Installing kubectl in a Kubernetes Pod

Without creating custom images

Allan Lei
Allan Lei
Jan 28, 2018 · 1 min read

tl;dr Use empty volume, initContainers, and subPath to copy and mount kubectl.

The Why

I needed access to the kubernetes API from within a pod so that the pod can self label itself.

For example, I am currently working with redis and redis-sentinel. When sentinel triggers a reconfigure script, I want the pod to re-label itself to role=masteror role=slave. I didn’t want to create a custom redis image that includes kubectl as it would be another component to maintain.

Also, what if I needed to work with other images requiring kubectl? Seemed like alot of maintenance going the custom image route.

The How

First, create an empty volume to hold the kubectl binary.

- name: kubectl
emptyDir: {}

Next, using initContainers, copy out the kubectlbinary from a docker image into the volume. In this case, allanlei/kubectlis an image containing a static binary from kubernetes.

- name: install-kubectl
image: allanlei/kubectl
- name: kubectl
mountPath: /data
command: ["cp", "/usr/local/bin/kubectl", "/data/kubectl"]

Finally, mount the kubectl volume into the container using subPath. If you don’t use subPath, then the entire mount path will get overriden or gets mounted as a directory, which is not the goal. subPath allows us to specify certain paths in the volume to be mounted.

- name: kubectl
subPath: kubectl
mountPath: /usr/local/bin/kubectl

You’re ready to go! The container is now able to run kubectl which is automatically setup via Service Accounts.

Full Example:

Allan Lei

Written by

Allan Lei

The Adventures of Me

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade