From ca469860f9ff5ffc1031b9e1a10b1758f2c8e800 Mon Sep 17 00:00:00 2001 From: Michael Schlapa Date: Wed, 18 Oct 2023 11:57:13 +0200 Subject: [PATCH] Added k3s stuff --- README.md | 1 + containerization/k3s.md | 45 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 containerization/k3s.md diff --git a/README.md b/README.md index c4ad325..74b963b 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ * [Android](./android.md) * [containerization](./containerization) * [Docker](./containerization/docker.md) + * [k3s](./containerization/k3s.md) * [Podman](./containerization/podman/README.md) * [curl](./curl.md) * [git](./git/README.md) diff --git a/containerization/k3s.md b/containerization/k3s.md new file mode 100644 index 0000000..6b2a630 --- /dev/null +++ b/containerization/k3s.md @@ -0,0 +1,45 @@ +# K3s + +### Import image into containerd + +#### Offline + +On a host where one can pull the image: + +``` +podman save -o .tar : +gzip .tar +``` + +Copy the file to target host(s) and then run: + +``` +zcat .tar.gz | /usr/local/bin/k3s ctr images import - +``` + +#### Online + +``` +crictl pull : +``` + +If one needs to supply credentials for the registry, use: + +``` + --auth AUTH_STRING Use AUTH_STRING for accessing the registry. AUTH_STRING is a base64 + encoded 'USERNAME[:PASSWORD]' [$CRICTL_AUTH] + --creds USERNAME[:PASSWORD] Use USERNAME[:PASSWORD] for accessing the registry [$CRICTL_CREDS] + --username USERNAME, -u USERNAME Use USERNAME for accessing the registry. The password will be + requested on the command line +``` + +`-u` is most secure, as the password is not supplied on the command line. + +### Access shell of container with root rights (uid 0) + +Get container ID in the running pod: + +``` +kubectl -n hydra get pod -o jsonpath="{.status.containerStatuses[].containerID}" | sed 's,.*//,,'; echo '' +k3s ctr task exec -t --exec-id --user root bash +```