In this article, we will look at theĀ kubectl exec command to show how to get a shell into a running container in your Kubernetes (K8S) cluster and how to run individual commands on a container with some useful examples.
You can use kubectl exec to connect to a running container and also to execute single commands. Connecting to a container is useful to view logs, inspect processes, mount points, environment variables, and package versions, amongst other things.
kubectl exec will give you full shell access to the container, so modifying it and installing packages that are not part of the container image is possible but is not recommended unless for temporary troubleshooting purposes. If extra modifications or packages are required permanently for the container, the image should be modified, and the new version should be deployed to maintain immutability and reproducibility.
Let’s take a look at the syntax of the kubectl exec command with an example.
kubectl exec --stdin --tty aks-helloworld-one-56c7b8d79d-xqx5t -- /bin/bashaks-helloworld-one-56c7b8d79d-xqx5tis the name of the Pod with your container.- The double dash (
--) separates the arguments you want to pass to the command from theĀkubectlarguments. /bin/bashĀ is the type of shell you want (it could also beĀ/bin/shĀ for example).- The
--stdinoption passes the stdin (or standard input) to the container. UseĀ-iĀ for short. - TheĀ
--ttyĀ Stdin is a TTY. UseĀ-tĀ for short. - You can also specify theĀ
--quietĀ orĀ-qĀ option to disable all output fromĀkubectlitself. Youāll only see output produced by the process running in the container. - You can also specify the length of time to wait until at least one pod is running, the default being 1m usingĀ
-pod-runnning-timeout. This is specified as the length of time (like 5s, 2m, or 3h, higher than zero), e.g.Ā--pod-running-timeout=2mĀ .
To get a shell to your container, first, find its name.
And to have all the commands in one place check out our Kubernetes Cheat Sheet with 15 Kubectl Commands & Objects.
kubectl get pods
Note that in order to get a shell, your container image has to have that shell available.
I have one running on my Azure Kubernetes Service (AKS) cluster calledĀ aks-helloworld-one-56c7b8d79d-lkz6s,Ā which we will use for these examples. This uses theĀ Hello world image,Ā which is a simple Node.js web application used in Azure Container Instances for the examples on docs.microsoft.com.
Check out how to Provision Azure AKS Cluster Using Terraform.
This container is controlled by a deployment calledĀ aks-helloworld-one.
kubectl get deployments
MyĀ aks-helloworld-one.yamlĀ deployment file looks like this:
apiVersion: apps/v1
kind: Deployment
metadata:
name: aks-helloworld-one
spec:
replicas: 1
selector:
matchLabels:
app: aks-helloworld-one
template:
metadata:
labels:
app: aks-helloworld-one
spec:
containers:
- name: aks-helloworld-one
image: mcr.microsoft.com/azuredocs/aks-helloworld:v1
ports:
- containerPort: 80
env:
- name: TITLE
value: "Welcome to Azure Kubernetes Service (AKS)"
---
apiVersion: v1
kind: Service
metadata:
name: aks-helloworld-one
spec:
type: ClusterIP
ports:
- port: 80
selector:
app: aks-helloworld-oneIf you are following along, you can create the file above and use the command below to deploy the container on your cluster:
kubectl create deployment aks-helloworld-one.yamlTo get a bash shell into the running container:
kubectl exec --stdin --tty aks-helloworld-one-56c7b8d79d-xqx5t -- /bin/bashOnce inside the container, you can run commands directly, e.g.Ā lsĀ to list the contents of the directory.
OrĀ ps auxĀ to view the running processes:
Once you are finished in the container, typeĀ exitĀ to return to your console shell.
š” You might also like:
You can also run single commands directly usingĀ kubectl exec. Some useful examples are shown below:
- Get the time and date
kubectl exec <pod name> -- date
- List the running environment variables
kubectl exec <pod name> -- env
- Update packages
kubectl exec <pod name> -- apt-get update
- View the mount points
kubectl exec shell-demo -- cat /proc/1/mountsIf a Pod has more than one container, useĀ --containerĀ orĀ -cĀ to specify a container in theĀ kubectl execĀ command.
kubectl exec -i -t <pod name> --container <container name> -- /bin/bashYou can connect to a running container usingĀ kubectl exec and also use it to execute single commands. Connecting to a container is useful to view logs, inspect processes, mount points, environment variables, and package versions, amongst other things.
Also, check out how Spacelift helps you manage the complexities and compliance challenges of using Kubernetes. Anything that can be run via kubectl can be run within a Spacelift stack. Find out more about how Spacelift works with Kubernetes, and get started on your journey by creating a free trial account.
Cheers!
The most Flexible CI/CD Automation Tool
Spacelift is an alternative to using homegrown solutions on top of a generic CI. It helps overcome common state management issues and adds several must-have capabilities s for infrastructure management.
Frequently asked questions
What is the difference between kubectl run and kubectl exec?
kubectl runcreates and starts a new pod or container in the cluster, whilekubectl execruns a command inside an already running pod.What is the difference between kubectl debug and kubectl exec?
kubectl execruns commands inside an existing container, whilekubectl debugcreates an ephemeral container or modified pod to troubleshoot without altering the original workload.How to disable kubectl exec?
You can disable
kubectl execby restricting the associated RBAC permissions in Kubernetes. Specifically, thepods/execsubresource must be denied in the roles or cluster roles assigned to users or service accounts.
