K
Q

Kubernetes how does Kubectl exec works and how to troubleshoot it

5/3/2018

Can anyone share how kubectl exec works,like a technical overview. also what are the ways to troubleshoot it.

For example I have the following issue :when trying to connect to a pod :

kubectl.exe : I0502 04:25:18.562064 7288 loader.go:357] Config loaded from file C:\Users\u615648/.kube/config At line:1 char:1 + .\kubectl.exe exec dataarchives-service-264802370-mjwcl date -n fdm- ... + ~ + CategoryInfo : NotSpecified: (I0502 04:25:18....48/.kube/config:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError

I0502 04:25:18.636776 7288 round_trippers.go:414] GET https://fdmmgmt.uksouth.cloudapp.azure.com/api/v1/namespaces/fdm-development/pods/dataarchives-service-264802370-mjwcl I0502 04:25:18.636776 7288 round_trippers.go:421] Request Headers: I0502 04:25:18.636776 7288 round_trippers.go:424] Accept: application/json, / I0502 04:25:18.636776 7288 round_trippers.go:424] User-Agent: kubectl.exe/v1.9.3 (windows/amd64) kubernetes/d283541 I0502 04:25:18.716758 7288 round_trippers.go:439] Response Status: 200 OK in 79 milliseconds I0502 04:25:18.716758 7288 round_trippers.go:442] Response Headers: I0502 04:25:18.716758 7288 round_trippers.go:445] Content-Type: application/json I0502 04:25:18.716758 7288 round_trippers.go:445] Content-Length: 3167 I0502 04:25:18.716758 7288 round_trippers.go:445] Date: Wed, 02 May 2018 04:25:18 GMT I0502 04:25:18.717872 7288 request.go:873] Response Body: {"kind":"Pod","apiVersion":"v1","metadata":{"name":"dataarchives-service-264802370-mjwcl","generateName":"da taarchives-service-264802370-","namespace":"fdm-development","selfLink":"/api/v1/namespaces/fdm-development/pods/dataarchives-service-264802370-mjwcl","uid":"eeb7d14f-49 5e-11e8-9d96-002248014205","resourceVersion":"15681866","creationTimestamp":"2018-04-26T14:34:31Z","labels":{"app":"dataarchives","pod-template-hash":"264802370"},"annot ations":{"kubernetes.io/created-by":"{\"kind\":\"SerializedReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"ReplicaSet\",\"namespace\":\"fdm-development\",\"n ame\":\"dataarchives-service-264802370\",\"uid\":\"eeaf949c-495e-11e8-9d96-002248014205\",\"apiVersion\":\"extensions\",\"resourceVersion\":\"15075652\"}}\n"},"ownerRefe rences":[{"apiVersion":"extensions/v1beta1","kind":"ReplicaSet","name":"dataarchives-service-264802370","uid":"eeaf949c-495e-11e8-9d96-002248014205","controller":true,"b lockOwnerDeletion":true}]},"spec":{"volumes":[{"name":"uploadsfileshare [truncated 2143 chars] I0502 04:25:18.908749 7288 round_trippers.go:414] POST https://fdmmgmt.uksouth.cloudapp.azure.com/api/v1/namespaces/fdm-development/pods/dataarchives-service-26480237 0-mjwcl/exec?command=date&command=cmd&container=dataarchives&container=dataarchives&stderr=true&stdout=true I0502 04:25:18.908749 7288 round_trippers.go:421] Request Headers: I0502 04:25:18.908749 7288 round_trippers.go:424]
X-Stream-Protocol-Version: v4.channel.k8s.io I0502 04:25:18.908749
7288 round_trippers.go:424] X-Stream-Protocol-Version: v3.channel.k8s.io I0502 04:25:18.908749 7288 round_trippers.go:424] X-Stream-Protocol-Version: v2.channel.k8s.io I0502 04:25:18.908749
7288 round_trippers.go:424] X-Stream-Protocol-Version: channel.k8s.io I0502 04:25:18.908749 7288 round_trippers.go:424]
User-Agent: kubectl.exe/v1.9.3 (windows/amd64) kubernetes/d283541 I0502 04:25:19.086745 7288 round_trippers.go:439] Response Status: 401 Unauthorized in 177 milliseconds I0502 04:25:19.086745 7288 round_trippers.go:442] Response Headers: I0502 04:25:19.086745 7288 round_trippers.go:445] Date: Wed, 02 May 2018 04:25:19 GMT I0502 04:25:19.086745 7288 round_trippers.go:445] Content-Length: 12 I0502 04:25:19.086745 7288 round_trippers.go:445] Content-Type: text/plain; charset=utf-8 F0502 04:25:19.086745 7288 helpers.go:119] error: unable to upgrade connection: Unauthorized

Help appreciated.

-- kobi
kubernetes

Similar Questions

what is the proper proxy settings for docker and kubernetes
How to share rate limiting state between traefik instances?
Deploying Django Application with PostgreSQL to Kubernetes Google Cloud cluster
Can I specify requirements.txt as EXTRA_PIP_PACKAGES in dask/helm-chart
Round Robin Load Balancing isn't working in AWS EKS Classic or Application Load Balancer
OpenCensusAgent trace provider (W3C Trace Standard) is not working in Istio
kubectl minikube renew certificate
Custom password for kubernetes dashboard when using eks
Is there any Penetration Testing or Security Audit guidelines (Such as OWASP) for Kubernetes?
Kubernetes init container issue with environment variables
How can I check whether K8s volume was mounted correctly?
Is it possible to create a zone only node pool in a regional cluster in GKE?

1 Answer

9/18/2018

Internally, the kubectl command interacts with the Kubernetes API server via HTTP / SPDY. The API server of Kubernetes is a regular REST API. Kubernetes is using SPDY for now but the maintainers plan to switch to HTTP/2 as soon as docker allows them to do so: https://github.com/kubernetes/kubernetes/issues/7452

You can actually take a look here to see how the kubectl command calls the kubernetes go-client to interact with the REST API: https://github.com/kubernetes/kubernetes/blob/e6272b887b81a62e6f06b7fac4b3b61d1c8bf657/pkg/kubectl/cmd/exec/exec.go#L310

Regarding your concrete stack trace: "error: unable to upgrade connection: Unauthorized" looks like you are not authorized. Are you able to run other commands with kubectl such as "kubectl get po --all-namespaces"?

-- LukasGentele
Source: StackOverflow