3.3 Creating Kata Containers

This section provide an example of creating a Kubernetes pod configuration file, which is used to create a container using kata-runtime as the runtime engine. Before you create Kata Containers, you should set up a Kubernetes runtime class for kata-runtime. For information on setting up a runtime class, see Section 1.3, “Setting Runtime Classes”.

Example 3.1 Creating an NGINX container

This example uses a Kubernetes pod configuration file to create a Kata container. The pod configuration file creates an NGINX web server container, which is often used when testing containers.

To create an NGINX Kata container:

  1. On a host that is set up to use the kubectl command to connect to the Kubernetes cluster, create a Kubernetes pod configuration file. To specify the container should be run as a Kata container, use the notation runtimeClassName: kata-containers in the pod file. When CRI-O encounters this runtime class in a pod file, it passes the container to kata-runtime to run the container.

    This pod file is named kata-nginx.yaml. 

    apiVersion: v1
kind: Pod
metadata:
  name: kata-nginx
spec:
  runtimeClassName: kata-containers
  containers:
    - name: nginx
      image: nginx
      ports:
      - containerPort: 80

  2. Create the Kata container using the kata-nginx.yaml file with the kubectl apply command: 

    $ kubectl apply -f kata-nginx.yaml
pod/nginx-kata created

  3. To check the pod has been created, use the kubectl get pods command: 

    $ kubectl get pods
NAME         READY   STATUS    RESTARTS   AGE
kata-nginx   1/1     Running   0          11s

  4. Use the kubectl describe command to show a more detailed view of the pod, including which worker node is hosting the pod and the Container ID. 

    $ kubectl describe pod kata-nginx 
Name:               kata-nginx
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               worker1.example.com/192.0.2.24
Start Time:         Thu, 12 Sep 2019 01:53:35 +0100
Labels:             <none>
Annotations:        kubectl.kubernetes.io/last-applied-configuration:
                      {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{}...
Status:             Running
IP:                 10.244.3.3
Containers:
  mycontainer:
    Container ID:   cri-o://8f7d91a1893638498b3bbf74271e4b24361830e29ac65cc361a4c0...
    Image:          nginx
    Image ID:       docker.io/library/nginx@sha256:099019968725f0fc12c4b69b289a347...
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
...

  5. You can list the pods on a worker node using the crictl pods command. For example, on a worker node, run: 

    $ sudo crictl pods
POD ID            CREATED         STATE    NAME                      NAMESPACE      ATTEMPT
03564d1e87df9     1 hours ago     Ready    kata-nginx                default        0
3bfabc5c7eea5     22 hours ago    Ready    kube-flannel-ds-6fkld     kube-system    0
bb0de1bff1cdf     22 hours ago    Ready    kube-proxy-cc7tb          kube-system    0

    You can see the kata-nginx container is running on this worker node.

    For more information on using the crictl command, use the crictl --help command.

  6. You can get more detailed information about the containers on a worker node using the crictl ps command. For example: 

    $ sudo crictl ps
CONTAINER           IMAGE                       NAME                POD ID
8f7d91a189363     docker.io/library/ngin...     nginx        ...    03564d1e87df9
0e9db3f09163a     0a95ca9313ebb9fc3708d8...     kube-flannel ...    3bfabc5c7eea5
f8350c6fe0c55     container-registry.ora...     kube-proxy   ...    bb0de1bff1cdf

    Note the Container ID is a shortened version of the Container ID shown in the pod description.

  7. To get detailed information about a container, use the crictl inspectp command using the POD ID. For example: 

    $ sudo crictl inspectp 03564d1e87df9
{
  "status": {
    "id": "03564d1e87df9d7330e949e67e18252d2a02b0fac585293667d7dd7b92857b9b",
    "metadata": {
      "attempt": 0,
      "name": "kata-nginx",
      "namespace": "default",
      "uid": "bfda5be6-d4f7-11e9-8ad8-52540037f605"
    },
    "state": "SANDBOX_READY",
    "createdAt": "2019-09-12T01:53:35.552628639+01:00",
    "network": {
      "ip": "10.244.3.3"
...

  8. To confirm the container is running using kata-runtime, use the kata-runtime list command. For example: 

    $ sudo kata-runtime list
ID                                  PID         STATUS      BUNDLE                  ...
03564d1e87df9d7330e949e67e1825...   20140       running     /run/containers/storage/...
8f7d91a1893638498b3bbf74271e4b...   20191       running     /run/containers/storage...

    Note the ID is the same as the Container ID shown in the pod description.

  9. You can delete the pod using the kubectl delete command on the master node: 

    $ kubectl delete pod kata-nginx
pod "kata-nginx" deleted

Copyright © 2019, 2020, Oracle and/or its affiliates. All rights reserved. Legal Notices