Rancher2.5.7 exec sidecat container异常退出

Rancher 2.x RKE2
1

版本: rancher2.5.7

在rancher UI 中不能exec shell 进入sidecar container 只能进入主container
进入主container后 切换到其他container窗口就会退出
请问有什么办法能有解决吗?

2

show me your yaml.

3

yaml 如下

apiVersion: v1
kind: Pod
metadata:
  labels:
    k8s-app: xxx-service
  name: xxx-service
  namespace: online
spec:
  affinity:
    nodeAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - preference:
          matchExpressions:
          - key: ServerType
            operator: In
            values:
            - cpu
        weight: 1
  containers:
  - image: xxx-service:master
    imagePullPolicy: IfNotPresent
    livenessProbe:
      httpGet:
        path: /actuator/health
        port: 10099
        scheme: HTTP
    name: xxx-service
    readinessProbe:
      httpGet:
        path: /actuator/health
        port: 10099
        scheme: HTTP
    resources:
      limits:
        cpu: "4"
        memory: 4Gi
        tke.cloud.tencent.com/eni-ip: "1"
      requests:
        cpu: 500m
        memory: 2Gi
        tke.cloud.tencent.com/eni-ip: "1"
    securityContext:
      runAsGroup: 1000
      runAsUser: 1000
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
  - env:
    - name: ETCD_LOCKKEY_PREFIX
      value: /snowflake/api
    envFrom:
    - configMapRef:
        name: nacos-conf
    image: grpc:v2.0.4
    imagePullPolicy: Always
    name: snowflake
    resources: {}
    securityContext:
      privileged: false
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-9b5dz
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  imagePullSecrets:
  - name: dockerimg
  nodeName: 10.0.64.13
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  readinessGates:
  - conditionType: cloud.tencent.com/load-balancer-backendgroup-ready
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - emptyDir: {}
    name: log
  - name: nfs-data
    persistentVolumeClaim:
      claimName: pvc-cfsturbo
  - name: default-token-9b5dz
    secret:
      defaultMode: 420
      secretName: default-token-9b5dz
4

你直接通过 kubectl exec 能进入到sidecar container 么?

5

通过kubectl exec 是可以的,起初我怀疑是LB代理的问题,我去掉了代理发现还是不能切换container。
两个container都是可以exec的

image
image1078×288 8.68 KB