Commands can be run in containers on Linux Elastic Compute Service (ECS) instances. Conventionally, to run commands in containers on Linux instances, you must first connect to the instances and then access containers on the instances. Cloud Assistant helps simplify this procedure. Specifically, you can use Cloud Assistant to directly connect to containers in a password-free, logon-free manner without the use of jump servers and run commands in the containers. When you call the RunCommand or InvokeCommand operation, you can set ContainerId or ContainerName to specify Kubernetes containers in which to run commands.

Prerequisites

  • The instances are in the Running (Running) state.
  • The Cloud Assistant Agent is installed on the instances and the version of the Cloud Assistant Agent is not earlier than 2.2.3.344.

    For more information, see Install the .

Limits

  • Cloud Assistant can be used to run commands only in containers that are managed by Kubernetes based on Container Runtime Interface (CRI) and run within a Docker, containerd, or CRI-O container runtime.
  • Based on the CRI, the limits described in the following table apply when you run commands in containers.
    LimitsDescription
    You can run a command in a container only as the default user of the container.
    • If you specify ContainerId, ContainerName, or both, the specified Username parameter does not take effect. The command is run as the default user of the container.
    • If you want to switch to another user, you can run the sudo command in the container.
    You can run a command only in the default working directory of a container.
    • If you specify ContainerId, ContainerName, or both, the specified WorkingDir parameter does not take effect. The command is run in the default working directory of the container.
    • If you want to switch the working directory of the command, you can add the cd command at the beginning of a shell script.
    You can run only shell scripts in containers. You cannot add a command in a format similar to #!/usr/bin/python at the beginning of a script to specify a script interpreter.
    • If you specify ContainerId, ContainerName, or both, Linux shell scripts are run by using /bin/sh in containers. The script interpreter specified by running the command that begins with #! cannot be recognized.
    • To run scripts in other languages in containers, you can call the interpreter in the containers and pass in the script that you want to run. For example, you can add the /usr/bin/python -c 'import sys; print(sys.version_info)' command at the beginning of the script to call the Python interpreter in a container.

Procedure

  1. View the ID and name of a Kubernetes container.
    • Method 1: Run a kubectl command to view the ID and name of a Kubernetes container.

      You can run the kubectl --namespace <Specified namespace> describe pod <Specified pod> command to view the ContainerId value of a container in a specified pod, or use Kubernetes apiserver to query the ID and name of a Kubernetes container.

      1. Connect to an instance.

        For more information, see Connection methods.

      2. Run the following command to query the ID of a Kubernetes container:
        kubectl --namespace <Specified namespace> describe pod <Specified pod>
        In this example, the namespace is kube-system and the container in the specified pod is kube-proxy-h4slq. A command output similar to the following one is returned:
        [root@localhost ~]# kubectl --namespace kube-system describe pod kube-proxy-h4slq
        Name:                 kube-proxy-h4slq
        Namespace:            kube-system
        Priority:             2000001000
        Priority Class Name:  system-node-critical
        Node:                 master1/192.168.1.11
        Start Time:           Thu, 11 Aug 2022 16:33:04 +0800
        Labels:               controller-revision-hash=9c5d7****
                              k8s-app=kube-proxy
                              pod-template-generation=1
        Annotations:          <none>
        Status:               Running
        IP:                   192.168.1.11
        IPs:
          IP:           192.168.1.11
        Controlled By:  DaemonSet/kube-proxy
        Containers:
          kube-proxy:
            Container ID:  docker://fe17ab0409739e63f526aed7c79e87989e90d19f0429********************
            Image:         k8s.gcr.io/kube-proxy:v1.23.9
            Image ID:      docker://sha256:9e6a540eeeb62a64450dad488760cc3769b23d19fc21********************
            Port:          <none>
            Host Port:     <none>
            Command:
              /usr/local/bin/kube-proxy
              --config=/var/lib/kube-proxy/config.conf
              --hostname-override=$(NODE_NAME)
            State:          Running
              Started:      Thu, 11 Aug 2022 16:33:06 +0800
            Ready:          True
            Restart Count:  0
            Environment:
              NODE_NAME:   (v1:spec.nodeName)
            Mounts:
              /lib/modules from lib-modules (ro)
              /run/xtables.lock from xtables-lock (rw)
              /var/lib/kube-proxy from kube-proxy (rw)
              /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-69g97 (ro)

        In the Containers section, the Container ID value of the kube-proxy container is docker://fe17ab0409739e63f526aed7c79e87989e90d19f0429********************. This indicates that the container uses a Docker runtime, that the container ID is fe17ab0409739e63f526aed7c79e87989e90d19f0429********************, and that the name of the container managed by Kubernetes based on the CRI is kube-proxy.

