Copy concepts/workloads/pods/ephemeral-containers/ from en/ directory.

2020-09-17 11:16:33 +09:00 · 2020-09-17 11:16:33 +09:00 · 475f1172d1
parent e4841d372e
commit 475f1172d1
1 changed files with 195 additions and 0 deletions
--- a/content/ja/docs/concepts/workloads/pods/ephemeral-containers.md
+++ b/content/ja/docs/concepts/workloads/pods/ephemeral-containers.md
@ -0,0 +1,195 @@
+---
+reviewers:
+- verb
+- yujuhong
+title: Ephemeral Containers
+content_type: concept
+weight: 80
+---
+
+<!-- overview -->
+
+{{< feature-state state="alpha" for_k8s_version="v1.16" >}}
+
+This page provides an overview of ephemeral containers: a special type of container
+that runs temporarily in an existing {{< glossary_tooltip term_id="pod" >}} to
+accomplish user-initiated actions such as troubleshooting. You use ephemeral
+containers to inspect services rather than to build applications.
+
+{{< warning >}}
+Ephemeral containers are in early alpha state and are not suitable for production
+clusters. In accordance with the [Kubernetes Deprecation Policy](
+/docs/reference/using-api/deprecation-policy/), this alpha feature could change
+significantly in the future or be removed entirely.
+{{< /warning >}}
+
+
+
+<!-- body -->
+
+## Understanding ephemeral containers
+
+{{< glossary_tooltip text="Pods" term_id="pod" >}} are the fundamental building
+block of Kubernetes applications. Since Pods are intended to be disposable and
+replaceable, you cannot add a container to a Pod once it has been created.
+Instead, you usually delete and replace Pods in a controlled fashion using
+{{< glossary_tooltip text="deployments" term_id="deployment" >}}.
+
+Sometimes it's necessary to inspect the state of an existing Pod, however, for
+example to troubleshoot a hard-to-reproduce bug. In these cases you can run
+an ephemeral container in an existing Pod to inspect its state and run
+arbitrary commands.
+
+### What is an ephemeral container?
+
+Ephemeral containers differ from other containers in that they lack guarantees
+for resources or execution, and they will never be automatically restarted, so
+they are not appropriate for building applications.  Ephemeral containers are
+described using the same `ContainerSpec` as regular containers, but many fields
+are incompatible and disallowed for ephemeral containers.
+
+- Ephemeral containers may not have ports, so fields such as `ports`,
+  `livenessProbe`, `readinessProbe` are disallowed.
+- Pod resource allocations are immutable, so setting `resources` is disallowed.
+- For a complete list of allowed fields, see the [EphemeralContainer reference
+  documentation](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#ephemeralcontainer-v1-core).
+
+Ephemeral containers are created using a special `ephemeralcontainers` handler
+in the API rather than by adding them directly to `pod.spec`, so it's not
+possible to add an ephemeral container using `kubectl edit`.
+
+Like regular containers, you may not change or remove an ephemeral container
+after you have added it to a Pod.
+
+## Uses for ephemeral containers
+
+Ephemeral containers are useful for interactive troubleshooting when `kubectl
+exec` is insufficient because a container has crashed or a container image
+doesn't include debugging utilities.
+
+In particular, [distroless images](https://github.com/GoogleContainerTools/distroless)
+enable you to deploy minimal container images that reduce attack surface
+and exposure to bugs and vulnerabilities. Since distroless images do not include a
+shell or any debugging utilities, it's difficult to troubleshoot distroless
+images using `kubectl exec` alone.
+
+When using ephemeral containers, it's helpful to enable [process namespace
+sharing](/docs/tasks/configure-pod-container/share-process-namespace/) so
+you can view processes in other containers.
+
+See [Debugging with Ephemeral Debug Container](
+/docs/tasks/debug-application-cluster/debug-running-pod/#debugging-with-ephemeral-debug-container)
+for examples of troubleshooting using ephemeral containers.
+
+## Ephemeral containers API
+
+{{< note >}}
+The examples in this section require the `EphemeralContainers` [feature
+gate](/docs/reference/command-line-tools-reference/feature-gates/) to be
+enabled, and Kubernetes client and server version v1.16 or later.
+{{< /note >}}
+
+The examples in this section demonstrate how ephemeral containers appear in
+the API. You would normally use `kubectl alpha debug` or another `kubectl`
+[plugin](/docs/tasks/extend-kubectl/kubectl-plugins/) to automate these steps
+rather than invoking the API directly.
+
+Ephemeral containers are created using the `ephemeralcontainers` subresource
+of Pod, which can be demonstrated using `kubectl --raw`. First describe
+the ephemeral container to add as an `EphemeralContainers` list:
+
+```json
+{
+    "apiVersion": "v1",
+    "kind": "EphemeralContainers",
+    "metadata": {
+            "name": "example-pod"
+    },
+    "ephemeralContainers": [{
+        "command": [
+            "sh"
+        ],
+        "image": "busybox",
+        "imagePullPolicy": "IfNotPresent",
+        "name": "debugger",
+        "stdin": true,
+        "tty": true,
+        "terminationMessagePolicy": "File"
+    }]
+}
+```
+
+To update the ephemeral containers of the already running `example-pod`:
+
+```shell
+kubectl replace --raw /api/v1/namespaces/default/pods/example-pod/ephemeralcontainers  -f ec.json
+```
+
+This will return the new list of ephemeral containers:
+
+```json
+{
+   "kind":"EphemeralContainers",
+   "apiVersion":"v1",
+   "metadata":{
+      "name":"example-pod",
+      "namespace":"default",
+      "selfLink":"/api/v1/namespaces/default/pods/example-pod/ephemeralcontainers",
+      "uid":"a14a6d9b-62f2-4119-9d8e-e2ed6bc3a47c",
+      "resourceVersion":"15886",
+      "creationTimestamp":"2019-08-29T06:41:42Z"
+   },
+   "ephemeralContainers":[
+      {
+         "name":"debugger",
+         "image":"busybox",
+         "command":[
+            "sh"
+         ],
+         "resources":{
+
+         },
+         "terminationMessagePolicy":"File",
+         "imagePullPolicy":"IfNotPresent",
+         "stdin":true,
+         "tty":true
+      }
+   ]
+}
+```
+
+You can view the state of the newly created ephemeral container using `kubectl describe`:
+
+```shell
+kubectl describe pod example-pod
+```
+
+```
+...
+Ephemeral Containers:
+  debugger:
+    Container ID:  docker://cf81908f149e7e9213d3c3644eda55c72efaff67652a2685c1146f0ce151e80f
+    Image:         busybox
+    Image ID:      docker-pullable://busybox@sha256:9f1003c480699be56815db0f8146ad2e22efea85129b5b5983d0e0fb52d9ab70
+    Port:          <none>
+    Host Port:     <none>
+    Command:
+      sh
+    State:          Running
+      Started:      Thu, 29 Aug 2019 06:42:21 +0000
+    Ready:          False
+    Restart Count:  0
+    Environment:    <none>
+    Mounts:         <none>
+...
+```
+
+You can interact with the new ephemeral container in the same way as other
+containers using `kubectl attach`, `kubectl exec`, and `kubectl logs`, for
+example:
+
+```shell
+kubectl attach -it example-pod -c debugger
+```
+
+