监控安全容器
描述
kata events命令用于显示指定容器状态。包括但不限于容器内存、CPU、Pid、 Blkio、大页内存、网络等信息。
用法
kata-runtime events [command options] <container-id>
参数
- -- interval value:设置查询周期。如果不使用该参数,默认查询周期为5秒。
- --stats: 显示容器信息并退出查询。
前置条件
要查询的容器状态必须为running,否则报错:Container ID () does not exist。
该命令只支持查询监控一个容器的状态
示例
每隔三秒显示容器状态。
$ kata-runtime events --interval 3s 5779b2366f47
{
"data": {
"blkio": {},
"cpu": {
"throttling": {},
"usage": {
"kernel": 130000000,
"percpu": [
214098440
],
"total": 214098440,
"user": 10000000
}
},
"hugetlb": {},
"intel_rdt": {},
"interfaces": [
{
"name": "lo",
"rx_bytes": 0,
"rx_dropped": 0,
"rx_errors": 0,
"rx_packets": 0,
"tx_bytes": 0,
"tx_dropped": 0,
"tx_errors": 0,
"tx_packets": 0
}
],
"memory": {
"cache": 827392,
"kernel": {
"failcnt": 0,
"limit": 9223372036854771712,
"max": 421888,
"usage": 221184
},
"kernelTCP": {
"failcnt": 0,
"limit": 0
},
"raw": {
"active_anon": 49152,
"active_file": 40960,
"cache": 827392,
"dirty": 0,
"hierarchical_memory_limit": 9223372036854771712,
"hierarchical_memsw_limit": 9223372036854771712,
"inactive_anon": 0,
"inactive_file": 839680,
"mapped_file": 540672,
"pgfault": 6765,
"pgmajfault": 0,
"pgpgin": 12012,
"pgpgout": 11803,
"rss": 4096,
"rss_huge": 0,
"shmem": 32768,
"swap": 0,
"total_active_anon": 49152,
"total_active_file": 40960,
"total_cache": 827392,
"total_dirty": 0,
"total_inactive_anon": 0,
"total_inactive_file": 839680,
"total_mapped_file": 540672,
"total_pgfault": 6765,
"total_pgmajfault": 0,
"total_pgpgin": 12012,
"total_pgpgout": 11803,
"total_rss": 4096,
"total_rss_huge": 0,
"total_shmem": 32768,
"total_swap": 0,
"total_unevictable": 0,
"total_writeback": 0,
"unevictable": 0,
"writeback": 0
},
"swap": {
"failcnt": 0,
"limit": 9223372036854771712,
"max": 34201600,
"usage": 1204224
},
"usage": {
"failcnt": 0,
"limit": 9223372036854771712,
"max": 34201600,
"usage": 1204224
}
},
"pids": {
"current": 1
},
"tcp": {},
"tcp6": {},
"udp": {},
"udp6": {}
},
"id": "5779b2366f47cd1468ebb1ba7c52cbdde3c7d3a5f2af3eefadc8356700fc860b",
"type": "stats"
}
显示容器状态并立即返回
kata-runtime events --stats <container_id>
该命令返回内容的格式与上一条相同,区别为只显示一次信息后便退出。