BrianH_IE
Cadet
Cadet
  • 144 Views

Execute command on one pod from another

Hi All,

Hypothetically, is it possible to execute a command on one container from another (in same namespace)?

I'm thinking the container should use the "exec" k8s API, like a POST to:

/api/v1/namespaces/$NAMESPACE/pods/$NAME/exec

But I wouldn't want to give the keys to the kingdom to any one pod, can I set up RBAC in such a way that I'd limit access to just the single target pod, and allow the initiating pod to have the token it requires to make that request?

 

Thanks,

Brian

 

 

Labels (2)
0 Kudos
1 Reply
tat
Flight Engineer Flight Engineer
Flight Engineer
  • 99 Views

Re: Execute command on one pod from another

Without having actually tried it myself:

create a rbac role for that api resource
see: https://docs.openshift.com/container-platform/4.8/authentication/using-rbac.html
create a service account
create a rolebinding
link that service account to the deployment/pod
access the api resource

let me know if this worked
best regards,
Alexander
0 Kudos
Reply
Loading...
Join the discussion
You must log in to join this conversation.