Updated on 2024-01-29 GMT+08:00

Accessing a Container

Scenario

If you encounter unexpected problems when using a container, you can log in to the container to debug it.

Logging In to a Container Using CloudShell

  • CloudShell is implemented based on VPC Endpoint (VPCEP). To use kubectl to access a cluster, configure the security group (Cluster name-cce-control-Random number) on the master node of the cluster to allow access to port 5443. By default, port 5443 allows access from all CIDR blocks. If you have hardened security groups and any cluster cannot be accessed in CloudShell, check whether port 5443 allows access from 198.19.0.0/16.
  • Currently, you can use CloudShell to log in to containers only in CN North-Beijing1, CN North-Beijing4, CN East-Shanghai1, CN East-Shanghai2, CN South-Guangzhou, CN Southwest-Guiyang1, and CN North-Ulanqab1 regions.
  1. Log in to the CCE console and click the cluster name to access the cluster console.
  2. Choose Workloads in the navigation pane and click the name of the target workload to view its pods.
  3. Locate the target pod and choose More > Remote Login in the Operation column.

    Figure 1 Accessing a container

  4. In the displayed dialog box, select the container you want to access and the command, and click OK.

    Figure 2 Selecting a container and login command

  5. You will be automatically redirected to CloudShell. Then, the system initializes kubectl and runs the kubectl exec command to log in to the container.

    Wait for 5 to 10 seconds until the kubectl exec command is automatically executed.

    Figure 3 CloudShell page

Logging In to a Container Using kubectl

  1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
  2. Run the following command to view the created pod:

    kubectl get pod
    The example output is as follows:
    NAME                               READY   STATUS    RESTARTS       AGE
    nginx-59d89cb66f-mhljr             1/1     Running   0              11m

  3. Query the container name in the pod.

    kubectl get po nginx-59d89cb66f-mhljr -o jsonpath='{range .spec.containers[*]}{.name}{end}{"\n"}'
    The example output is as follows:
    container-1

  4. Run the following command to log in to the container-1 container in the nginx-59d89cb66f-mhljr pod:

    kubectl exec -it nginx-59d89cb66f-mhljr -c container-1 -- /bin/sh

  5. To exit the container, run the exit command.