K
Q

Kubernetes Privileged Containers and Capabilities

8/7/2017

I have a container with some SYS_ADMIN capabilities, and I'm having trouble killing the pod, and am wondering what is the best way to deal with these reluctant containers?

- image: headless-chrome
  securityContext:
   capabilities:
     add:
     - SYS_ADMIN
-- Colton Morris
docker
google-chrome
kubernetes

Similar Questions

How to diagnose service after image deployment on kubernetes
In helm Can I change the chart name of a chart that is already up
Why do my Cassandra hints files keep getting corrupted
Kubernetes Cluster on AWS with Kops - NodePort Service Unavailable

1 Answer

8/8/2017

Sometimes a pod will zombify, even without privileged status. In order to kill a zombified pod, first try the following: kubectl delete pod <<PODNAME>> --grace-period=0 --force ...where <<PODNAME>> is the name of the offending pod. I have to do that from time to time, even with v1.7.X.

If that doesn't work, then try to first kubectl drain the node, find the Docker container (docker ps), delete it (docker rm), restart the Docker service and the Kubelet service, then kubectl uncordon the node. I've only had to do that once, and not since v1.6.X.

-- Nathaniel Dean
Source: StackOverflow