Kubernetes how does Kubectl exec works and how to troubleshoot it

5/3/2018

Can anyone share how kubectl exec works,like a technical overview. also what are the ways to troubleshoot it.

For example I have the following issue :when trying to connect to a pod :

kubectl.exe : I0502 04:25:18.562064 7288 loader.go:357] Config loaded from file C:\Users\u615648/.kube/config At line:1 char:1 + .\kubectl.exe exec dataarchives-service-264802370-mjwcl date -n fdm- ... + ~ + CategoryInfo : NotSpecified: (I0502 04:25:18....48/.kube/config:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError

I0502 04:25:18.636776 7288 round_trippers.go:414] GET https://fdmmgmt.uksouth.cloudapp.azure.com/api/v1/namespaces/fdm-development/pods/dataarchives-service-264802370-mjwcl I0502 04:25:18.636776 7288 round_trippers.go:421] Request Headers: I0502 04:25:18.636776 7288 round_trippers.go:424] Accept: application/json, / I0502 04:25:18.636776 7288 round_trippers.go:424] User-Agent: kubectl.exe/v1.9.3 (windows/amd64) kubernetes/d283541 I0502 04:25:18.716758 7288 round_trippers.go:439] Response Status: 200 OK in 79 milliseconds I0502 04:25:18.716758 7288 round_trippers.go:442] Response Headers: I0502 04:25:18.716758 7288 round_trippers.go:445] Content-Type: application/json I0502 04:25:18.716758 7288 round_trippers.go:445] Content-Length: 3167 I0502 04:25:18.716758 7288 round_trippers.go:445] Date: Wed, 02 May 2018 04:25:18 GMT I0502 04:25:18.717872 7288 request.go:873] Response Body: {"kind":"Pod","apiVersion":"v1","metadata":{"name":"dataarchives-service-264802370-mjwcl","generateName":"da taarchives-service-264802370-","namespace":"fdm-development","selfLink":"/api/v1/namespaces/fdm-development/pods/dataarchives-service-264802370-mjwcl","uid":"eeb7d14f-49 5e-11e8-9d96-002248014205","resourceVersion":"15681866","creationTimestamp":"2018-04-26T14:34:31Z","labels":{"app":"dataarchives","pod-template-hash":"264802370"},"annot ations":{"kubernetes.io/created-by":"{\"kind\":\"SerializedReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"ReplicaSet\",\"namespace\":\"fdm-development\",\"n ame\":\"dataarchives-service-264802370\",\"uid\":\"eeaf949c-495e-11e8-9d96-002248014205\",\"apiVersion\":\"extensions\",\"resourceVersion\":\"15075652\"}}\n"},"ownerRefe rences":[{"apiVersion":"extensions/v1beta1","kind":"ReplicaSet","name":"dataarchives-service-264802370","uid":"eeaf949c-495e-11e8-9d96-002248014205","controller":true,"b lockOwnerDeletion":true}]},"spec":{"volumes":[{"name":"uploadsfileshare [truncated 2143 chars] I0502 04:25:18.908749 7288 round_trippers.go:414] POST https://fdmmgmt.uksouth.cloudapp.azure.com/api/v1/namespaces/fdm-development/pods/dataarchives-service-26480237 0-mjwcl/exec?command=date&command=cmd&container=dataarchives&container=dataarchives&stderr=true&stdout=true I0502 04:25:18.908749 7288 round_trippers.go:421] Request Headers: I0502 04:25:18.908749 7288 round_trippers.go:424]
X-Stream-Protocol-Version: v4.channel.k8s.io I0502 04:25:18.908749
7288 round_trippers.go:424] X-Stream-Protocol-Version: v3.channel.k8s.io I0502 04:25:18.908749 7288 round_trippers.go:424] X-Stream-Protocol-Version: v2.channel.k8s.io I0502 04:25:18.908749
7288 round_trippers.go:424] X-Stream-Protocol-Version: channel.k8s.io I0502 04:25:18.908749 7288 round_trippers.go:424]
User-Agent: kubectl.exe/v1.9.3 (windows/amd64) kubernetes/d283541 I0502 04:25:19.086745 7288 round_trippers.go:439] Response Status: 401 Unauthorized in 177 milliseconds I0502 04:25:19.086745 7288 round_trippers.go:442] Response Headers: I0502 04:25:19.086745 7288 round_trippers.go:445] Date: Wed, 02 May 2018 04:25:19 GMT I0502 04:25:19.086745 7288 round_trippers.go:445] Content-Length: 12 I0502 04:25:19.086745 7288 round_trippers.go:445] Content-Type: text/plain; charset=utf-8 F0502 04:25:19.086745 7288 helpers.go:119] error: unable to upgrade connection: Unauthorized

Help appreciated.

-- kobi
kubernetes

1 Answer

9/18/2018

Internally, the kubectl command interacts with the Kubernetes API server via HTTP / SPDY. The API server of Kubernetes is a regular REST API. Kubernetes is using SPDY for now but the maintainers plan to switch to HTTP/2 as soon as docker allows them to do so: https://github.com/kubernetes/kubernetes/issues/7452

You can actually take a look here to see how the kubectl command calls the kubernetes go-client to interact with the REST API: https://github.com/kubernetes/kubernetes/blob/e6272b887b81a62e6f06b7fac4b3b61d1c8bf657/pkg/kubectl/cmd/exec/exec.go#L310

Regarding your concrete stack trace: "error: unable to upgrade connection: Unauthorized" looks like you are not authorized. Are you able to run other commands with kubectl such as "kubectl get po --all-namespaces"?

-- LukasGentele
Source: StackOverflow