Skip to content

Latest commit

 

History

History
179 lines (125 loc) · 4.27 KB

crictl.md

File metadata and controls

179 lines (125 loc) · 4.27 KB

CRI-O crictl Tutorial

This tutorial will walk you through the creation of Redis server running in a Pod using crictl

It assumes you've already downloaded and configured CRI-O. If not, see here for CRI-O. It also assumes you've set up CNI, and are using the default plugins as described here. If you are using a different configuration, results may vary.

Installation

This section will walk you through installing the following components:

  • crictl - The CRI client for testing.

Get crictl

go get github.com/kubernetes-sigs/cri-tools/cmd/crictl

Ensure the CRI-O service is running

sudo crictl --runtime-endpoint unix:///var/run/crio/crio.sock version
Version:  0.1.0
RuntimeName:  cri-o
RuntimeVersion:  1.20.0-dev
RuntimeApiVersion:  v1alpha1

to avoid setting --runtime-endpoint when calling crictl, you can run export CONTAINER_RUNTIME_ENDPOINT=unix:///var/run/crio/crio.sock or cp crictl.yaml /etc/crictl.yaml from this repo

Pod Tutorial

Now that the CRI-O components have been installed and configured we are ready to create a Pod. This section will walk you through launching a Redis server in a Pod. Once the Redis server is running we'll use telnet to verify it's working, then we'll stop the Redis server and clean up the Pod.

Creating a Pod

First we need to setup a Pod sandbox using a Pod configuration, which can be found in the CRI-O source tree:

cd $GOPATH/src/github.com/cri-o/cri-o

In case the file /etc/containers/policy.json does not exist on your filesystem, make sure that skopeo has been installed correctly. You can use a policy template provided in the CRI-O source tree, but it is insecure and it is not to be used on production machines:

sudo mkdir /etc/containers/
sudo cp test/policy.json /etc/containers

Next create the Pod and capture the Pod ID for later use:

POD_ID=$(sudo crictl runp test/testdata/sandbox_config.json)

Use the crictl command to get the status of the Pod:

sudo crictl inspectp --output table $POD_ID

Output:

ID: 3cf919ba84af36642e6cdb55e157a62407dec99d3cd319f46dd8883163048330
Name: podsandbox1
UID: redhat-test-crio
Namespace: redhat.test.crio
Attempt: 1
Status: SANDBOX_READY
Created: 2020-11-12 12:53:41.345961219 +0100 CET
IP Addresses: 10.85.0.7
Labels:
	group -> test
	io.kubernetes.container.name -> POD
Annotations:
	owner -> hmeng
	security.alpha.kubernetes.io/seccomp/pod -> unconfined
Info: # Redacted

Create a Redis container inside the Pod

Use the crictl command to pull the Redis image, create a Redis container from a container configuration and attach it to the Pod created earlier, while capturing the container ID:

CONTAINER_ID=$(sudo crictl create $POD_ID test/testdata/container_redis.json test/testdata/sandbox_config.json)

The crictl create command will take a few seconds to return because the Redis container needs to be pulled.

Start the Redis container:

sudo crictl start $CONTAINER_ID

Get the status for the Redis container:

sudo crictl inspect $CONTAINER_ID

Output:

ID: f70e2a71239c6724a897da98ffafdfa4ad850944098680b82d381d757f4bcbe1
Name: podsandbox1-redis
State: CONTAINER_RUNNING
Created: 32 seconds ago
Started: 16 seconds ago
Labels:
	tier -> backend
Annotations:
	pod -> podsandbox1
Info: # Redacted

Test the Redis container

Fetch the Pod IP (can also be obtained via the inspectp output above):

POD_IP=$(sudo crictl inspectp --output go-template --template '{{.status.network.ip}}' $POD_ID)

Verify the Redis server is responding to MONITOR commands:

echo MONITOR | ncat $POD_IP 6379

Output:

+OK

Viewing the Redis logs

The Redis logs are logged to the stderr of the crio service, which can be viewed using journalctl:

sudo journalctl -u crio --no-pager

Stop and delete the Redis container

sudo crictl stop $CONTAINER_ID
sudo crictl rm $CONTAINER_ID

Verify the container is gone via:

sudo crictl ps

Stop and delete the Pod

sudo crictl stopp $POD_ID
sudo crictl rmp $POD_ID

Verify the pod is gone via:

sudo crictl pods