Skip to main content

How to access a container in Rancher from the command line

How to access a container in Rancher from the command line without SSH

If you have deployed an application pod in rancher, sometimes you have to access the running container for various tasks. Maybe, to check some files, monitor logs, run some commands, copy files, etc. 

Assume you have an application pod running in Rancher as the following image.

An application pod in rancher

Using the Web UI


One of the ways to access the container would be using the Rancher UI. If you click on the pod name and then on the next page, you can select Execute Shell from the Pod's context menu.

Rancher Pod context menu


Then it is supposed to bring the command window in the web UI itself.

Rancher execute shell



However, this method has its limitations. You cannot copy files to or from the Pod using the web UI itself. 

Using Rancher CLI

The link to the CLI package can be found in the bottom right corner of the Rancher web UI.


Select the CLI client according to your OS and download.

I'm using Linux, so I've downloaded the Linux client. 


Extract it.

tar -xf rancher-linux-amd64-v2.3.2.tar.gz

And navigate inside the extracted directory.

cd rancher-v2.3.2

You can find a binary file of the Rancher CLI there.


Before using the Rancher CLI we have to have the kubectl package installed. 

You can refer to this page to install kubectl. 

https://kubernetes.io/docs/tasks/tools/

Now, we are almost ready with the rancher CLI. 

In order to use the rancher CLI commands, we have to have an access token. The CLI binary is using APIs to communicate with the Rancher server.

To create a token, go to the Rancher Web UI and select the API & Keys from the user context menu.


Then, you'll see the list of existing keys. 

Click Add Key to create a new key.



It will be a good idea to select an expiration as a best practice.

Note: Make sure you don't set a scope here since you need to use it for the CLI. Due to a bug, this doesn't work in this Rancher version. Hopefully, this is fixed in the later versions (I didn't test yet though).

Then hit Create and it will show you the newly created tokens.

(I'll be deleting this token just after writing this 😋 )


Make sure you copy and keep all the information in a safe place as the message tells.

Login to the Rancher server from the CLI.

$ ./rancher login https://<SERVER_URL> --token <BEARER_TOKEN>
eg:
./rancher login https://myrancherhost:8443 --token token-9ls7g:4xzprvtn2ghgxkmsh6d5jz4txb6m5mpplm7h62kl5ptnfx6b6bt5wp

If login is a success, it will ask you to select a project.


Type the project number and hit enter. It will create some configs and save in your home folder.


Now we are ready to connect to our containers.

Hereafter it is always plain old kubectl commands.

If you want to execute bash in the container locate the pod and run the bash command for the container.

./rancher kubectl get pods -n mytestproject1

./rancher kubectl -n mytestproject1 exec -it myapp1-5c75bff649-hrxkn -- bash



How to copy a file to and from a container in Rancher


Again this is using the Rancher CLI as above.

Let's say I need to copy test.txt file to my container.

In the following command, the pod should be given as <namespace>/<pod name>:<destination dir>

./rancher kubectl cp /tmp/test.txt mytestproject1/myapp1-5c75bff649-hrxkn:/tmp


If you need to copy a file from a container, just switch the source and the destination.

eg:

./rancher kubectl cp mytestproject1/myapp1-5c75bff649-hrxkn:/tmp/test.txt test.txt


All the rancher CLI commands can be found here https://rancher.com/docs/rancher/v2.0-v2.4/en/cli/

Make sure you select the correct Rancher version in the documentation. I'm running 2.3 a bit old version. So this article is based on that.

P.S. Of course if you have the access to the Kubernetes cluster nodes, you can SSH into one of the nodes and run any kubectl commands from there. However, some organizations may limit the physical SSH access to the nodes. In that case, this is a better way to do it.




Labels:

Comments

Post a Comment

Popular posts from this blog

Install Docker on Windows 11 with WSL Ubuntu 22.04

This is to install Docker within Ubuntu WSL without using the Windows Docker application. Follow the below steps. Install Ubuntu 22.04 WSL 1. Enable Windows Subsystem for Linux and Virtual Machine platform Go to Control Panel -> Programs -> Programs and Features -> Turn Windows features on or off 2. Switch to WSL 2 Open Powershell and type in the below command. wsl --set-default-version 2 If you don't have WSL 2, download the latest WSL 2 package and install it.  3. Install Ubuntu Open Microsoft Store and search for Ubuntu. Select the version you intend to install. I'd use the latest LTS version Ubuntu 22.04. Click on the Get button. It will take a couple of minutes to download and install. 4. Open up the installed Ubuntu version that was installed. If you get an error like the below image, make sure to install the WSL2 Kernel update .  If it's an older Ubuntu version the error message would be something like the image below. Error: WSL 2 requires an update to its ...
1 comment
Read more

How to fix SSLHandshakeException PKIX path building failed in Java

TL ; DR 1. Extract the public certificate of the website/API that you are trying to connect from your Java application. Steps are mentioned in this post 2. Use the Java keytool to install the extracted certificate into the "cacerts" file (Trust store) keytool -import -trustcacerts -alias <domain name> -file <public certificate>.cert -keystore /path_to_java_home/jre/lib/security/cacerts -storepass changeit 3. Restart your Java application Exception A typical exception stack trace would look like below. javax.net.ssl. SSLHandshakeException : sun.security.validator.ValidatorException: PKIX path building failed : sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshake...
Post a Comment
Read more

Automatically open Chrome developer tools in a new tab

Sometimes we need to check the console or the network transactions of a link that opens up in a new tab. By default, the Chrome developer tools are not opening in a new tab. So, by the time when we hit F12 and open the dev tools, part of the information we needed could be already gone.  There's a setting in dev tools where you can keep the dev tools open automatically in a new tab. To enable that, hit F12 and open up the dev tools. Click on the settings icon in the top right corner. In the Preferences section, scroll down to the bottom. You'll be able to find the option to Auto-open DevTools for popups. Select the checkbox and we're good to go!
Post a Comment
Read more