This tutorial will walk you through the creation of Redis server running in a Pod using crictl
It assumes you've already downloaded and configured CRI-O. If not, see
here for CRI-O.
It also assumes you've set up CNI, and are using the default plugins as described
here. If you are using a different configuration,
results may vary.
This section will walk you through installing the following components:
- crictl - The CRI client for testing.
See install-crictl for details on how to install crictl.
sudo crictl --runtime-endpoint unix:///var/run/crio/crio.sock versionVersion: 0.1.0
RuntimeName: cri-o
RuntimeVersion: 1.20.0-dev
RuntimeApiVersion: v1alpha1
to avoid setting
--runtime-endpointwhen calling crictl, you can runexport CONTAINER_RUNTIME_ENDPOINT=unix:///var/run/crio/crio.sockorcp crictl.yaml /etc/crictl.yamlfrom this repo
Now that the CRI-O components have been installed and configured you are ready
to create a Pod. This section will walk you through launching a Redis server
in a Pod. Once the Redis server is running we'll use telnet to verify it's working,
then we'll stop the Redis server and clean up the Pod.
First we need to setup a Pod sandbox using a Pod configuration, which can be found
in the CRI-O source tree:
cd $GOPATH/src/github.com/cri-o/cri-oIn case the file /etc/containers/policy.json does not exist on your filesystem,
make sure that Skopeo has been installed correctly. You can use a policy template
provided in the CRI-O source tree, but it is insecure and it is not to be used
on production machines:
sudo mkdir /etc/containers/
sudo cp test/policy.json /etc/containersNext create the Pod and capture the Pod ID for later use:
POD_ID=$(sudo crictl runp test/testdata/sandbox_config.json)Use the crictl command to get the status of the Pod:
sudo crictl inspectp --output table $POD_IDOutput:
ID: 3cf919ba84af36642e6cdb55e157a62407dec99d3cd319f46dd8883163048330
Name: podsandbox1
UID: redhat-test-crio
Namespace: redhat.test.crio
Attempt: 1
Status: SANDBOX_READY
Created: 2020-11-12 12:53:41.345961219 +0100 CET
IP Addresses: 10.85.0.7
Labels:
group -> test
io.kubernetes.container.name -> POD
Annotations:
owner -> hmeng
security.alpha.kubernetes.io/seccomp/pod -> unconfined
Info: # Redacted
Use the crictl command to pull the Redis image.
sudo crictl pull quay.io/crio/fedora-crio-ci:latestCreate a Redis container from a container configuration and attach it to the Pod created earlier, while capturing the container ID:
CONTAINER_ID=$(sudo crictl create $POD_ID test/testdata/container_redis.json test/testdata/sandbox_config.json)The crictl create command will take a few seconds to return because the Redis
container needs to be pulled.
Start the Redis container:
sudo crictl start $CONTAINER_IDGet the status for the Redis container:
sudo crictl inspect $CONTAINER_IDOutput:
ID: f70e2a71239c6724a897da98ffafdfa4ad850944098680b82d381d757f4bcbe1
Name: podsandbox1-redis
State: CONTAINER_RUNNING
Created: 32 seconds ago
Started: 16 seconds ago
Labels:
tier -> backend
Annotations:
pod -> podsandbox1
Info: # Redacted
Fetch the Pod IP (can also be obtained via the inspectp output above):
POD_IP=$(sudo crictl inspectp --output go-template --template '{{.status.network.ip}}' $POD_ID)Verify the Redis server is responding to MONITOR commands:
echo MONITOR | ncat $POD_IP 6379Output:
+OK
The Redis logs are logged to the stderr of the crio service,
which can be viewed using journalctl:
sudo journalctl -u crio --no-pagersudo crictl stop $CONTAINER_ID
sudo crictl rm $CONTAINER_IDVerify the container is gone via:
sudo crictl pssudo crictl stopp $POD_ID
sudo crictl rmp $POD_IDVerify the pod is gone via:
sudo crictl pods