You can run a single container on a VM or on each VM in a managed instance group (MIG). To do this, specify a container image and configuration parameters when you create a VM instance or an instance template.
This document describes the configuration options for running containers on Compute Engine instances.
Note: The Compute Engine feature that deploys containers on VMs during VM creation is deprecated. Use thedocker run commands in a startup script or use the cloud-init tool to configure and to run containers on your VMs and MIGs. For more information, see Migrate containers that were deployed on VMs during VM creation. Before you begin
Select the tab for how you plan to use the samples on this page:
ConsoleWhen you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.
gcloudInstall the Google Cloud CLI. After installation, initialize the Google Cloud CLI by running the following command:
gcloud init
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
Note: If you installed the gcloud CLI previously, make sure you have the latest version by runninggcloud components update.When you create an instance or an instance template to use for Deploying containers on VMs and MIGs, specify the container configuration using the Google Cloud console or the Google Cloud CLI.
The following sections describe how to configure containers on VM instances, but you can configure the following options when creating an instance template as well. Use the Google Cloud console or the Google Cloud CLI to configure options for VM instances in an instance template.
You can use the docker run commands to configure a container on a VM instance that is running Container-Optimized OS or specify the docker run command in a startup script to create and configure a VM. For more information, see Use startup scripts to deploy containers on VMs.
You can set a restart policy to specify whether to restart a container on exit. The default policy is to always restart. You can also set the policy to restart on failure or to never restart.
docker runUse the --restart flag of the docker run command. Repeated attempts to restart a container are driven by the default Docker behavior, as specified in the Docker --restart reference.
docker run command to configure and to run the container.
Go to the Create an instance page.
In the Container section, click Deploy container.
On the Configure container page, do the following:
Continue with the VM creation process.
create-with-container gcloud CLI command is deprecated. Use the equivalent docker run command to configure and to run the container.
Use the --container-restart-policy flag to specify container a restart policy:
always (default)on-failureneverThe following example launches a container with on-failure restart policy, which means the restart only happens when the container exit code is nonzero:
gcloud compute instances create-with-container busybox-vm \ --container-image docker.io/busybox:1.27 \ --container-restart-policy on-failure
Use the gcloud compute instances update-container command with the --container-restart-policy flag for the restart policy on a container running on a VM.
You can run a container in privileged mode to allow access to all devices on the host. Containers are run as "unprivileged" by default and aren't allowed to access any devices.
docker runUse the --privileged flag of the docker run command. For more information, see Runtime privilege and Linux capabilities.
docker run command to configure and to run the container.
Go to the Create an instance page.
In the Container section, click Deploy container.
On the Configure container page, do the following:
Continue with the VM creation process.
create-with-container gcloud CLI command is deprecated. Use the equivalent docker run command to configure and to run the container.
Use the --container-privileged flag to run a container with runtime privilege. The following example launches a busybox container in privileged mode:
gcloud compute instances create-with-container busybox-vm \ --container-image docker.io/busybox:1.27 \ --container-privileged
Use the gcloud compute instances update-container command with the --container-privileged flag to update a container on a VM. Use the --no-container-privileged flag to turn off privileged mode.
You can allocate a buffer for STDIN in the container runtime to keep the STDIN stream open in a container. If this is not set, reads from STDIN in the container always result in EOF.
Along with allocating a pseudo-TTY, keeping the STDIN stream open is necessary for establishing an interactive shell in the container and for the container to receive its standard input from a pipe.
Use the --interactive (-i) flag of the docker run command. For more information, see the documentation for --interactive flag.
docker run command to configure and to run the container.
Go to the Create an instance page.
In the Container section, click Deploy container.
On the Configure container page, do the following:
Continue with the VM creation process.
create-with-container gcloud CLI command is deprecated. Use the equivalent docker run command to configure and to run the container.
Use --container-stdin flag to allocate a buffer for STDIN in the container runtime. The following example starts a container and keeps its STDIN open:
gcloud compute instances create-with-container busybox-vm \ --container-image docker.io/busybox:1.27 \ --container-stdin
Use gcloud compute instances update-container command with the --container-stdin flag to update a container on a VM. Use the --no-container-stdin flag to turn off allocation of a buffer for STDIN.
