e9-bdf2-02b7fbdf557a"},"spec":{"containers":[{"image":"telegraf:1.10.3-alpine","imagePullPolicy":"IfNotPresent","name":"polling-telegraf-s","resources":{"limits":{"cpu":"1","memory":"2Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/etc/telegraf","name":"config"},{"mountPath":"/var/run/utmp","name":"varrunutmpro","readOnly":true},{"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount","name":"default-token-htxsr","readOnly":true}]}],"dnsPolicy":"ClusterFirst","enableServiceLinks":true,"nodeName":"ip-192-168-179-5.eu-west-2.compute.internal","priority":0,"restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"serviceAccount":"default","serviceAccountName":"default","terminationGracePeriodSeconds":30,"tolerations":[{"effect":"NoExecute","key":"node.kubernetes.io/not-ready","operator":"Exists","tolerationSeconds":300},{"effect":"NoExecute","key":"node.kubernetes.io/unreachable","operator":"Exists","tolerationSeconds":300}],"volumes":[{"hostPath":{"path":"/var/run/utmp","type":""},"name":"varrunutmpro"},{"configMap":{"defaultMode":420,"name":"polling-telegraf-s"},"name":"config"},{"name":"default-token-htxsr","secret":{"defaultMode":420,"secretName":"default-token-htxsr"}}]},"status":{"conditions":[{"lastProbeTime":null,"lastTransitionTime":"2019-10-30T15:49:57Z","status":"True","type":"Initialized"},{"lastProbeTime":null,"lastTransitionTime":"2019-10-30T15:49:58Z","status":"True","type":"Ready"},{"lastProbeTime":null,"lastTransitionTime":"2019-10-30T15:49:58Z","status":"True","type":"ContainersReady"},{"lastProbeTime":null,"lastTransitionTime":"2019-10-30T15:49:57Z","status":"True","type":"PodScheduled"}],"containerStatuses":[{"containerID":"docker://a66f40111474ea28d1b1b7adf6d9e0278adb6d6aefa23b345cc1559174018f27","image":"telegraf:1.10.3-alpine","imageID":"docker-pullable://telegraf@sha256:9106295bc67459633b4d6151c2e1b9949e501560b2e659fe541bda691c566bcf","lastState":{},"name":"polling-telegraf-s","ready":true,"restartCount":0,"state":{"running":{"startedAt":"2019-10-30T15:49:58Z"}}}],"hostIP":"192.168.179.5","phase":"Running","podIP":"192.168.159.179","qosClass":"Burstable","startTime":"2019-10-30T15:49:57Z"}}
      kubernetes.io/psp: eks.privileged
    creationTimestamp: "2019-10-30T15:49:57Z"
    generateName: polling-telegraf-s-79f44d578f-
    labels:
      app: polling-telegraf-s
      pod-template-hash: 79f44d578f
    name: polling-telegraf-s-79f44d578f-khdjf
    namespace: tick
    ownerReferences:
    - apiVersion: apps/v1
      blockOwnerDeletion: true
      controller: true
      kind: ReplicaSet
      name: polling-telegraf-s-79f44d578f
      uid: ec1e6988-fb2c-11e9-bdf2-02b7fbdf557a
    resourceVersion: "409255"
    selfLink: /api/v1/namespaces/tick/pods/polling-telegraf-s-79f44d578f-khdjf
    uid: ec1fa8a5-fb2c-11e9-bdf2-02b7fbdf557a
  spec:
    containers:
    - image: telegraf:1.10.3-alpine
      imagePullPolicy: IfNotPresent
      name: polling-telegraf-s
      resources:
        limits:
          cpu: "1"
          memory: 2Gi
        requests:
          cpu: 100m
          memory: 256Mi
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
      - mountPath: /etc/telegraf
        name: config
      - mountPath: /var/run/utmp
        name: varrunutmpro
        readOnly: true
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: default-token-htxsr
        readOnly: true
    dnsPolicy: ClusterFirst
    enableServiceLinks: true
    nodeName: ip-192-168-179-5.eu-west-2.compute.internal
    priority: 0
    restartPolicy: Always
    schedulerName: default-scheduler
    securityContext: {}
    serviceAccount: default
    serviceAccountName: default
    terminationGracePeriodSeconds: 30
    tolerations:
    - effect: NoExecute
      key: node.kubernetes.io/not-ready
      operator: Exists
      tolerationSeconds: 300
    - effect: NoExecute
      key: node.kubernetes.io/unreachable
      operator: Exists
      tolerationSeconds: 300
    volumes:
    - hostPath:
        path: /var/run/utmp
        type: ""
      name: varrunutmpro
    - configMap:
        defaultMode: 420
        name: polling-telegraf-s
      name: config
    - name: default-token-htxsr
      secret:
        defaultMode: 420
        secretName: default-token-htxsr
  status:
    conditions:
    - lastProbeTime: null
      lastTransitionTime: "2019-10-30T15:49:57Z"
      status: "True"
      type: Initialized
    - lastProbeTime: null
      lastTransitionTime: "2019-10-30T15:49:58Z"
      status: "True"
      type: Ready
    - lastProbeTime: null
      lastTransitionTime: "2019-10-30T15:49:58Z"
      status: "True"
      type: ContainersReady
    - lastProbeTime: null
      lastTransitionTime: "2019-10-30T15:49:57Z"
      status: "True"
      type: PodScheduled
    containerStatuses:
    - containerID: docker://a66f40111474ea28d1b1b7adf6d9e0278adb6d6aefa23b345cc1559174018f27
      image: telegraf:1.10.3-alpine
      imageID: docker-pullable://telegraf@sha256:9106295bc67459633b4d6151c2e1b9949e501560b2e659fe541bda691c566bcf
      lastState: {}
      name: polling-telegraf-s
      ready: true
      restartCount: 0
      state:
        running:
          startedAt: "2019-10-30T15:49:58Z"
    hostIP: 192.168.179.5
    phase: Running
    podIP: 192.168.159.179
    qosClass: Burstable
    startTime: "2019-10-30T15:49:57Z"
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