      3. Optional: Run the following command to view the types and versions of the container runtimes used on the nodes in the Kubernetes cluster:
        kubectl get nodes -o wide
        A command output similar to the following one is returned:
        [root@localhost ~]# kubectl get nodes -o wide
        NAME    STATUS     ROLES                  AGE   VERSION   INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                         KERNEL-VERSION                 CONTAINER-RUNTIME
        node1   Ready      <none>                 17h   v1.23.6   192.168.1.101   <none>        Ubuntu 20.04.4 LTS               5.4.0-123-generic              containerd://1.6.7
        node2   Ready      <none>                 17h   v1.23.6   192.168.1.102   <none>        openSUSE Leap 15.4               5.14.21-150400.24.11-default   cri-o://1.22.0
        master1 Ready      control-plane,master   18h   v1.23.6   192.168.1.11    <none>        CentOS Linux 7 (Core)            3.10.0-1160.71.1.el7.x86_64    docker://20.10.17
        node3   Ready      <none>                 17h   v1.23.6   192.168.1.103   <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-16-amd64                docker://20.10.17

        The CONTAINER-RUNTIME column in the command output lists different container runtimes on different nodes.

    • Method 2: Use the Cloud Assistant Agent to view the ID and name of a Kubernetes container.

      The Cloud Assistant Agent on Linux instances allows you to run commands in containers. The client lists containers that are managed by Kubernetes based on the CRI and run within a Docker, containerd, or CRI-O container runtime. This way, you can view containers on the instances without running the kubectl command.

      The Cloud Assistant subcommand used to list containers on instances is list-containers. You can specify parameters based on the subcommand. Examples:
      • Run the aliyun-service list-containers --source cri command.
        Specify the --source cri parameter to list containers that are managed by Kubernetes based on the CRI and are running within a Docker, containerd, or CRI-O container runtime. A command output similar to the following one is returned:
        [root@localhost ~]# aliyun-service list-containers --source cri
        Container Id                                                      Container Name           Pod Name                                         Runtime  State    Data Source
        4f14883f30580007b2b386be16c743048d7b7b6a6522********************  etcd                     etcd-izbp199sm5j54**********                     docker   RUNNING  CRI
        60775315aa50765de7332764322f7697ded2783e4860********************  kube-apiserver           kube-apiserver-izbp199sm5j54**********           docker   RUNNING  CRI
        8d8dd01f09f451109285a0094eef0c144bdfdef6913e********************  coredns                  coredns-64897**********                          docker   RUNNING  CRI
        aee068814a7b10419186bb944832e65df2a8b3cab32b********************  kube-scheduler           kube-scheduler-izbp199sm5j54**********           docker   RUNNING  CRI
        b06609d4246be717c324b366d4e6c392fcf226ecbc4b********************  kube-flannel             kube-flanne**********                            docker   RUNNING  CRI
        c0992c3401ad52b3fce105ce5188026f28db7d5fe202********************  kube-controller-manager  kube-controller-manager-izbp199sm5j54**********  docker   RUNNING  CRI
        d1add169bb596f53d31030f84d69e494e7b23135acd2********************  coredns                  coredns-64897**********                          docker   RUNNING  CRI
        fe17ab0409739e63f526aed7c79e87989e90d19f0429********************  kube-proxy               kube-proxy-*****                                 docker   RUNNING  CRI

        The Container Id and Container Name values in the command output can be used for the ContainerId and ContainerName parameters to run commands in containers. The Pod Name column lists the Kubernetes pods that correspond to the containers.