Allocating a pseudo-TTY for a container is necessary for establishing an interactive shell in the container (along with allocating a buffer for STDIN).
docker runUse the --tty (-t) flag of the docker run command. For more information, see the --tty flag.
docker run command to configure and to run the container.
Go to the Create an instance page.
In the Container section, click Deploy container.
On the Configure container page, do the following:
Continue with the VM creation process.
create-with-container gcloud CLI command is deprecated. Use the equivalent docker run command to configure and to run the container.
Use the --container-tty flag to allocate a pseudo-TTY. The following example starts a container and allocates a pseudo-TTY:
gcloud compute instances create-with-container busybox-vm \ --container-image docker.io/busybox:1.27 \ --container-stdin \ --container-tty
Use the gcloud compute instances update-container command with the --container-tty flag to update a container on a VM. Use the --no-container-tty flag to not allocate a pseudo-TTY.
The ENTRYPOINT of a container image specifies what executable to run when the container starts and lets you run the container as if it were that binary.
You can override the ENTRYPOINT command of the container image.
Use the --entrypoint flag (command only, no arguments) of the docker run command. Learn about ENTRYPOINT and the --entrypoint flag.
docker run command to configure and to run the container.
Go to the Create an instance page.
In the Container section, click Deploy container.
On the Configure container page, do the following:
uptime.Continue with the VM creation process.
create-with-container gcloud CLI command is deprecated. Use the equivalent docker run command to configure and to run the container.
Use the --container-command flag to override the container image ENTRYPOINT. The following example runs the uptime command in a busybox container to display the time since the last boot:
gcloud compute instances create-with-container busybox-vm \ --container-image docker.io/busybox:1.27 \ --container-command "uptime"
Use the gcloud compute instances update-container command with the --container-command flag to update a command for a container on a VM.
Use the --clear-container-command flag with the update-container command to clear the default command for the updated container.
You can pass (append) arguments to the container ENTRYPOINT command or override the default container CMD command.
[ARG...] section of the docker run [OPTIONS] IMAGE [COMMAND] [ARG...] command. Learn about ENTRYPOINT and the --entrypoint flag. Console Note: The Deploy container option in the Google Cloud console is deprecated. Use the equivalent docker run command to configure and to run the container.
Go to the Create an instance page.
In the Container section, click Deploy container.
On the Configure container page, do the following:
Continue with the VM creation process.
create-with-container gcloud CLI command is deprecated. Use the equivalent docker run command to configure and to run the container.
Use the --container-arg flag to pass arguments to a container image ENTRYPOINT command. Use a separate flag for each argument.
The following example runs the /bin/ash command with the -c 'ls -l' arguments in a container that has been set up to automatically run busybox:
gcloud compute instances create-with-container busybox-vm \ --container-image docker.io/busybox:1.27 \ --container-command "/bin/ash" \ --container-arg="-c" \ --container-arg="ls -l"Note: Make sure to use the equals sign (
=) with the --container-arg flag to ensure proper argument parsing. For example: --container-arg=ARG.
Use the gcloud compute instances update-container command with the --container-arg flags to update command arguments for a container running on a VM. The update replaces the entire argument list with the new list.
Use the --clear-container-args flag with the update-container command to remove all arguments from container declaration.
If you need to configure log driver options, you can create a VM startup script to update your Docker configuration file with the logging options that you need. These options apply to all containers that run on the VM and that do not specify log driver options.
For example, the following startup script sets several options–including an option to limit the container's log size–then restarts Docker on the VM:
cat <<EOF > /etc/docker/daemon.json
{
"live-restore": true,
"storage-driver": "overlay2",
"log-opts": {
"max-size": "10m"
}
}
EOF
systemctl restart docker
Setting environment variables
You can set environment variables in a container. Only the last value of KEY is taken when the KEY is repeated more than once.
