changed 4 years ago
Published Linked with GitHub

Verify running in Container Image

References

CGroups output

Running docker centos:7 image:

atlantis ❯ docker run -ti --entrypoint=/bin/bash 8652b9f0cb4c
[root@143ecdad7c48 /]# more /proc/1/cgroup
11:cpuset:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
10:cpu,cpuacct:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
9:freezer:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
8:perf_event:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
7:pids:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
6:hugetlb:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
5:devices:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
4:memory:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
3:net_cls,net_prio:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
2:blkio:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
1:name=systemd:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
0::/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
[root@143ecdad7c48 /]#

Running podman registry.centos.org/centos:7 (or other variations)

podman run -ti --entrypoint=/bin/bash 8114e7c1868b
[root@4af5fdb7b350 /]# more /proc/1/cgroup
0::/

Local machine:

more /proc/1/cgroup
0::/init.scope

Virtual Machine

more /proc/1/cgroup
11:cpuset:/
10:cpu,cpuacct:/init.scope
9:freezer:/
8:perf_event:/
7:pids:/init.scope
6:hugetlb:/
5:devices:/init.scope
4:memory:/init.scope
3:net_cls,net_prio:/
2:blkio:/init.scope
1:name=systemd:/init.scope
0::/init.scope

Podman inside Virtual Machine

podman run -ti --entrypoint=/bin/bash a1bb412b2847
[root@5a0cad4f4c0a /]# more /proc/1/cgroup 
11:cpuset:/
10:cpu,cpuacct:/
9:freezer:/
8:perf_event:/
7:pids:/user.slice/user-1000.slice/user@1000.service
6:hugetlb:/
5:devices:/user.slice
4:memory:/user.slice/user-1000.slice/user@1000.service
3:net_cls,net_prio:/
2:blkio:/
1:name=systemd:/user.slice/user-1000.slice/user@1000.service/app.slice/app-org.kde.konsole-c9caab96807849b79a6282484f211374.scope/5a0cad4f4c0a53d05b83a56e4
d62572f1438e6af112138f90254017b60c32684
0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-org.kde.konsole-c9caab96807849b79a6282484f211374.scope

OpenShift pod:

-bash-4.2$ more /proc/1/cgroup 
11:freezer:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
10:blkio:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
9:devices:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
8:memory:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
7:net_prio,net_cls:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
6:hugetlb:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
5:perf_event:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
4:pids:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
3:cpuacct,cpu:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
2:cpuset:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
1:name=systemd:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope

Environment

Podman image

strings /proc/1/environ 
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
TERM=xterm
container=podman
containers=podman
HOSTNAME=fa8ff10bdab2
HOME=/root

Local Machine

sudo strings /proc/1/environ
TERM=linux
BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.9.10-200.fc33.x86_64

VM

sudo strings /proc/1/environ
TERM=linux
BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.9.8-200.fc33.x86_64

Docker Image

strings /proc/1/environ
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=17ecc0373aaf
TERM=xterm
HOME=/root

Podman Image on VM

strings /proc/1/environ
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
TERM=xterm
container=podman
containers=podman
HOSTNAME=c8484af414dc
HOME=/root

OpenShift pod.
Large amount of variables, interesting subset of:

JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk
JAVA_TOOL_OPTIONS=-Xmx1024m -Xss1m
KUBERNETES_PORT_443_TCP_ADDR=172.56.0.1
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP=tcp://172.56.0.1:443
KUBERNETES_PORT_53_TCP_ADDR=172.56.0.1
KUBERNETES_PORT_53_TCP_PORT=53
KUBERNETES_PORT_53_TCP_PROTO=tcp
KUBERNETES_PORT_53_TCP=tcp://172.56.0.1:53
KUBERNETES_PORT_53_UDP_ADDR=172.56.0.1
KUBERNETES_PORT_53_UDP_PORT=53
KUBERNETES_PORT_53_UDP_PROTO=udp
KUBERNETES_PORT_53_UDP=udp://172.56.0.1:53
KUBERNETES_PORT=tcp://172.56.0.1:443
KUBERNETES_SERVICE_HOST=172.56.0.1
KUBERNETES_SERVICE_PORT=443
KUBERNETES_SERVICE_PORT_DNS=53
KUBERNETES_SERVICE_PORT_DNS_TCP=53
KUBERNETES_SERVICE_PORT_HTTPS=443
`

Summary

The best appears to be a combination.

  • Podman always sets container/containers env variable ( note: /proc/1/environ is protected)
  • CGroups always has docker in it for docker images.
  • For OpenShift, either kubepods in cgroups or KUBERNETES_PORT* in environment.
Select a repo