      • Run the aliyun-service list-containers --source cri --all command.
        Specify the --all parameter to list all containers that are managed by Kubernetes based on the CRI and exist within a Docker, containerd, or CRI-O container runtime. A command output similar to the following one is returned:
        [root@localhost ~]# aliyun-service list-containers --source cri --all
        Container Id                                                      Container Name           Pod Name                                         Runtime  State    Data Source
        240246ecbb7b4bfc3e0fd1bad51a76d43603c9cdee6a********************  install-cni              kube-flannel-ds-*****                            docker   EXITED   CRI
        4f14883f30580007b2b386be16c743048d7b7b6a6522********************  etcd                     etcd-izbp199sm5j************                     docker   RUNNING  CRI
        60775315aa50765de7332764322f7697ded2783e4860********************  kube-apiserver           kube-apiserver-izbp199sm5j************           docker   RUNNING  CRI
        8d8dd01f09f451109285a0094eef0c144bdfdef6913e********************  coredns                  coredns-64897985d-8qz25                          docker   RUNNING  CRI
        aee068814a7b10419186bb944832e65df2a8b3cab32b********************  kube-scheduler           kube-scheduler-izbp199sm5j************           docker   RUNNING  CRI
        b06609d4246be717c324b366d4e6c392fcf226ecbc4b********************  kube-flannel             kube-flannel-ds-*****                            docker   RUNNING  CRI
        bdf9a2aff47a6858897d5c734c481535f7bb70321c8b********************  install-cni-plugin       kube-flannel-ds-*****                            docker   EXITED   CRI
        c0992c3401ad52b3fce105ce5188026f28db7d5fe202********************  kube-controller-manager  kube-controller-manager-izbp199sm53************  docker   RUNNING  CRI
        d1add169bb596f53d31030f84d69e494e7b23135acd2********************  coredns                  coredns-***************                          docker   RUNNING  CRI
        fe17ab0409739e63f526aed7c79e87989e90d19f0429********************  kube-proxy               kube-proxy-*****                                 docker   RUNNING  CRI
      • Run the aliyun-service list-containers command.
        Do not specify the --source parameter so that the following containers are listed: not only the containers that are managed by Kubernetes based on the CRI and run within a Docker, containerd, or CRI-O container runtime, but also other containers that run within a Docker runtime and do not conform with the CRI. A command output similar to the following one is returned.
        Important You can run commands only in containers that are managed by Kubernetes based on the CRI and run within a Docker, containerd, or CRI-O container runtime. You cannot run commands in containers that are running within a Docker runtime and do not conform with the CRI.
        [root@localhost ~]# aliyun-service list-containers
        Container Id                                                      Container Name                                                                                          Pod Name                                         Runtime  State    Data Source
        4f14883f30580007b2b386be16c743048d7b7b6a6522********************  etcd                                                                                                    etcd-izbp199sm5j************                     docker   RUNNING  CRI
        60775315aa50765de7332764322f7697ded2783e4860********************  kube-apiserver                                                                                          kube-apiserver-izbp199sm5j************           docker   RUNNING  CRI
        8d8dd01f09f451109285a0094eef0c144bdfdef6913e********************  coredns                                                                                                 coredns-648************                          docker   RUNNING  CRI
        aee068814a7b10419186bb944832e65df2a8b3cab32b********************  kube-scheduler                                                                                          kube-scheduler-izbp199sm5j************           docker   RUNNING  CRI
        b06609d4246be717c324b366d4e6c392fcf226ecbc4b********************  kube-flannel                                                                                            kube-flannel-********                            docker   RUNNING  CRI
        c0992c3401ad52b3fce105ce5188026f28db7d5fe202********************  kube-controller-manager                                                                                 kube-controller-manager-izbp199sm5j************  docker   RUNNING  CRI
        d1add169bb596f53d31030f84d69e494e7b23135acd2********************  coredns                                                                                                 coredns-648************                          docker   RUNNING  CRI
        fe17ab0409739e63f526aed7c79e87989e90d19f0429********************  kube-proxy                                                                                              kube-proxy-*****                                 docker   RUNNING  CRI
        b6864279148b3cef6e72c983f7ffa041dfe7ab5e2c57********************  k8s_POD_coredns-64897985d-8qz25_kube-system_5422418e******************************                                                                       docker   RUNNING  docker
