New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
how to get the container id in pod? #50309
Comments
You can access the kubernetes api in pod. Pod's name is in env. And containerID is in containerStatuses. |
@drinktee how to access the kubernetes api in shell? |
@Bobi-zhou You can refer to Expose Pod Information to Containers Through Environment Variables. |
@dixudx yup,but supported values:metadata.name, metadata.namespace, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP; |
/sig api-machinery node |
@Bobi-zhou you can pull in the pod's namespace and name as environment variables using what's called the "Downward API", adding a field on the container like:
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
So is it not possible to get that container ID? |
I am running 3 kafka pods in statefulsets. if i give metadata.name in the place of fieldpath, then i will get kafka-0,kafka-1,kafka-2 for three pods.. How can i get just the ID instead of whole name? (i.e. 0,1,2) |
@arunkumar9050 I think you can't (according to this) |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
This is an incredibly huge workaround, but I was able to get the container IDs with the following:
I was able to put this all together in order to create a metrics tracking system that has up to the second metrics for containers and pods. |
For my situation, I was actually just looking to call the cAdvisor API to get stats on pods rapidly. I needed the docker container name to do that, which is not the I think this issue was created to find container IDs, which is also not |
ah thanks @integrii |
Did anybody ever figure this out? I'm trying to debug some short-lived Job containers that are crashing and I need to be able to log the container ID from within the job in order to correlate it with Docker logs. |
So is it not possible to get that container ID? I want to collect stdout logs by using fluent-bit as a sidecar mode. So I need the app's container ID. |
Did you get anywhere with this i am trying to do the same? |
Eventually,I gave up using container ID. Instead, I used the soft link path "/var/log/pods/${POD_UID}/{{$ContainerName}}/*.log", and I mount the following directories to main Container: |
/reopen |
@mitar: You can't reopen an issue/PR unless you authored it or you are a collaborator. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
I would like to access |
I opened #80346 for imageID. |
The container ID and image ID are available locally on each node using the kubelet apiserver that exposes the following endpoint: |
But how does pod know how to find itself on the apiserver? |
That's a good question :) it doesn't know so guess my response isn't useful in that case. It would assume the executing pod knows it's own pod name. |
Name maybe, but not ID? |
Here is something that I cooked up, works on my k8 installation. Does the below work for you guys?
|
Oh, you want to get the container ID within a process running in the container? If you can mount the |
So I can use container ID to resolve to the pod ID using the Kubernetes API? |
@mitar I'm not sure about that. From a higher layer perspective, getting info about lower layers is feasible and logical. The other way around is the opposite of that. As a container there is no guarantee of understanding what your outer environment is, apart from the outer layers exposing info to the lower layer (The downward api) - mounting files is an example of that. |
Yes, so I think the question is what all is exposed through downward API. I opened #80346 for imageID, for example. |
docker sets |
its truly inconceivable to me that the Open Container Initiative specs do not provide any mechanism for processes within a container context to portably obtain either their image or container id ... both of which are INCREDIBLY useful even just for the purposes of logging and tracing .... |
I'm seeing
|
Hi @CharlieReitzel @alexlren thanks for the suggestions, however I do not wish to rely upon implementation convention for this, since that is not a reliable API commitment that the Java platform could rely upon. |
There's no direct method for this, but I found a dirty hack.
kubernetes follows a convention for creating a cgroup directory,
With some shell scripting foo you can extract the containerId of a running process. EDIT This wont work if kubernetes creates every container in its own cgroup namespace. Just learnt that |
I totally agree with you @lpgc. I am trying to solve this problem by making an OCI specification for fetching container id within the container. Here is the comment. |
This won't help when you're running inside the container - as @DevasiaThomas mentioned above, you'd need to mount |
thanks, again this is not suitable for something like the JVM to depend upon in order to capture container and image id and expose that to application code therein. this needs to be "standardized" preferably such that it functions regardless of which container engine r/t or OS is hosting |
In my case - i want to get image - aka Here is an deployment definition: deployment.yaml---
apiVersion: v1
kind: ServiceAccount
metadata:
name: mactemp
namespace: production
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: mactemp
namespace: production
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: mactemp
namespace: production
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: mactemp
subjects:
- kind: ServiceAccount
name: mactemp
namespace: production
---
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: mactemp
namespace: production
labels:
app: mactemp
spec:
replicas: 1
selector:
matchLabels:
app: mactemp
template:
metadata:
labels:
app: mactemp
spec:
serviceAccountName: mactemp
containers:
- name: mactemp
image: nginx:alpine
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "10m"
limits:
memory: "128Mi"
cpu: "500m"
# https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
env:
# # ANY COMBINATIONS OF FOLLOWING ARE NOT WOKRING
# - name: MY_IMAGE
# valueFrom:
# fieldRef:
# fieldPath: spec.containers[0].image
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MY_POD_SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: MY_MEM_REQUEST
valueFrom:
resourceFieldRef:
containerName: mactemp
resource: requests.memory
- name: MY_MEM_LIMIT
valueFrom:
resourceFieldRef:
containerName: mactemp
resource: limits.memory there is nothing special inside deployment itselft, the difference is that we are going to run our deployment with dedicated service account that is binded to a role with privileges to talk to kubernetes api from now one, inside the pod we can do: curl "https://$KUBERNETES_SERVICE_HOST/api/v1/namespaces/$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)/pods/$(echo $HOSTNAME)" \
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
-H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" which will give us access to anything we want notes:
|
i want to get the container info in my pod,i tried to inject data into env but failed,it tips:
* spec.template.spec.containers[0].env[0].valueFrom.fieldRef.fieldPath: Invalid value: "status.containerStatuses[0].containerID": error converting fieldPath: field label not supported: status.containerStatuses[0].containerID
how to get it?
The text was updated successfully, but these errors were encountered: