問題
k8s集羣prometheus監控中安裝的grafana,想開啓匿名登錄,但是進入pod後修改配置時無法切換root
nobody@grafana-5f7fcb9cd-z2bl8:/$ su -
su: must be run from a terminal
解決辦法:
參考鏈接:https://stackoverflow.com/questions/42793382/exec-commands-on-kubernetes-pods-with-root-access
1、kubectl describe pod 找到容器ID
[root@master1 ~]# km describe pod grafana-5f7fcb9cd-z2bl8
Name: grafana-5f7fcb9cd-z2bl8
Namespace: monitoring
Node: node9/10.180.3.211
Start Time: Fri, 23 Aug 2019 13:07:23 +0800
Labels: app=grafana
pod-template-hash=193976578
Annotations: <none>
Status: Running
IP: 172.31.4.174
Controlled By: ReplicaSet/grafana-5f7fcb9cd
Containers:
grafana:
Container ID: docker://7d525fc61305ef07f188acc501cdae627176f35ba155cc2248a9330c179cf040
Image: grafana/grafana:5.2.4
Image ID: docker-pullable://grafana/grafana@sha256:aaf50da5faf2596bfb0caed81f08b5569110e7b5468b291fedad25d8cbc51f2b
Port: 3000/TCP
State: Running
Started: Fri, 23 Aug 2019 13:07:35 +0800
Ready: True
2、SSH到pod所在的機器,如上爲node9
3、在pod所在的機器上執行如下
查看是否有這個容器
[root@node9 ~]# docker ps -a|grep 7d525f
7d525fc61305 grafana/grafana@sha256:aaf50da5faf2596bfb0caed81f08b5569110e7b5468b291fedad25d8cbc51f2b "/run.sh" 7 weeks ago Up 7 weeks k8s_grafana_grafana-5f7fcb9cd-z2bl8_monitoring_525895a8-c561-11e9-b710-20040ff219f4_0
進入這個容器
[root@node9 ~]# docker exec -u root -it 7d525fc61305 /bin/bash
root@grafana-5f7fcb9cd-z2bl8:/#
後續
1、進入容器後發現沒有vim,安裝vim時報錯
root@grafana-5f7fcb9cd-z2bl8:/# apt-get install vim
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package vim
參考鏈接:https://blog.csdn.net/lafengwnagzi/article/details/77984616
解決辦法是apt-get update
,這個命令的作用是:同步 /etc/apt/sources.list 和 /etc/apt/sources.list.d 中列出的源的索引,這樣才能獲取到最新的軟件包。
2、開啓匿名登錄
參考鏈接: https://blog.csdn.net/qq_22227087/article/details/86993324#commentBox
1) 隱藏登錄頁面
[auth]
# Set to true to disable (hide) the login form, useful if you use OAuth
#disable_login_form = false
disable_login_form = true
2) 啓用匿名訪問
[auth.anonymous]
# enable anonymous access
;enabled = false
enabled = true
3)指定組織
先登錄grafana-Configuration-preferences,修改組織名
然後
[auth.anonymous]
# specify organization name that should be used for unauthenticated users
;org_name = Main Org.
org_name = ops
4) 重新啓動grafana(不會導致pod重啓)
[root@node9 ~]# docker restart 7d525fc61305
7d525fc61305
完成以上步驟,此時你打開grafana頁面,會直接進入dashboard,權限是viewer,不能對grafana進行更改。