mac系统-docker魔法

一、Fix Fatal: can’t open lock file /run/xtables.lock: Read-only file system when use docker-desktop-for-mac:

1. kubectl get pods
2. docker ps | grep {YOUR_POD_NAME} | grep istio-proxy
3. docker inspect -f {{.State.Pid}} {CONTAINER_HASH}
4. docker run -it --rm --privileged --pid=host justincormack/nsenter1
5. nsenter -n -t {YOUR_CONTAINER_PID}
6. iptables -L