        fa99eaa067927e47f4e30795ad45065383efc8669687********************  k8s_POD_coredns-64897985d-cxvdq_kube-system_f59766f0******************************                                                                       docker   RUNNING  docker
        3236c0f21b4a8f15fadeaaf813afb21d59889163056c********************  k8s_POD_kube-flannel-ds-qwf9p_kube-flannel_66c0205*******************************                                                                        docker   RUNNING  docker
        016bd6794042da8d4eb3b8f5f90594bad104b360670d********************  k8s_POD_kube-proxy-h4slq_kube-system_e2ce593*******************************                                                                              docker   RUNNING  docker
        ae30393668288624472d1a594be2cb45996798d6b750********************  k8s_POD_kube-scheduler-izbp199sm5j54yl36as4h9z_kube-system_f77f******************************                                                            docker   RUNNING  docker
        c2ced280d972f54aab32fda8de1f74f8799237cc51e2********************  k8s_POD_kube-controller-manager-izbp199sm5j54yl36as4h9z_kube-system_5c6*******************************                                                   docker   RUNNING  docker
        c92bce6b84d133b807d0310d215423870101d730ede2********************  k8s_POD_kube-apiserver-izbp199sm5j54yl36as4h9z_kube-system_7f6f******************************                                                            docker   RUNNING  docker
        4a5fe93977ad8eb945889cffe29f9d99d1540e870e69********************  k8s_POD_etcd-izbp199sm5j54yl36as4h9z_kube-system_4a85******************************                                                                      docker   RUNNING  docker
        a87c87c7dc162e99749cb78f8f270765e90f3df921d2********************  modest_bose                                                                                                                                              docker   RUNNING  docker
        Description of the Data Source values in the last column of the command output:
        • CRI: indicates containers managed by Kubernetes based on the CRI.
        • docker: indicates containers that run within a Docker runtime and do not conform with the CRI.
      • Run the aliyun-service list-containers --source cri --json command.
        Specify the --json parameter to use the JSON format to list the obtained container information. You can run the command by using Cloud Assistant to query, parse, and obtain the containers on an instance, and perform relevant O&M operations.
        [root@localhost ~]# aliyun-service list-containers --source cri --json
        [{"id":"4f14883f30580007b2b386be16c743048d7b7b6a6522********************","name":"etcd","podId":"4a5fe93977ad8eb945889cffe29f9d99d1540e870e6*********************","podName":"etcd-izbp199sm5j54**********","runtimeName":"docker","state":"RUNNING","dataSource":"CRI"},{"id":"60775315aa50765de7332764322f7697ded2783e4860********************","name":"kube-apiserver","podId":"c92bce6b84d133b807d0310d215423870101d730ede2********************","podName":"kube-apiserver-izbp199sm5j54**********","runtimeName":"docker","state":"RUNNING","dataSource":"CRI"},{"id":"8d8dd01f09f451109285a0094eef0c144bdfdef6913e********************","name":"coredns","podId":"b6864279148b3cef6e72c983f7ffa041dfe7ab5e2c57********************","podName":"coredns-64897**********","runtimeName":"docker","state":"RUNNING","dataSource":"CRI"},{"id":"aee068814a7b10419186bb944832e65df2a8b3cab32b********************","name":"kube-scheduler","podId":"ae30393668288624472d1a594be2cb45996798d6b750********************","podName":"kube-scheduler-izbp199sm5j54**********","runtimeName":"docker","state":"RUNNING","dataSource":"CRI"},{"id":"b06609d4246be717c324b366d4e6c392fcf226ecbc4b********************","name":"kube-flannel","podId":"3236c0f21b4a8f15fadeaaf813afb21d59889163056c********************","podName":"kube-flannel-ds-*****","runtimeName":"docker","state":"RUNNING","dataSource":"CRI"},{"id":"c0992c3401ad52b3fce105ce5188026f28db7d5fe202********************","name":"kube-controller-manager","podId":"c2ced280d972f54aab32fda8de1f74f8799237cc51e2********************","podName":"kube-controller-manager-izbp199sm5j54**********","runtimeName":"docker","state":"RUNNING","dataSource":"CRI"},{"id":"d1add169bb596f53d31030f84d69e494e7b23135acd2********************","name":"coredns","podId":"fa99eaa067927e47f4e30795ad45065383efc8669687********************","podName":"coredns-64897**********","runtimeName":"docker","state":"RUNNING","dataSource":"CRI"},{"id":"fe17ab0409739e63f526aed7c79e87989e90d19f0429********************","name":"kube-proxy","podId":"016bd6794042da8d4eb3b8f5f90594bad104b360670d********************","podName":"kube-proxy-*****","runtimeName":"docker","state":"RUNNING","dataSource":"CRI"}]
  2. Use Cloud Assistant to run commands in containers.
    You can run commands in specified containers only by calling API operations. When you call the RunCommand or InvokeCommand operation specific to Cloud Assistant to run a command in a specified container, you must specify ContainerId, ContainerName, or both parameters.
    Note For information about limits on using Cloud Assistant to run commands, see the "Prerequisites" and "Context" sections in Use the immediate execution feature.

Result

You can call the DescribeInvocations or DescribeInvocationResults operation to query the execution states or execution results of commands. You can view the ContainerId and ContainerName values in the response.