dkdndes/containerd_quicktips.md

## containerd_quicktips.md

      
    Raw
  

              containerd_quicktips.md
            
          
    ContainerD Commandline Quicktips

Quicktips for a containerd, ignite, k8s setup
ctr command, and usage with sudo

Containerd command line is called:
$ ctr

but you should use it, or add the user to the related group.
$ sude ctr

If you check the group of "/run/containerd/containerd.sock" you see it is "root". Due to this we have to wait for a better solution, and until then use "sudo ..."
Check container with default namespance, and if default namespace is set

$ sudo ctr containers ls

Check available namespaces (same as above)

$ sudo ctr namespaces ls

Result: Firecracker and Docker namespace is available/installed

NAME        LABELS 
firecracker        
moby 

Print Container Version within the namespace "firecracker"

$ sudo ctr -n firecracker version

Result: 

Client:
Version:  1.4.12
Revision: 7b11XXXXXXXXb80907dd23182b9347b4245eb5d
Go version: go1.16.10

Server:
Version:  1.4.12
Revision: 7b11XXXXXXXX380907dd23182b9347b4245eb5d
UUID: XXXXX-XXXX-XXXX-bd57-598eb28d8fb0

Check container in firecracker namespace

$ sudo ctr -n firecracker container ls

Result: Container within the namespace firecracker
CONTAINER                  IMAGE                                  RUNTIME                  
ignite-1e0b7ce782XXXXXX    docker.io/weaveworks/ignite:v0.10.0    io.containerd.runc.v2    
ignite-5fe0591980XXXXXX    docker.io/weaveworks/ignite:v0.10.0    io.containerd.runc.v2    

$ sudo ctr -n moby container ls

Result: No Container in use
CONTAINER    IMAGE    RUNTIME    

Kill a container (k8s namespace)

$ sudo ctr -n k8s.io task kill 1XX...XXa

List Container Images

$ sudo ctr -n firecracker image ls

Result:

REF  TYPE   DIGEST   SIZE   PLATFORMS   LABELS 
docker.io/weaveworks/ignite-centos:firekube-pre3 application/vnd.docker.distribution.manifest.v2+json     sha256:3d8f3aa77c9ae16acbb56a7becbd621a90dfac06b442151f4fdc530fc0540805 596.6 MiB linux/amd64 -      

Execute Command as Root within Container

$ sudo ctr -n firecracker task exec --exec-id 12345 --user root a12...345 /bin/sh

Test of your security settings are available with the following container; and check out the other examples

$ kubectl apply -f https://k8s.io/examples/pods/security/security-context.yaml