Quicktips for a containerd, ignite, k8s setup
Containerd command line is called:
$ ctr
but you should use it, or add the user to the related group.
$ sude ctr
If you check the group of "/run/containerd/containerd.sock" you see it is "root". Due to this we have to wait for a better solution, and until then use "sudo ..."
$ sudo ctr containers ls
$ sudo ctr namespaces ls
Result: Firecracker and Docker namespace is available/installed
NAME LABELS
firecracker
moby
$ sudo ctr -n firecracker version
Result:
Client:
Version: 1.4.12
Revision: 7b11XXXXXXXXb80907dd23182b9347b4245eb5d
Go version: go1.16.10
Server:
Version: 1.4.12
Revision: 7b11XXXXXXXX380907dd23182b9347b4245eb5d
UUID: XXXXX-XXXX-XXXX-bd57-598eb28d8fb0
$ sudo ctr -n firecracker container ls
Result: Container within the namespace firecracker
CONTAINER IMAGE RUNTIME
ignite-1e0b7ce782XXXXXX docker.io/weaveworks/ignite:v0.10.0 io.containerd.runc.v2
ignite-5fe0591980XXXXXX docker.io/weaveworks/ignite:v0.10.0 io.containerd.runc.v2
$ sudo ctr -n moby container ls
Result: No Container in use
CONTAINER IMAGE RUNTIME
$ sudo ctr -n k8s.io task kill 1XX...XXa
$ sudo ctr -n firecracker image ls
Result:
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/weaveworks/ignite-centos:firekube-pre3 application/vnd.docker.distribution.manifest.v2+json sha256:3d8f3aa77c9ae16acbb56a7becbd621a90dfac06b442151f4fdc530fc0540805 596.6 MiB linux/amd64 -
$ sudo ctr -n firecracker task exec --exec-id 12345 --user root a12...345 /bin/sh
Test of your security settings are available with the following container; and check out the other examples
$ kubectl apply -f https://k8s.io/examples/pods/security/security-context.yaml