OpenShift Container Platform takes advantage of a feature built into Kubernetes to support executing commands in containers. This is implemented using HTTP along with a multiplexed streaming protocol such as SPDY or HTTP/2.
Developers can use the CLI to execute remote commands in containers.
The Kubelet handles remote execution requests from clients. Upon receiving a
request, it upgrades the response, evaluates the request headers to determine
what streams (stdin
, stdout
, and/or stderr
) to expect to receive, and waits
for the client to create the streams.
After the Kubelet has received all the streams, it executes the command in the container, copying between the streams and the command’s stdin, stdout, and stderr, as appropriate. When the command terminates, the Kubelet closes the upgraded connection, as well as the underlying one.
Architecturally, there are options for running a command in a container. The
supported implementation currently in OpenShift Container Platform invokes nsenter
directly
on the node host to enter the container’s namespaces prior to executing the
command. However, custom implementations could include using docker exec
, or
running a "helper" container that then runs nsenter
so that nsenter
is not a
required binary that must be installed on the host.