Main Menu

Search

Showing posts with label containers. Show all posts
Showing posts with label containers. Show all posts

PODMAN: CONTAINER-RUNTIME: Sample NGINX Container Image from Oracle Container Registry OCR (OCNE)

Below is the pull command to pull sample nginx container image from Oracle Container Registry (OCR) from Oracle Cloud Native Environment registry.

podman pull container-registry.oracle.com/olcne/nginx:1.17.7




Keywords:

container containers image images registry registries pull pulling sample example demo OCR 
Read more "PODMAN: CONTAINER-RUNTIME: Sample NGINX Container Image from Oracle Container Registry OCR (OCNE)"
No comments:
Tags: , , , , , ,

PODMAN / CRIO: How To Manually Test Pulling Container Images From Oracle Container Registry (OCR) Using Podman & CRIO?

We can manually pull nginx container image from Oracle container registry (OCR) from podman or CRIO to test if they are installed correctly and if the images are getting pulled without issues.

Following commands can be used.

Podman

podman pull container-registry.oracle.com/olcne/nginx:1.17.7

CRIO

crictl pull container-registry.oracle.com/olcne/nginx:1.17.7

Keywords:

pulling pull container containers image images container-registry.oracle.com ocr registries issues problems test check testing checking

Read more "PODMAN / CRIO: How To Manually Test Pulling Container Images From Oracle Container Registry (OCR) Using Podman & CRIO?"
No comments:
Tags: , , , , , , , ,

PODMAN: How to Delete / Remove All Container Images Downloaded Into Podman?

Below command can be used to Delete / Remove All Container Images Downloaded Into Podman.

podman system prune --all --force && podman rmi --all



Keywords:

podman image images delete deleting remove removing erase erasing container containers download downloaded mirror registry registries repository repositories


Read more "PODMAN: How to Delete / Remove All Container Images Downloaded Into Podman?"
No comments:
Tags: , ,

KUBERNETES: KUBECTL Command To List Pods And Their Associated Container Listening Ports

Below command can be used.

kubectl get pods -A -o custom-columns="POD:.metadata.name,PORTS:.spec.containers[*].ports[*].containerPort"

Below is sample output of above command.

POD                                           PORTS
nginx-6f4cfc8479-22zlh                        80
nginx-6f4cfc8479-2trg9                        80
nginx-6f4cfc8479-7sfpj                        80
nginx-6f4cfc8479-mkfng                        80
nginx-6f4cfc8479-nffq6                        80
nginx-6f4cfc8479-vcmx8                        80
coredns-5859f68d4-7p95k                       53,53,9153
coredns-5859f68d4-f7hnb                       53,53,9153
Read more "KUBERNETES: KUBECTL Command To List Pods And Their Associated Container Listening Ports "
No comments:
Tags: , , , , ,

CRIO: How To Connect To Insecure Private Container Registry Using OpenSSL Certificates From CRIO

CRIO: How To Connect To Insecure Private Container Registry Using OpenSSL Certificates From CRIO

Follow below steps. Steps in this doc are tested on Oracle Linux OS, but steps would be similar on other Operating systems

1) On the client machine where you have CRIO, Update /etc/containers/registries.conf file with just these entries. Replace localregistry.oracle.com with the local registry host and <port>> with port where you have localregistry listening.

[[registry]]
location = "localregitry.oracle.com:<port>"
insecure = true

2) On the client machine where you have CRIO, Restart system daemon and CRIO.

systemctl daemon-reload

systemctl restart crio

3) Do testing by pulling the images using crictl pull command from insecure container registry. Below is the command.

crictl pull local-registry:<port>/<image location and name>

4) Verify that you can see images using below command.

crictl images

Read more "CRIO: How To Connect To Insecure Private Container Registry Using OpenSSL Certificates From CRIO"
No comments:
Tags: , ,

PODMAN: How To Connect To Insecure Private Container Registry Using OpenSSL Certificates From podman

PODMAN: How To Connect To Insecure Private Container Registry Using OpenSSL Certificates From podman

Follow below steps. Steps in this doc are tested on Oracle Linux OS, but steps would be similar on other Operating systems

1) On the client machine where you have podman, Update /etc/containers/registries.conf file with just these entries. Replace localregistry.oracle.com with the local registry host and <port>> with port where you have localregistry listening.

[[registry]]
location = "ocr-localregitry.oracle.com:<port>"
insecure = true

2) On the client machine where you have podman, Restart system daemon and podman.

systemctl daemon-reload

systemctl restart podman

3) Do testing by pulling the images using podman from insecure container registry.