Use the --env flag of the docker run command. Learn how Docker engine enables setting environment variables.
docker run command to configure and to run the container.
Go to the Create an instance page.
In the Container section, click Deploy container.
On the Configure container page, do the following:
Continue with the VM creation process.
create-with-container gcloud CLI command is deprecated. Use the equivalent docker run command to configure and to run the container.
Use the --container-env flag to set environment variables in a container. The following example sets three environment variables: HOME, MODE, and OWNER:
gcloud compute instances create-with-container busybox-vm \ --container-image docker.io/busybox:1.27 \ --container-env HOME=/home,MODE=test,OWNER=admin
Use the --container-env-file flag to set environment variables from a local file. The following example sets the two environment variables from the env.txt file:
gcloud compute instances create-with-container busybox-vm \ --container-image docker.io/busybox:1.27 \ --container-env-file ./env.txt
The contents of the env.txt file are:
# this is a comment
HOME=/home
MODE=test
OWNER=admin
Use the gcloud compute instances update-container command with the --container-env or --container-env-file flag to update environment variables for a container on a VM. This updates any variables present in the VM instance's container declaration. Variables that are not in the container declaration are added.
Use the --remove-container-env flag to remove environment variables when updating a container on a VM. The following example removes the environment variables called MODE and OWNER:
gcloud compute instances update-container busybox-vm \ --remove-container-env MODE,OWNER
If a specified environment variable does not exist, it is silently ignored.
Mounting a host directory as a data volumeYou can mount a directory from a host VM into a container.
docker runUse the --volume flag and the --mount flag with mount type=bind of the docker run command. Learn how the Docker engine mounts a host directory as a data volume.
docker run command to configure and to run the container.
Go to the Create an instance page.
In the Container section, click Deploy container.
On the Configure container page, do the following:
From the Volume type list, select Directory, and do the following:
To confirm the container details, click Select.
Continue with the VM creation process.
create-with-container gcloud CLI command is deprecated. Use the equivalent docker run command to configure and to run the container.
Use the --container-mount-host-path flag to mount a host VM directory into a container. The following example mounts the host directory /tmp into the container at /logs in read/write mode:
gcloud compute instances create-with-container busybox-vm \ --container-image docker.io/busybox:1.27 \ --container-mount-host-path mount-path=/logs,host-path=/tmp,mode=rw
Specify mode=ro to mount a host directory in read-only mode.
Use the gcloud compute instances update-container command with the --container-mount-host-path flag to update host directory mounts on a container. Use the --remove-container-mounts flag to remove volume mounts with the specified mount paths. The following example removes a host path mount with mount-path=/logs:
gcloud compute instances update-container busybox-vm \ --remove-container-mounts /logs
If the specified mount path does not exist, it is silently ignored.
Mounting tmpfs file system as a data volumeYou can mount an empty tmpfs file system into a container.
An empty tmpfs file system is similar to a Google Kubernetes Engine EmptyDir volume with medium:Memory. Unlike Docker, where tmpfs data is deleted on container restarts, with tmpfs on a Compute Engine container, the volume and its data persist across container restarts and are deleted only on VM restart.
docker run command to configure and to run the container.
Go to the Create an instance page.
In the Container section, click Deploy container.
On the Configure container page, do the following:
Continue with the VM creation process.
create-with-container gcloud CLI command is deprecated. Use the equivalent docker run command to configure and to run the container.
Use the --container-mount-tmpfs flag to mount an empty tmpfs file system into a container. The following example mounts a tmpfs file system into the container at /cache in read/write mode:
gcloud compute instances create-with-container busybox-vm \ --container-image docker.io/busybox:1.27 \ --container-mount-tmpfs mount-path=/cache
Use the gcloud compute instances update-container command with the --container-mount-tmpfs flag to update tmpfs mounts on a container. Use the --remove-container-mountsflag to remove a tmpfs mount with the specified mount path when updating. The following example removes the tmpfs mount with mount-path=/cache:
gcloud compute instances update-container busybox-vm \ --remove-container-mounts /cache
If the specified mount path does not exist, it is silently ignored.
