Running Containers on Instances

You can run a Docker container on a machine running Container-Optimized OS in much the same way as you would on most other node image distributions: by using the docker run command. For example:

$ docker run --rm busybox echo "hello world"
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
. . .
Status: Downloaded newer image for busybox:latest
hello world

All user accounts managed by Google Compute Engine on the cos image are added to the docker group by default. This lets any logged-in user run docker commands without root privileges.

Container-Optimized OS uses the systemd-journald service to collect system logs, so Docker logs are in /var/log/journal. You can also run journalctl to view the logs.

Accessing Public Google Container Registry

Google Container Registry support is built in to the cos node image. To start a container from Google Container Registry, run:

$ docker run --rm gcr.io/google-containers/busybox echo "hello world"
Unable to find image 'gcr.io/google-containers/busybox:latest' locally
Pulling repository gcr.io/google-containers/busybox
. . .
Status: Downloaded newer image for gcr.io/google-containers/busybox:latest
hello world

Accessing Private Google Container Registry

Starting with milestone 60 releases, docker-credential-gcr is pre-installed in Container-Optimized OS images. It is the recommended way to access private Google Container Registry. To use docker-credential-gcr:

$ docker-credential-gcr configure-docker
/home/username/.docker/config.json configured to use this credential helper
for GCR registries
$ docker run --rm gcr.io/<your-project>/<your-image>

Alternately, you can fetch appropriate OAuth access tokens from Google Compute Engine metadata and use them with the docker login command manually, as shown in the following example:

$ METADATA=http://metadata.google.internal/computeMetadata/v1
$ SVC_ACCT=$METADATA/instance/service-accounts/default
$ ACCESS_TOKEN=$(curl -H 'Metadata-Flavor: Google' $SVC_ACCT/token \
    | cut -d'"' -f 4)
$ docker login -u oauth2accesstoken -p $ACCESS_TOKEN https://gcr.io
$ docker run … gcr.io/YOUR_PROJECT/YOUR_IMAGE

Supported GCR hostnames are:

  • us.gcr.io
  • eu.gcr.io
  • asia.gcr.io

Starting a Docker container via Cloud-Config

The Cloud-Config example explains how to start a docker container. It can be extended to start a container from Google Container Registry as follows:

#cloud-configs

users:
- name: cloudservice
  uid: 2000

write_files:
- path: /etc/systemd/system/cloudservice.service
  permissions: 0644
  owner: root
  content: |
    [Unit]
    Description=Start a simple docker container
    Wants=gcr-online.target
    After=gcr-online.target

    [Service]
    Environment="HOME=/home/cloudservice"
    ExecStartPre=/usr/bin/docker-credential-gcr configure-docker
    ExecStart=/usr/bin/docker run --rm -u 2000 --name=mycloudservice gcr.io/google-containers/busybox:latest /bin/sleep 3600
    ExecStop=/usr/bin/docker stop mycloudservice
    ExecStopPost=/usr/bin/docker rm mycloudservice

runcmd:
- systemctl daemon-reload
- systemctl start cloudservice.service

Running a Kubernetes cluster

The recommended approach to running a Kubernetes cluster on Google Cloud Platform is using Kubernetes Engine. However, if you want to run a self-managed version of open-source Kubernetes, follow these instructions.

First, make sure that your Kubernetes master can be reached by opening port 443 in your firewall.

Then, download Kubernetes release binaries, unpack, and bring up the cluster as follows:

# Download and extract the latest kubernetes release.
cd <empty-dir>
KUBERNETES_VERSION="v1.4.6"
curl -sSL -o kubernetes.tar.gz https://github.com/kubernetes/kubernetes/releases/download/${KUBERNETES_VERSION}/kubernetes.tar.gz
tar xzf kubernetes.tar.gz
cd kubernetes

# Configure environment to use Container-Optimized OS.
export KUBE_OS_DISTRIBUTION=cos

# Start up a cluster and verify that it is running:
cluster/kube-up.sh
cluster/kubectl.sh get nodes
cluster/kubectl.sh get pods --namespace=kube-system

Now you can run your application on the cluster. For example, you can start a Redis cluster using the example below.

cluster/kubectl.sh create -f \
  examples/guestbook/all-in-one/guestbook-all-in-one.yaml
cluster/kubectl.sh get pods
cluster/kubectl.sh describe pods <redis-master-pod-name>

Container-Optimized OS uses the systemd-journald service to collect system logs, so Docker and Kubelet logs are in /var/log/journal. You can also run journalctl to view the logs.

For instances running as part of a Kubernetes Engine cluster, Docker and Kubelet logs are also automatically exported to Stackdriver logging. Logs for Docker, Kubelet, and kube-proxy are available in Stackdriver under GCE VM Instance when using the Google Cloud Platform Console. Once your cluster is no longer needed, you can tear it down:

cluster/kube-down.sh
Was this page helpful? Let us know how we did:

Send feedback about...

Container-Optimized OS