cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
BrianH_IE
Cadet
Cadet
‎07-21-2021 05:33 PM
  • 2,584 Views

Execute command on one pod from another

Hi All,

Hypothetically, is it possible to execute a command on one container from another (in same namespace)?

I'm thinking the container should use the "exec" k8s API, like a POST to:

/api/v1/namespaces/$NAMESPACE/pods/$NAME/exec

But I wouldn't want to give the keys to the kingdom to any one pod, can I set up RBAC in such a way that I'd limit access to just the single target pod, and allow the initiating pod to have the token it requires to make that request?

 

Thanks,

Brian

 

 

Labels (2)
Labels
0 Kudos
Join the discussion
1 Reply
tat
Flight Engineer Flight Engineer
Flight Engineer
‎07-28-2021 10:30 PM
  • 2,539 Views

Without having actually tried it myself:

create a rbac role for that api resource
see: https://docs.openshift.com/container-platform/4.8/authentication/using-rbac.html
create a service account
create a rolebinding
link that service account to the deployment/pod
access the api resource

let me know if this worked
best regards,
Alexander
0 Kudos
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2024 Red Hat, Inc. Privacy policy Terms of use