The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
Chapter 3 Using Kata Containers
This chapter briefly discusses creating Kata containers. This
information can be used to verify the installation is successful,
and that you can create containers using
kata-runtime
as the runtime engine.
3.1 Installing Kata Containers
To deploy Kata Containers you must first set up an Oracle Cloud Native Environment, including the
kubernetes
module. For information on
installing and deploying Oracle Cloud Native Environment, see Getting Started.
3.2 Checking Hardware
You can test whether your hardware is capable of running Kata Containers using the kata-runtime kata-check command. To use this command you must first have a running Kubernetes deployment. On a Kubernetes worker node, run:
sudo kata-runtime kata-check
For more information on using the kata-runtime command, use the kata-runtime --help command.
3.3 Creating Kata Containers
This section provide an example of creating a Kubernetes pod
configuration file, which is used to create a container using
kata-runtime
as the runtime engine. Before you
create Kata Containers, you should set up a Kubernetes runtime class for
kata-runtime
. For information on setting up a
runtime class, see Section 1.3, “Setting Runtime Classes”.
This example uses a Kubernetes pod configuration file to create a Kata container. The pod configuration file creates an NGINX web server container, which is often used when testing containers.
-
On a host that is set up to use the kubectl command to connect to the Kubernetes cluster, create a Kubernetes pod configuration file. To specify the container should be run as a Kata container, use the notation
runtimeClassName: kata-containers
in the pod file. When CRI-O encounters this runtime class in a pod file, it passes the container tokata-runtime
to run the container.This pod file is named
kata-nginx.yaml
.apiVersion: v1 kind: Pod metadata: name: kata-nginx spec: runtimeClassName: kata-containers containers: - name: nginx image: nginx ports: - containerPort: 80
-
Create the Kata container using the
kata-nginx.yaml
file with the kubectl apply command:kubectl apply -f kata-nginx.yaml
pod/nginx-kata created -
To check the pod has been created, use the kubectl get pods command:
kubectl get pods
NAME READY STATUS RESTARTS AGE kata-nginx 1/1 Running 0 11s -
Use the kubectl describe command to show a more detailed view of the pod, including which worker node is hosting the pod and the Container ID.
kubectl describe pod kata-nginx
Name: kata-nginx Namespace: default Priority: 0 PriorityClassName: <none> Node: worker1.example.com/192.0.2.24 Start Time: Thu, 12 Sep 2019 01:53:35 +0100 Labels: <none> Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{}... Status: Running IP: 10.244.3.3 Containers: mycontainer: Container ID: cri-o://8f7d91a1893638498b3bbf74271e4b24361830e29ac65cc361a4c0... Image: nginx Image ID: docker.io/library/nginx@sha256:099019968725f0fc12c4b69b289a347... Port: 80/TCP Host Port: 0/TCP State: Running ... -
You can list the pods on a worker node using the crictl pods command. For example, on a worker node, run:
sudo crictl pods
POD ID CREATED STATE NAME NAMESPACE ATTEMPT 03564d1e87df9 1 hours ago Ready kata-nginx default 0 3bfabc5c7eea5 22 hours ago Ready kube-flannel-ds-6fkld kube-system 0 bb0de1bff1cdf 22 hours ago Ready kube-proxy-cc7tb kube-system 0You can see the
kata-nginx
container is running on this worker node.For more information on using the crictl command, use the crictl --help command.
-
You can get more detailed information about the containers on a worker node using the crictl ps command. For example:
sudo crictl ps
CONTAINER IMAGE NAME POD ID 8f7d91a189363 docker.io/library/ngin... nginx ... 03564d1e87df9 0e9db3f09163a 0a95ca9313ebb9fc3708d8... kube-flannel ... 3bfabc5c7eea5 f8350c6fe0c55 container-registry.ora... kube-proxy ... bb0de1bff1cdfNote the Container ID is a shortened version of the
Container ID
shown in the pod description. -
To get detailed information about a container, use the crictl inspectp command using the
POD ID
. For example:sudo crictl inspectp 03564d1e87df9
{ "status": { "id": "03564d1e87df9d7330e949e67e18252d2a02b0fac585293667d7dd7b92857b9b", "metadata": { "attempt": 0, "name": "kata-nginx", "namespace": "default", "uid": "bfda5be6-d4f7-11e9-8ad8-52540037f605" }, "state": "SANDBOX_READY", "createdAt": "2019-09-12T01:53:35.552628639+01:00", "network": { "ip": "10.244.3.3" ... -
To confirm the container is running using
kata-runtime
, use the kata-runtime list command. For example:sudo kata-runtime list
ID PID STATUS BUNDLE ... 03564d1e87df9d7330e949e67e1825... 20140 running /run/containers/storage/... 8f7d91a1893638498b3bbf74271e4b... 20191 running /run/containers/storage...Note the
ID
is the same as theContainer ID
shown in the pod description. -
You can delete the pod using the kubectl delete command on the control plane node:
kubectl delete pod kata-nginx
pod "kata-nginx" deleted