Innovation Version

      Managing the Lifecycle of a Secure Container

      Starting a Secure Container

      You can use iSulad as the container engine of the secure container. To start a secure container, perform the following steps:

      1. Ensure that the secure container component has been correctly installed and deployed.

      2. Prepare the container image. Assume that the container image is busybox. Run the following commands to download the container image using iSulad:

        isula pull busybox
      3. Start a secure container. Run the following commands to start a secure container using iSulad:

        isula run -tid --runtime io.containerd.kata.v2 --net none busybox <command>

        The secure container supports the CNI network only and does not support the CNM network. The -p and --expose options cannot be used to expose container ports. When using a secure container, you need to specify the --net=none option.

      4. Start a pod.

        1. Start the pause container and obtain the sandbox ID of the pod based on the command output. Run the following command to start a pause container using iSulad:

          isula run -tid --runtime io.containerd.kata.v2 --net none --annotation io.kubernetes.cri.container-type=sandbox <pause-image> <command>


        2. Create a service container and add it to the pod. Run the following command to create a service container using iSulad:

          isula run -tid --runtime kata-runtime --network none --annotation io.kubernetes.cri.container-type=container --annotation io.kubernetes.cri.sandbox-id=<sandbox-id> busybox <command>

          --annotation is used to mark the container type.

      Stopping a Secure Container

      • Run the following command to stop a secure container:

        isula stop <contaienr-id>
      • Stop a pod.

        When stopping a pod, note that the lifecycle of the pause container is the same as that of the pod. Therefore, stop service containers before the pause container.

      Deleting a Secure Container

      Ensure that the container has been stopped. Run the following command to delete the container:

      isula rm <container-id>

      To forcibly delete a running container, use the -f option:

      isula rm -f <container-id>

      Running a New Command in the Container

      The pause container functions only as a placeholder container. Therefore, after a pod is started, run the new command in the service container. The pause container does not execute the corresponding command. If you need to start only one container, you can run the following command:

      isula exec -ti <container-id> <command>


      1. If the -d option is used, the command is executed in the background and no error information is displayed. The exit code cannot be used to determine whether the command is executed correctly.

      Bug Catching

      Buggy Content

      Bug Description

      Submit As Issue

      It's a little complicated....

      I'd like to ask someone.


      Just a small problem.

      I can fix it online!

      Bug Type
      Specifications and Common Mistakes

      ● Misspellings or punctuation mistakes;

      ● Incorrect links, empty cells, or wrong formats;

      ● Chinese characters in English context;

      ● Minor inconsistencies between the UI and descriptions;

      ● Low writing fluency that does not affect understanding;

      ● Incorrect version numbers, including software package names and version numbers on the UI.


      ● Incorrect or missing key steps;

      ● Missing prerequisites or precautions;

      ● Ambiguous figures, tables, or texts;

      ● Unclear logic, such as missing classifications, items, and steps.


      ● Technical principles, function descriptions, or specifications inconsistent with those of the software;

      ● Incorrect schematic or architecture diagrams;

      ● Incorrect commands or command parameters;

      ● Incorrect code;

      ● Commands inconsistent with the functions;

      ● Wrong screenshots.

      Risk Warnings

      ● Lack of risk warnings for operations that may damage the system or important data.

      Content Compliance

      ● Contents that may violate applicable laws and regulations or geo-cultural context-sensitive words and expressions;

      ● Copyright infringement.

      How satisfied are you with this document

      Not satisfied at all
      Very satisfied
      Click to create an issue. An issue template will be automatically generated based on your feedback.
      Bug Catching
      编组 3备份