1
votes

When I list the pods in a cluster (on a specific node and in all namespaces) then each pod listed also contains the container statuses, and therein I get the container runtime engine IDs of each of the containers listed.

To illustrate, I'm using this Python3 script to access the cluster API via the official Kubernetes Python client; this is a slightly modified version from How to find all Kubernetes Pods on the same node from a Pod using the official Python client?

from kubernetes import client, config
import os

def main():

    # it works only if this script is run by K8s as a POD
    config.load_incluster_config()
    # use this outside pods
    # config.load_kube_config()

    # grab the node name from the pod environment vars
    node_name = os.environ.get('KUHBERNETES_NODE_NAME', None)

    v1 = client.CoreV1Api()
    print("Listing pods with their IPs on node: ", node_name)
    # field selectors are a string, you need to parse the fields from the pods here
    field_selector = 'spec.nodeName='+node_name
    ret = v1.list_pod_for_all_namespaces(watch=False, field_selector=field_selector)
    for i in ret.items:
        print("%s\t%s\t%s" %
              (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
        for c in i.status.container_statuses:
            print("\t%s\t%s" %
                  (c.name, c.container_id))

if __name__ == '__main__':
    main()

N.B. The Pod uses a suitable ServiceAccount which enables it to list pods in all namespaces.

A typical result output when run on a minikube setup might look like this:

Listing pods with their IPs on node:  minikube
172.17.0.5      cattle-system   cattle-cluster-agent-c949f5b48-llm65
        cluster-register        docker://f12fcb1acbc2e7c01c24dbd831ed53ab2a6df2353abe80988ae132c39f7c68c6
10.0.2.15       cattle-system   cattle-node-agent-hmq86
        agent   docker://e335a3d30ea37887ac2a1a1cc339eabb0a0098471f86db1926cfe02eef2c6b8f
172.17.0.6      gw      pyk8s
        py8ks   docker://1272747b52983e8f745bd118b2d935c1d314e9c6cc310e88013021ba974bc030
172.17.0.4      kube-system     coredns-c4cffd6dc-7lsdn
        coredns docker://8b0c3c67532ee2d7d16958a33cb942d5bd09ed37ded1d570830b5f7e5f7a09ab
10.0.2.15       kube-system     etcd-minikube
        etcd    docker://5e0e0ee48248e9779a2a5f9347a39c58743562b10719a31d7d6fc0af5e79e093
10.0.2.15       kube-system     kube-addon-manager-minikube
        kube-addon-manager      docker://96908bc5d5fd9b87779c8a8544591e5aeda2d58956fb365ab595681605b01001
10.0.2.15       kube-system     kube-apiserver-minikube
        kube-apiserver  docker://0711ec9a2321b1b5a801ab2b19409a1edc731058aa994978f989185efc4c8294
10.0.2.15       kube-system     kube-controller-manager-minikube
        kube-controller-manager docker://16d2e11a8dea2a46cd44bc97a5f894e7ff9da2da70f3c24376b4189dd912336e
172.17.0.2      kube-system     kube-dns-86f4d74b45-wbdf6
        dnsmasq docker://653c7ef27760a820449ee518b59e39ab4a7f65cade996ed85313c98038827f67
        kubedns docker://6cf6aaeac1192cf1d580293e03164db57bc70bce41cf91e5cac081010fe48cf7
        sidecar docker://9816e10d8455988aa400f98df32cfa69ce89fbfc3e3e1554145d9d6418c02157
10.0.2.15       kube-system     kube-proxy-ll7lq
        kube-proxy      docker://6b8c7ce1ae3c8fbc487bf05ccca9105dffaf675f916cdb62a595d8be7902e69b
10.0.2.15       kube-system     kube-scheduler-minikube
        kube-scheduler  docker://ab79e46ba900753d86b7000061720551a199c0ea6eee923fcd86bda2d86cc54a
172.17.0.3      kube-system     kubernetes-dashboard-6f4cfc5d87-bmnl8
        kubernetes-dashboard    docker://a73ef6b30fb87826a4a71ba428a01511278a759d69fade82ddd654911ec3f14f
10.0.2.15       kube-system     storage-provisioner
        storage-provisioner     docker://51eaf90bc3ae11baa354a436e366730c19206c73743c6517a0ad9eb8f0b89896

Please note that this lists the container IDs of the pod containers, except the pause container IDs. Is there an API method to also get/list the container IDs of the pause containers in pods?

I tried searching for things like "kubernetes api pod pause container id" ... but I did not get any useful answers, except the usual API results for containerStatuses, etc.

1
Have you tried adding include_uninitialized=true to v1.list_pod_for_all_namespaces? It says If true, partially initialized resources are included in the response. inside kubernetes python docs -kubernetes.client.CoreV1ApiCrou
@Crou tested, but this will not include any pause containers.TheDiveO

1 Answers

1
votes

After some research into how Kubernetes' Docker shim works, it's clear that the pause containers are not visible at the Kubernetes cluster API. That's because pause containers are an artefact required with some container engines, such as Docker, but not in others (CRI-O if I'm not mistaken).

However, when the low-level Docker container view is necessary and needs to be related to the Kubernetes node-scheduled pod view, then the predictable Docker container naming scheme used in the Kubernetes Docker shim can be used. The shim creates the container names in the form of k8s_conainer_pod_namespace_uid_attempt with an optional _random suffix in case od hitting the Docker <=1.11 name conflict bug.

  • k8s is the fixed prefix which triggers the shim to regard this container as a Kubernetes container.
  • container is the name as specified in the pod spec. Please note that Kubernetes only allows lowercase a-z, 0-9, and dashes. Pause containers thus get the "reserved" name "POD" in all-uppercase.
  • pod is the pod name.
  • namespace is the namespace name as assigned, or "default".
  • pod UID with verying formats.
  • attempt is a counter starting from 0 that the shim needs in order to correctly manage pod updates, that is, container cleanup, etc.

See also: