django - 重复使用部署模板运行 kubectl cronjob

Question

我有一个带有 2 个容器的 pod：一个 django 网络服务器和一个云 sql 代理。

我想每天运行一个 cronjob（一些 django manage.py 命令）。理想情况下，我希望通过复制已经在其中运行的网络服务器，在我正在运行的一个 pod 中创建一个新容器。

1. 找到吊舱 A
2. 从 pod A 复制 django 容器
3. 在 pod A 中启动新的 django 容器
4. 在 pod A 的新容器中执行命令
5. 关闭 pod A 的新容器

据我了解，执行 kubernetes CronJob 将创建一个自己的新 pod。这意味着我需要复制所有内容，包括卷和代理容器。我尝试手动执行此操作（通过将部署中的所有 pod conf 复制粘贴到 CronJob conf 中）

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: SomeName
  labels:
    environment: SomeEnv
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: SomeApp
        name: SomeName2
        environment: SomeEnv
    spec:
      containers:
        - image: gcr.io/org/someimage:tag
          name: ContainerName
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - name: app-secrets
              mountPath: /var/run/secrets/app
              readOnly: true
          env:
            - name: SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: app-secrets
                  key: django
        - image: gcr.io/cloudsql-docker/gce-proxy:1.11
          name: cloudsql-proxy
          command: ["/cloud_sql_proxy", "--dir=/cloudsql",
                    "-instances=org:zone:db=tcp:5432",
                    "-credential_file=/secrets/cloudsql/credentials.json"]
          volumeMounts:
            - name: cloudsql-instance-credentials
              mountPath: /secrets/cloudsql
              readOnly: true
            - name: ssl-certs
              mountPath: /etc/ssl/certs
            - name: cloudsql
              mountPath: /cloudsql

      volumes:
        - name: SomeName-secrets
          secret:
            secretName: app-secrets

---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: SomeName-Cron
  labels:
    environment: SomeEnv
spec:
  schedule: "0 1 * * *"  # Daily at 1am
  jobTemplate:
    spec:
      template:
        spec:
          containers:
            - image: gcr.io/org/someimage:tag
              name: ContainerName
              imagePullPolicy: IfNotPresent
              volumeMounts:
                - name: app-secrets
                  mountPath: /var/run/secrets/app
                  readOnly: true
              env:
                - name: SECRET_KEY
                  valueFrom:
                    secretKeyRef:
                      name: app-secrets
                      key: django
            - image: gcr.io/cloudsql-docker/gce-proxy:1.11
              name: cloudsql-proxy
              command: ["/cloud_sql_proxy", "--dir=/cloudsql",
                        "-instances=org:zone:db=tcp:5432",
                        "-credential_file=/secrets/cloudsql/credentials.json"]
              volumeMounts:
                - name: cloudsql-instance-credentials
                  mountPath: /secrets/cloudsql
                  readOnly: true
                - name: ssl-certs
                  mountPath: /etc/ssl/certs
                - name: cloudsql
                  mountPath: /cloudsql
          volumes:
            - name: SomeName-secrets
              secret:
                secretName: app-secrets

但是 cloud_sql 代理无法在 Cronjob conf 中连接：

2019/10/04 08:14:44 New connection for "org:zone:db"                         
2019/10/04 08:14:44 Throttling refreshCfg(org:zone:db): it was only called 44
5.482222ms ago                                                                                          
2019/10/04 08:14:44 couldn't connect to "org:zone:db": Post https://www.googl
eapis.com/sql/v1beta4/projects/org/instances/block-report/createEphemeral?alt=json: oauth2: c
annot fetch token: Post https://accounts.google.com/o/oauth2/token: dial tcp: i/o timeout               
^C                                                                                        

这些错误真的很令人困惑，所以我坚持这个测试。

可能有人知道让 cronjob 运行重用现有容器的干净方法吗？