k8s node shell POD

记录一个 K8S 上用的比较多的 node shell POD ，可以获得完全的宿主机权限。

apiVersion: v1
kind: Pod
metadata:
  name: node-shell
  namespace: kube-system
spec:
  containers:
    - name: shell
      image: alpine:3
      command:
        - nsenter
      args: ["-t", "1", "-m", "-u", "-i", "-n", sleep, "14000"]
      resources: {}
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      imagePullPolicy: IfNotPresent
      securityContext:
        privileged: true
  restartPolicy: Never
  terminationGracePeriodSeconds: 0
  nodeName: node09
  hostNetwork: true
  hostPID: true
  hostIPC: true
  securityContext: {}
  schedulerName: default-scheduler
  tolerations:
    - operator: Exists
  priorityClassName: system-node-critical
  priority: 2000001000
  enableServiceLinks: true
  preemptionPolicy: PreemptLowerPriority