我想将 readOnly 值从 true 更改为 false 。

Answer 1

您可以使用 kubectl edit pods <pod-name> 即时编辑 pod yaml。

您必须记住，在安排 pod 时，有些字段是不允许编辑的，这在您的错误消息中有所提及。

我认为您应该首先删除 pod 并应用新的 yaml 文件。

Answer 2

您可以使用命令kubectl edit [resource] [UID] 编辑 kubernetes 资源 yaml。例如，要更改 pod 的 yaml，您可以运行 kubectl edit $POD_UID

但是，这在您的情况下不起作用，因为您正在编辑 mount 并且需要重新启动 pod。从这个意义上说，最好的方法是你已经做过的。首先通过运行 kubectl get pod $POD_UID -o yaml 从 api 中提取 yaml，然后编辑其内容以再次部署它。但是，正如错误所描述的，您不允许编辑 yaml 的某些部分。所以你必须删除这些部分。

只保留日志已经指向的部分：spec.containers[*].image, spec.initContainers[*].image, spec.activeDeadlineSeconds or spec.tolerations

否则，您必须删除以下部分：

metadata:
  creationTimestamp: 2019-11-01T13:22:50Z
  generateName:
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name:
    uid: 947fb7b7-f1ab-11e9-adfb-42010a8001b2
  resourceVersion: "103002009"
  selfLink:
  uid: b3f96ba4-fcaa-11e9-adfb-42010a8001b2
spec:
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-ff27n
      readOnly: true
  nodeName:
  priority: 0
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: default-token-ff27n
    secret:
      defaultMode: 420
      secretName: default-token-ff27n
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: 2019-11-01T13:22:50Z
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: 2019-11-01T13:22:55Z
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: null
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: 2019-11-01T13:22:50Z
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID:
    image:
    imageID:
    lastState: {}
    name: proxy
    ready: true
    restartCount: 0
    state:
      running:
        startedAt: 2019-11-01T13:22:55Z
  hostIP:
  phase: Running
  podIP:
  qosClass: Burstable
  startTime: 2019-11-01T13:22:50Z