1

I use keycloak gatekeeper as a sidecar container for multiple pods on my cluster to enable SSO for those services.

But when I try to exec, view logs, etc; it asks what container I want to use instead of just going into it. Is there a way to define the default container that it will use for something like kubectl exec -it PODNAME when I don't pass the -c flag?

cclloyd
  • 583
  • 1
  • 13
  • 24

1 Answers1

3

What you are asking is currently working but it's very limited. According to kubectl exec documentation you can miss -c flag:

-c, --container="": Container name. If omitted, the first container in the pod will be chosen

but you have also specify some action/command like date, bash or sh.

Get output from running 'date' from pod 123456-7890, using the first container by default kubectl exec 123456-7890 date

I mention it's very limited, as this will use first container from list which was specified in YAML manifest. If you will use -c flag you can specify which one you want to execute.

spec:
  containers:
  - image: httpd
    name: httpd
  - image: busybox
    command:
      - sleep
      - "3600"
    imagePullPolicy: IfNotPresent
    name: busybox

Output

Without using any command:

$ kubectl exec -ti test-pod
error: you must specify at least one command for the container

With using command date, it will use first container from YAML/description of the pod.

$ kubectl exec -ti test-pod -- date
Defaulting container name to httpd.
Use 'kubectl describe pod/test-pod -n default' to see all of the containers in this pod.
Mon Jan  4 14:06:27 UTC 2021

Date command with specified pod

$ kubectl exec -ti test-pod -c busybox -- date
Mon Jan  4 14:06:36 UTC 2021

Kubectl exec annotation - default container

In one of the Github enhancements you can find information, that there is plan to introduce this feature in stable kubernetes version (1.23).

It would looks like:

kubectl annotate pod test-pod kubectl.kubernetes.io/default-exec-container=<conatinerName>

Kubectl logs annotation - default container

Similar feature but regarding logs not exec was introduced in kubectl 1.18. It was mentioned in Github thread. To achieve that you have to add new annotation kubectl.kubernetes.io/default-logs-container=<containerName>

Scenario my test-pod pod with busybox and httpd

$ kubectl logs test-pod
error: a container name must be specified for pod test-pod, choose one of: [busybox httpd]

$ kubectl annotate pod test-pod kubectl.kubernetes.io/default-logs-container=httpd
pod/test-pod annotated

$ kubectl logs test-pod
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.4.1.12. Set the 'ServerName' directive globally to suppress this message
[Mon Jan 04 14:05:08.191117 2021] [mpm_event:notice] [pid 1:tid 140379730310272] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Mon Jan 04 14:05:08.191428 2021] [core:notice] [pid 1:tid 140379730310272] AH00094: Command line: 'httpd -D FOREGROUND'

$ kubectl logs test-pod -c httpd
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.4.1.12. Set the 'ServerName' directive globally to suppress this message
[Mon Jan 04 14:05:08.191117 2021] [mpm_event:notice] [pid 1:tid 140379730310272] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Mon Jan 04 14:05:08.191428 2021] [core:notice] [pid 1:tid 140379730310272] AH00094: Command line: 'httpd -D FOREGROUND'
PjoterS
  • 615
  • 3
  • 11
  • Is it possible to configure stakater/ProxyInjector to append the pod instead of prepend then? – cclloyd Jan 05 '21 at 16:32
  • Not sure how this `stakater/ProxyInjector` works exactly, but if this software is able to add new container (add container to the pod on 1st place in the list) and automatically restart it (restart is required as cannot add new container in fly, pod must be restarted) it might work. – PjoterS Jan 12 '21 at 14:38