进入pod网络命名空间
- 查看容器的ID
[root@hci-121 ~]# crictl ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD
40a708cc15826 e40e2763392d8 16 minutes ago Running container-0 0 5ae27387174be uiuiui-7c7f67d47c-k86tr
13b4b69ebe3d2 49d6c8a15d6c7 17 minutes ago Running core 0 6395e737552c4 harbor-core-54dd845457-4jqst
5fc2bb5ae6a7b 6fd77d7e5eb73 18 minutes ago Running container-0 0 c78a35ee9923d stateful-0
- 查询PID
crictl inspect --output go-template --template '{{.info.pid}}' 40a708cc15826
[root@hci-121 ~]# crictl inspect --output go-template --template '{{.info.pid}}' 40a708cc15826
3174433
- 进入进程的网络命名空间
nsenter -n -t 3174433
- shell脚本
#!/usr/bin/env bash
function e_net() {
set -eu
pod=`kubectl get pod ${pod_name} -n ${namespace} -o template --template='{{range .status.containerStatuses}}{{.containerID}}{{end}}' | sed 's/containerd:\/\/\(.*\)$/\1/'`
pid=`crictl inspect --output go-template --template '{{.info.pid}}' $pod`
echo -e "\033[32m Entering pod netns for ${namespace}/${pod_name} \033[0m\n"
cmd="nsenter -n -t ${pid}"
echo -e "\033[32m Execute the command: ${cmd} \033[0m"
${cmd}
}
# 运行函数
pod_name=$1
namespace=${2-"default"}
e_net