Bootstrap FreeKB - OpenShift - Run a command in a container
OpenShift - Run a command in a container
Updated:   |  OpenShift articles

Here is an example deployment YAML that can be used to run a command in a container.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  template:
    spec:
      containers:
      - args:
        - chown jboss /opt/jws-5.4/tomcat/keystore
        - chgrp jboss /opt/jws-5.4/tomcat/keystore
        command:
        - /bin/sh
        - -c
        image: registry.example.com/my-image@sha256:fb68c4b10f4a0ece7ed0488af22e5699021e1b9a8461e9f4f9f39072d71a70da
        name: my-container

 

Or as a one liner using "command".

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  template:
    spec:
      containers:
      - command: ['/bin/sh', '-c', 'chown jboss /opt/jws-5.4/tomcat/keystore; chgrp jboss /opt/jws-5.4/tomcat/keystore']
        image: registry.example.com/my-image@sha256:fb68c4b10f4a0ece7ed0488af22e5699021e1b9a8461e9f4f9f39072d71a70da
        name: my-container

 

initContainer (single) or initContainers (plural) can be used to run commands before the container is created. In this trivial example, the init container is used to create the /var/files/foo.txt file in a persistent volume and then the same persistent volume is mounted into my-container.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  template:
    spec:
      initContainers:
      - command: ['/bin/sh', '-c', 'touch /var/files/foo.txt']
        image: registry.example.com/my-image@sha256:fb68c4b10f4a0ece7ed0488af22e5699021e1b9a8461e9f4f9f39072d71a70da
        name: my-init-container
        volumeMounts:
        - mountPath: /var/files
          name: my-files
      containers:
      - command: ['/bin/sh', '-c', 'chown jboss /opt/jws-5.4/tomcat/keystore; chgrp jboss /opt/jws-5.4/tomcat/keystore']
        image: registry.example.com/my-image@sha256:fb68c4b10f4a0ece7ed0488af22e5699021e1b9a8461e9f4f9f39072d71a70da
        name: my-container
        volumeMounts:
        - mountPath: /var/files
          name: my-files
      volumes:
      - name: my-files
        persistentVolumeClaim:
          claimName: my-persistent-volume-claim

 

As a much more practical example, this initContainer is used to install OpenSSL and then create the /var/files/tls.cer and /var/files/tls.key files as root in a Persistent Volume Claim, so that tls.cer and tls.key can be used by the main container.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  template:
    spec:
      initContainers:
      - command: ['/bin/sh', '-c', 'yum install openssl -y; openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /var/files/tls.key -out /var/files/tls.cer -subj '/C=US/ST=California/L=Los Angeles/O=Acme/OU=IT/CN=www.example.com'']
        image: registry.example.com/my-image@sha256:fb68c4b10f4a0ece7ed0488af22e5699021e1b9a8461e9f4f9f39072d71a70da
        name: my-init-container
        securityContext:
          runAsUser: 0 #root
        volumeMounts:
        - mountPath: /var/files
          name: my-files
      containers:
      - image: registry.example.com/my-image@sha256:fb68c4b10f4a0ece7ed0488af22e5699021e1b9a8461e9f4f9f39072d71a70da
        name: my-container
        volumeMounts:
        - mountPath: /var/files
          name: my-files
      volumes:
      - name: my-files
        persistentVolumeClaim:
          claimName: my-persistent-volume-claim

 

The oc get command with the --output jsonpath option can be used to return the name of the containers in a deployment or a pod.

~]$ oc get pod my-app-wzvjr --output jsonpath={.spec.containers[*].name}
my-init-container my-container

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 2815b3 in the box below so that we can be sure you are a human.