I'm making an app that scan the container for viruses, then if the container is infected it kills the container and deploy an older image of said container, presumably without the virus, but to do that I would need the app to know the countainer id of the countainer it's in, but I cant seen to figure that out
It's not supported by the downward API, so you can use the proc file system.
If you just want the container id and nothing else /proc/self/cgroup should have a line that begins with docker followed by a string that contains the ID.
and it will give something like this
/docker/036497b7356b384afd78b529183bee0da5c61bfd378397159e9ff1f9165d0021/kubepods/besteffort/pode6b01d7d-1921-4cc2-b0bb-b0af0e98f51e/c408ed3e894e8706520315230cda7f34dce287223df6a0555b47b0caa979d6e7
and
c408ed3e894e8706520315230cda7f34dce287223df6a0555b47b0caa979d6e7
#which you can see in the pod too
"containerStatuses": [
{
"containerID": "docker://c408ed3e894e8706520315230cda7f34dce287223df6a0555b47b0caa979d6e7",
}
provide a portable mechanism for processes within container to obtain their image and container ids #1105
how to get the container id in pod? #50309
Related
I have an image with a GUI application, with base image of microsoft/windowsservercore. Application is installed correctly in the image, however I'm unable to display it on host machine. Have read several articles on this on Google and they suggest to install XServer for Windows and then we can display the application on host machine. I have been trying to run following command (as suggested in most of the articles), however it does nothing and I don't get the display. Please assist.
docker run --rm -it -e DISPLAY=127.0.0.1:0.0 eft
The DISPLAY would be useful for Linux container.
As mentioned here:
WindwosServerCore image does not come with binaries for UI applications so I doubt this will ever work in servercore image but Microsoft insiders can use new bigger WindwosServer image which I beleive have those libraries intact.
This thread adds:
I understand that you can run GUI apps but the rendered elements are not shown on any desktop. Lars Iwer [MSFT] writes in the discussion below the article:
In the container image as it is right now, GUI elements will be rendered in session 0. UI automation should work with that (e.g. programmatically searching for a window etc.).
Session 0 is the session in which all system services are run and is by definition non-interactive. Sessions, Stations and Desktops are means of isolation in Windows (NT) and whether an application can show a UI and receive user interaction depends on whether it has an access to a Station with a Desktop.
Processes in Session 0 do not have that by default.
However it used to be possible to “Allow services to interact with Desktop” and it is also possible to run interactive services in other sessions than Session 0 (pay attention to “as it is right now”). Therefore, it would be interesting to hear some expert insights from Microsoft/Docker team on that…
in the past, i worked with c# and the .net framework 4.6. There I could directly access the trust stores of the windows system with commands like this:
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(...);
...
Now I want to use .net core and run the application in a docker container.
I can use exactly the same code shown above, but i would see only the certificates that are somehow located inside the container.
I can add cetifidates to the store and read them back but when the container stops running the information is gone.
--> I guess this is because the store is only in memory valid as long as the container runs...
How could I use a trust store from the host system or from another container that is only responsible for managing certs and keys?
Thanks for your answers in advance!
I am creating an ibm-mobilefirst-starter container but getting the below message.
Urgent message:
The size of an image reported by IBM Containers is now the compressed size of the image in the IBM Containers registry. This is smaller than the size of the same image in your local Docker engine.
and the container status keep showing Your container is building for a long time.
If I delete and re-create container, the same thing happens.
The urgent message that is shown indicates that the size of the image you see in the Bluemix UI is the compressed size and will be smaller than the size of the image on your local docker engine. It is a generic information message from IBM Containers and not an error or warning. I understand that the Warning sign is misleading. More information is available here :
https://new-console.ng.bluemix.net/docs/containers/container_images_building.html (Please refer to the note stated Important towards the end of the page)
Regarding the issue in creating the Container using the ibm-mobilefirst-starter, I was able to create an instance today (9th July 12 PM IST). I suggest you to try to create a new container instance. Also ensure that the container memory needed to build the container is available in your org.
#aahad This is a standard message that you get now a days when using containers and is not specific to the ibm-mobilefirst-starter image. Secondly - there were some recent outages in the container infrastructure - and you may have hit one of the issues. Make sure you have at least 1 GB of container memory in your account and try to create the ibm-mobilefirst-starter container again. Make sure you select the container size as 1 GB.
Alternately there is a new service that is launched called "Mobile Foundation" - you can try the developer plan.
When trying to view my containers in the dashboard, I get the following message in place of my containers view:
The list of containers could not be retrieved. Try again later.
If the containers ever load and I click on one, I'm presented with a page with a never-ending loading wheel in the center and the page never loads.
Is there a stability issue with containers? Doesn't seem like anything is reported in the status page.
Have you tried to inspect your container using command line? (cf ic inspect CONTAINER), What is the status of your container there?
I cleared my cache, cookies, and deleted the container through CLI along with the registry and have been able to consistently view the UI now.
Now I'm encountering other issues where my container is automatically shutting down after a while. I'll investigate this further and create a new post if needed.
I've cf application which I pushed and working as expected,now I want to change some file content in RT to avoid re-push.the application in deployed to warden container so it "persist" (for this instance ) in the filesystem of the container,How can I access to this file (i've node application so I guess with the FS module) location. i.e. if I've paused app with the following structure
myApp
folder1
index.html
1.if I want to change index html content by override how should I do that?I know the path of myApp/folder1/index.html but how I know
where my app is located in the container file system?
2. There is a way when I push application to say where to put the application? I mean in the container filesystem in specific path
e.g. when you create application in windows you decide where to put it...
C:\\myApp\folder1\index.html
or
D:\\myApp\folder1\index.html
I know that maybe this is advanced question but your help is appreciated!
p.s. lets say that I've some proxy for the application in the app container which listen to the app port and this can do some changes on the files of the applications
Writing directly to the container file system is not the right approach, because Cloud Foundry containers are intended to be ephemeral and transient.
Let's say that I have one instance of an application running, in Container A, and I change the contents of folder1/index.html. If that instance fails, and is automatically restarted by Cloud Foundry, the new instance won't have the persisted changes. If I need to scale up to 3 instances of my application, then Containers B and C won't have the changed files.
Allowing Cloud Foundry to manage the container file system will assure that you have consistent, repeatable behavior in your application.
If you need to make file changes in your Cloud Foundry application instance, the two recommended approaches are:
Read and write your file from a file service that is managed by Cloud Foundry. This will ensure that all application instances are accessing the same file system, and that your changes will survive beyond the container lifecycle.
Make the changes in your application artifact, and re-push the application.