Pull the images using podman pull. As you can see it works.

podman pull local-registry:<port>/<image location and name>

4) Verify that you can see images using below command.

podman images

Read more "PODMAN: How To Connect To Insecure Private Container Registry Using OpenSSL Certificates From podman"
No comments:
Tags: , ,

CRI-O: How To Check the CRIO Configuration And Information

CRI-O: How To Check the CRIO Configuration And Information

Below commands can be used.

sudo crio-status config
sudo crio-status info

Below are example outputs.

#sudo crio-status info
WARN[0000] Failed to decode the keys ["storage.options.override_kernel_check"] from "/etc/containers/storage.conf". 
cgroup driver: systemd
storage driver: overlay
storage root: /var/lib/containers/storage
default GID mappings (format <container>:<host>:<size>):
  0:0:4294967295
default UID mappings (format <container>:<host>:<size>):
  0:0:4294967295


#sudo crio-status config
WARN[0000] Failed to decode the keys ["storage.options.override_kernel_check"] from "/etc/containers/storage.conf". 
[crio]
  root = "/var/lib/containers/storage"
  runroot = "/var/run/containers/storage"
  storage_driver = "overlay"
  log_dir = "/var/log/crio/pods"
  version_file = "/var/run/crio/version"
  version_file_persist = "/var/lib/crio/version"
  clean_shutdown_file = "/var/lib/crio/clean.shutdown"
  internal_wipe = true
  [crio.api]
    grpc_max_send_msg_size = 83886080
    grpc_max_recv_msg_size = 83886080
    listen = "/var/run/crio/crio.sock"
    stream_address = "127.0.0.1"
    stream_port = "0"
    stream_enable_tls = false
    stream_tls_cert = ""
    stream_tls_key = ""
    stream_tls_ca = ""
    stream_idle_timeout = ""
  [crio.runtime]
    seccomp_use_default_when_empty = true
    no_pivot = false
    selinux = true
    log_to_journald = false
    drop_infra_ctr = true
    read_only = false
    hooks_dir = ["/usr/share/containers/oci/hooks.d"]
    default_capabilities = ["CHOWN", "DAC_OVERRIDE", "FSETID", "FOWNER", "SETGID", "SETUID", "SETPCAP", "NET_BIND_SERVICE", "KILL"]
    allowed_devices = ["/dev/fuse"]
    cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
    device_ownership_from_security_context = false
    default_runtime = "runc"
    decryption_keys_path = "/etc/crio/keys/"
    conmon = "/usr/libexec/crio/conmon"
    conmon_cgroup = "system.slice"
    seccomp_profile = ""
    apparmor_profile = "crio-default"
    blockio_config_file = ""
    irqbalance_config_file = "/etc/sysconfig/irqbalance"
    rdt_config_file = ""
    cgroup_manager = "systemd"
    default_mounts_file = ""
    container_exits_dir = "/var/run/crio/exits"
    container_attach_socket_dir = "/var/run/crio"
    bind_mount_prefix = ""
    uid_mappings = ""
    minimum_mappable_uid = -1
    gid_mappings = ""
    minimum_mappable_gid = -1
    log_level = "info"
    log_filter = ""
    namespaces_dir = "/var/run"
    pinns_path = "/usr/bin/pinns"
    pids_limit = 0
    log_size_max = -1
    ctr_stop_timeout = 30
    separate_pull_cgroup = ""
    infra_ctr_cpuset = ""
    [crio.runtime.runtimes]
      [crio.runtime.runtimes.kata]
        runtime_config_path = ""
        runtime_path = "/usr/bin/kata-runtime"
        runtime_type = "oci"
        runtime_root = ""
        DisallowedAnnotations = ["io.kubernetes.cri-o.ShmSize", "cpu-load-balancing.crio.io", "cpu-quota.crio.io", "io.kubernetes.cri.rdt-class", "io.kubernetes.cri-o.TrySkipVolumeSELinuxLabel", "io.kubernetes.cri-o.UnifiedCgroup", "io.kubernetes.cri-o.cgroup2-mount-hierarchy-rw", "io.kubernetes.cri-o.Devices", "irq-load-balancing.crio.io", "io.containers.trace-syscall", "io.kubernetes.cri-o.userns-mode"]
        monitor_path = "/usr/libexec/crio/conmon"
        monitor_cgroup = "system.slice"
      [crio.runtime.runtimes.runc]
        runtime_config_path = ""
        runtime_path = "/usr/bin/runc"
        runtime_type = "oci"
        runtime_root = ""
        DisallowedAnnotations = ["io.kubernetes.cri-o.userns-mode", "io.kubernetes.cri-o.cgroup2-mount-hierarchy-rw", "io.kubernetes.cri-o.UnifiedCgroup", "io.kubernetes.cri-o.ShmSize", "io.kubernetes.cri-o.Devices", "cpu-load-balancing.crio.io", "io.containers.trace-syscall", "cpu-quota.crio.io", "irq-load-balancing.crio.io", "io.kubernetes.cri.rdt-class", "io.kubernetes.cri-o.TrySkipVolumeSELinuxLabel"]
        monitor_path = "/usr/libexec/crio/conmon"
        monitor_cgroup = "system.slice"
  [crio.image]
    default_transport = "docker://"
    global_auth_file = ""
    pause_image = "container-registry.oracle.com/olcne/pause:3.7"
    pause_image_auth_file = ""
    pause_command = "/pause"
    signature_policy = ""
    image_volumes = "mkdir"
    big_files_temporary_dir = ""
  [crio.network]
    cni_default_network = ""
    network_dir = "/etc/cni/net.d/"
    plugin_dirs = ["/opt/cni/bin"]
  [crio.metrics]
    enable_metrics = false
    metrics_collectors = ["operations", "operations_latency_microseconds_total", "operations_latency_microseconds", "operations_errors", "image_pulls_by_digest", "image_pulls_by_name", "image_pulls_by_name_skipped", "image_pulls_failures", "image_pulls_successes", "image_pulls_layer_size", "image_layer_reuse", "containers_oom_total", "containers_oom", "processes_defunct", "operations_total", "operations_latency_seconds", "operations_latency_seconds_total", "operations_errors_total", "image_pulls_bytes_total", "image_pulls_skipped_bytes_total", "image_pulls_failure_total", "image_pulls_success_total", "image_layer_reuse_total", "containers_oom_count_total"]
    metrics_port = 9090
    metrics_socket = ""
    metrics_cert = ""
    metrics_key = ""
  [crio.tracing]
    enable_tracing = false
    tracing_endpoint = "0.0.0.0:4317"
    tracing_sampling_rate_per_million = 0
  [crio.stats]
    stats_collection_period = 0

