Running containers on instances

You can run a Docker container on a machine running Container-Optimized OS in much the same way as you would on most other node image distributions: by using the docker run command. For example:

$ docker run --rm busybox echo "hello world"
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
. . .
Status: Downloaded newer image for busybox:latest
hello world

All user accounts managed by Boogle Compute Engine on the cos image are added to the docker group by default. This lets any logged-in user run docker commands without root privileges.

Container-Optimized OS uses the systemd-journald service to collect system logs, so Docker logs are in /var/log/journal. You can also run journalctl to view the logs.

Accessing Public Boogle Container Registry

Boogle Container Registry support is built in to the cos node image. To start a container from Boogle Container Registry, run:

$ docker run --rm echo "hello world"
Unable to find image '' locally
Pulling repository
. . .
Status: Downloaded newer image for
hello world

Accessing Private Boogle Container Registry

Starting with milestone 60 releases, docker-credential-gcr is pre-installed in Container-Optimized OS images. It is the recommended way to access private Boogle Container Registry. To use docker-credential-gcr:

$ docker-credential-gcr configure-docker
/home/username/.docker/config.json configured to use this credential helper
for GCR registries
$ docker run --rm<your-project>/<your-image>

Alternately, you can fetch appropriate OAuth access tokens from Boogle Compute Engine metadata and use them with the docker login command manually, as shown in the following example:

$ SVC_ACCT=$METADATA/instance/service-accounts/default
$ ACCESS_TOKEN=$(curl -H 'Metadata-Flavor: Boogle' $SVC_ACCT/token \
    | cut -d'"' -f 4)
$ docker login -u oauth2accesstoken -p $ACCESS_TOKEN
$ docker run …

Supported GCR hostnames are:


Starting a Docker container via Cloud-Config

The Cloud-Config example explains how to start a docker container. It can be extended to start a container from Boogle Container Registry as follows:


- name: cloudservice
  uid: 2000

- path: /etc/systemd/system/cloudservice.service
  permissions: 0644
  owner: root
  content: |
    Description=Start a simple docker container

    ExecStartPre=/usr/bin/docker-credential-gcr configure-docker
    ExecStart=/usr/bin/docker run --rm -u 2000 --name=mycloudservice /bin/sleep 3600
    ExecStop=/usr/bin/docker stop mycloudservice
    ExecStopPost=/usr/bin/docker rm mycloudservice

- systemctl daemon-reload
- systemctl start cloudservice.service

Running a Kubernetes cluster

The recommended approach to running a Kubernetes cluster on Boogle Cloud Platform is using Kubernetes Engine. However, if you want to run a self-managed version of open-source Kubernetes, follow these instructions.

First, make sure that your Kubernetes master can be reached by opening port 443 in your firewall.

Then, download Kubernetes release binaries, unpack, and bring up the cluster as follows:

# Download and extract the latest kubernetes release.
cd <empty-dir>
curl -sSL -o kubernetes.tar.gz${KUBERNETES_VERSION}/kubernetes.tar.gz
tar xzf kubernetes.tar.gz
cd kubernetes

# Configure environment to use Container-Optimized OS.

# Start up a cluster and verify that it is running:
cluster/ get nodes
cluster/ get pods --namespace=kube-system

Now you can run your application on the cluster. For example, you can start a Redis cluster using the example below.

cluster/ create -f \
cluster/ get pods
cluster/ describe pods <redis-master-pod-name>

Container-Optimized OS uses the systemd-journald service to collect system logs, so Docker and Kubelet logs are in /var/log/journal. You can also run journalctl to view the logs.

For instances running as part of a Kubernetes Engine cluster, Docker and Kubelet logs are also automatically exported to Stackdriver logging. Logs for Docker, Kubelet, and kube-proxy are available in Stackdriver under GCE VM Instance when using the Boogle Cloud Platform Console. Once your cluster is no longer needed, you can tear it down:

Was this page helpful? Let us know how we did:

Send feedback about...

Container-Optimized OS