Mounting a persistent disk as a data volumeWith Container-Optimized OS 69 or later, you can mount persistent disks from a host VM into a container.
Note: This is similar to using thegcePersistentDisk volume type in Google Kubernetes Engine. Prerequisites
ext4 file system or have no file system. With no initial file system, the container startup agent formats the disk to ext4, and only read/write attachment and mounting are supported.Both partitionless devices and partitions are supported. For partition mounts, the disk cannot be blank; it must contain an existing partition table.
docker run command to configure and to run the container.
Go to the Create an instance page.
In the Container section, click Deploy container.
On the Configure container page, do the following:
Continue with the VM creation process.
create-with-container gcloud CLI command is deprecated. Use the equivalent docker run command to configure and to run the container.
Use the gcloud compute instances create-with-container command or the gcloud compute instances update-container command with the --container-mount-disk flag to mount a persistent disk into a container.
The following example mounts two disks, my-data-disk and my-scratch-disk, into the container at /disks/data-disk and /disks/scratch-disk mount paths.
gcloud compute instances create-with-container busybox-vm \ --disk name=my-data-disk \ --create-disk name=my-scratch-disk,auto-delete=yes,image=ubuntu-1710-artful-v20180315,image-project=ubuntu-os-cloud \ --container-image docker.io/busybox:1.27 \ --container-mount-disk mount-path="/disks/data-disk",name=my-data-disk,mode=ro \ --container-mount-disk mount-path="/disks/scratch-disk",name=my-scratch-disk
Note that the --disk flag attaches my-data-disk, the --create-disk flag creates and attaches my-scatch-disk, and the --container-mount-disk flag mounts the attached disks to the container. Because a mode is not specified for my-scratch-disk, that disk is mounted to the container in read/write mode by default.
Use the gcloud compute instances update-container command with the --container-mount-disk flag to mount additional attached disks or to modify existing disk mounts.
Use the --remove-container-mounts flag to remove a disk volume mount with the specified mount path. The following example changes the mount mode of my-data-disk to read/write and removes the disk mount with mount-path="/disks/scratch-disk".
gcloud compute instances update-container busybox-vm \ --container-mount-disk mount-path="/disks/data-disk",name=my-data-disk,mode=rw \ --remove-container-mounts "/disks/scratch-disk"
If the mount path that you pass to the --remove-container-mounts flag does not exist, it is silently ignored.
VMs with containers use the host network mode, where a container shares the host's network stack and all interfaces from the host are available to the container.
Container ports have a one-to-one mapping to the host VM ports. For example, a container port 80 maps to the host VM port 80. Compute Engine does not support the port publishing (-p) flag, and you don't have to specify it for the mapping to work.
To publish a container's ports, configure firewall rules to enable access to the host VM's ports. The corresponding ports of the container are accessible automatically, according to the firewall rules.
Example: Publishing port 80 for an NGINX container
docker runConfigure the --network="host" flag when using the docker run command. Learn more about container network settings and host mode.
create-with-container gcloud CLI command is deprecated. Use the equivalent docker run command to configure and to run the container.
The following example shows how to create a VM instance with an NGINX container and allow traffic to the container's port 80.
Create a VM instance with an NGINX container:
gcloud compute instances create-with-container nginx-vm \ --container-image gcr.io/cloud-marketplace/google/nginx1:1.15 \ --tags http-server
The container shares the host VM's network stack, and the container's port 80 is published to the host VM's port 80. The http-server tag is used as a target tag for the firewall rule, created in the next step.
Create a firewall rule to enable connections to port 80 of the VM instance. The following firewall rule allows HTTP connections to VM instances with the http-server tag.
gcloud compute firewall-rules create allow-http \ --allow tcp:80 --target-tags http-server
The container automatically starts receiving traffic on port 80. You don't need to perform any additional configuration.
You can create firewall rules for host VM protocol:port combinations where the protocol is tcp or udp. These rules effectively govern access from outside the VM to the corresponding container ports.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4