Read more "CRI-O: How To Check the CRIO Configuration And Information"
No comments:
Tags: , ,

CRI-O: CRICTL Command To List CRIO Images

 Below is crictl command to list the crio images.

crictl images

Below is sample output of how images are shown.

        container-registry.oracle.com/olcne/etcd                      3.5.6               f440fa7240c43       165MB

Read more "CRI-O: CRICTL Command To List CRIO Images"
No comments:
Tags: , , ,

CRI-O: Crictl Command To List CRIO POD processes (DevOps)

#sudo crictl ps

Below is sample output.

sudo crictl ps
CONTAINER           IMAGE                                                              CREATED             STATE               NAME                      ATTEMPT             POD ID              POD
dfaea6f702bc4       32c223e729566de3f29b945ce6fc114a12d8220162c2b7ff8423040c283cf10e   4 days ago          Running             coredns                   0                   9c388af849799       coredns-664c775d6f-nfdsg
1032195f67e16       32c223e729566de3f29b945ce6fc114a12d8220162c2b7ff8423040c283cf10e   4 days ago          Running             coredns                   0                   ff8a2123a8e4d       coredns-664c775d6f-tbdvs
857c4fda970f6       52e470e10ebf93ea5d2aa32f5ca2ecfa3a3b2ff8d2015069618429f3bb9cda7a   4 days ago          Running             kube-flannel              0                   361c90687ed62       kube-flannel-ds-7jpxx

Read more "CRI-O: Crictl Command To List CRIO POD processes (DevOps)"
No comments:
Tags: , ,

CRI-O: How To Connect To CRIO Pod Process (DevOps)

#sudo crictl exec -i -t <container name> bash

Container name can be obtained from crictl ps command output.

Read more "CRI-O: How To Connect To CRIO Pod Process (DevOps)"
No comments:
Tags: , , ,

CRI-O: Crictl Command To Check CRIO Version (DevOps)

#sudo crictl version

Below is sample output.

Version:  0.1.0
RuntimeName:  cri-o
RuntimeVersion:  1.24.2
RuntimeApiVersion:  v1

Read more "CRI-O: Crictl Command To Check CRIO Version (DevOps)"
No comments:
Tags: , , ,
Subscribe to: Posts (Atom)