vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/cce/umn/cce_bestpractice_00227.html
Dong, Qiu Jian e11d42fad0 CCE UMN update -20230818 version 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2023-12-08 10:20:34 +00:00

74 lines
8.8 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<a name="cce_bestpractice_00227"></a><a name="cce_bestpractice_00227"></a>
<h1 class="topictitle1">Modifying Kernel Parameters Using a Privileged Container</h1>
<div id="body8662426"><div class="section" id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_section136132011171713"><h4 class="sectiontitle">Prerequisites</h4><p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p44821585237">To access a Kubernetes cluster from a client, you can use the Kubernetes command line tool kubectl. </p>
</div>
<div class="section" id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_section195893610174"><h4 class="sectiontitle">Procedure</h4><ol id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_ol8890756191816"><li id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_li38911568185"><span>Create a DaemonSet in the background, select the Nginx image, enable the Privileged Container, configure the lifecycle, and add the <span class="parmname" id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_parmname42281654101420"><b>hostNetwork</b></span> field (value: <span class="parmvalue" id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_parmvalue993921719153"><b>true</b></span>).</span><p><ol type="a" id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_ol8206143982618"><li id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_li172064392266">Create a <strong id="cce_bestpractice_00227__b749811813615">daemonSet</strong> file.<p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p96145582611"><strong id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_b0319716270">vi daemonSet.yaml</strong></p>
<p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p14871934289">An example YAML file is provided as follows:</p>
<div class="notice" id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_note1414511022814"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p9146121092817">The <span class="parmname" id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_parmname988311433197"><b>spec.spec.containers.lifecycle</b></span> field indicates the command that will be run after the container is started.</p>
</div></div>
<pre class="screen" id="cce_bestpractice_00227__screen2840183444617">kind: DaemonSet
apiVersion: apps/v1
metadata:
name: daemonset-test
labels:
name: daemonset-test
spec:
selector:
matchLabels:
name: daemonset-test
template:
metadata:
labels:
name: daemonset-test
spec:
hostNetwork: true
containers:
- name: daemonset-test
image: nginx:alpine-perl
command:
- "/bin/sh"
args:
- "-c"
- while :; do time=$(date);done
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command:
- sysctl
- "-w"
- net.ipv4.tcp_tw_reuse=1
securityContext:
privileged: true
imagePullSecrets:
- name: default-secret</pre>
</li><li id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_li16654143132615">Create a DaemonSet.<p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p19378714202719"><a name="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_li16654143132615"></a><a name="en-us_topic_0226102201_en-us_topic_0179003019_li16654143132615"></a><strong id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_b449172122717">kubectl create f daemonSet.yaml</strong></p>
</li></ol>
</p></li><li id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_li1989115691812"><span>Check whether the DaemonSet is successfully created.</span><p><p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p330213205299"><strong id="cce_bestpractice_00227__b63374531347">kubectl get daemonset</strong> <em id="cce_bestpractice_00227__i333775323415">DaemonSet name</em></p>
<p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p8260371304">In this example, run the following command:</p>
<p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p262474111301"><strong id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_b77659461301">kubectl get daemonset</strong><strong id="cce_bestpractice_00227__b8120171084611"> daemonset-test</strong></p>
<p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p144280503115">Information similar to the following is displayed:</p>
<pre class="screen" id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_screen041418164230">NAME DESIRED CURRENT READY UP-T0-DATE AVAILABLE NODE SELECTOR AGE
daemonset-test 2 2 2 2 2 &lt;node&gt; 2h</pre>
</p></li><li id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_li1721483962911"><span>Query the container ID of DaemonSet on the node.</span><p><p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p12251648182918"><strong id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_b111781214152816">docker ps -a|grep</strong> <em id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_i1982214204285">DaemonSet name</em></p>
<p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p189121843183518">In this example, run the following command:</p>
<p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p76951258133513"><strong id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_b911611592355">docker ps -a|grep</strong><strong id="cce_bestpractice_00227__b019242954620"> daemonset-test</strong></p>
<p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p188115139361">Information similar to the following is displayed:</p>
<pre class="screen" id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_screen103471223397"><strong id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_b13543202713918">897b99faa9ce</strong> 3e094d5696c1 "/bin/sh -c while..." 31 minutes ago Up 30 minutes ault_fa7cc313-4ac1-11e9-a716-fa163e0aalba_0</pre>
</p></li><li id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_li19804143193010"><span>Access the container.</span><p><p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p182991085304"><strong id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_b276893373511">docker exec -it </strong><em id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_i14770103393513">containerid </em><strong id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_b9769113311351">/bin/sh</strong></p>
<p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p15306932143920">In this example, run the following command:</p>
<p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p198991238153914"><strong id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_b18533853133912">docker exec -it </strong><em id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_i65351253173916">897b99faa9ce</em><em id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_i3535105383911"> </em><strong id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_b14105174703917">/bin/sh</strong></p>
</p></li><li id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_li515613122228"><span>Check whether the configured command is executed after the container is started.</span><p><p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p12382171293513"><strong id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_b1270341517351">sysctl -a |grep net.ipv4.tcp_tw_reuse</strong></p>
<p id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_p5351202754015">If the following information is displayed, the system parameters are modified successfully:</p>
<pre class="screen" id="cce_bestpractice_00227__en-us_topic_0226102201_en-us_topic_0179003019_screen4589125014013">net.ipv4.tcp_tw_reuse=1</pre>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_bestpractice_0051.html">Container</a></div>
</div>
</div>
View Git Blame Copy Permalink