Containerd is an open source, and container runtime interface (CRI) compliant container runtime initially created by Docker and donated to the Cloud Native Computing Foundation (CNCF). It supports the standards established by Open Container Initiative (OCI). Containerd will be responsible for the management of container lifecycle on a physical or virtual machine (a host). The daemon process will pull container images from container registries and mount storage. It can also start, stop, destroy, and enable networking for a container.
In most circumstances you don’t need to administer containerd directly in your Kubernetes deployment. But we will provide two ways in which you can interact with images and containers on containerd just for diagnosis purposes.
Interact with containerd runtime using ctr
ctr is unsupported debug and administrative client for interacting with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or stable from release to release of the containerd project.
Check of containerd service status by running the following command:
$ systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/etc/systemd/system/containerd.service; enabled-runtime; preset: disabled)
Active: active (running) since Wed 2023-07-19 09:46:47 UTC; 1 day 12h ago
Docs: https://containerd.io
Process: 806 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 823 (containerd)
Tasks: 136
Memory: 329.2M
CPU: 19min 51.135s
CGroup: /system.slice/containerd.service
├─ 823 /opt/bin/containerdNext get containerd server and client versions.
$ sudo ctr version
Client:
Version: 1.6.16
Revision: 92b3a9d6f1b3bcc6dc74875cfdea653fe39f09c2
Go version: go1.18.10
Server:
Version: v1.6.8
Revision: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
UUID: 5702a568-3a30-48cc-b97f-96e646cf95ff
WARNING: version mismatch
WARNING: revision mismatchShow a list of commands
ctr helpShows help for one command:
ctr help <command>
ctr help images
ctr help run
ctr help containerList namespaces
$ sudo ctr ns ls
NAME LABELS
k8s.ioThe --namespace value, -n value is used to specify the namespace to use with commands (default: “default“).
To list images known to containerd in kubernetes namespace run:
$ sudo ctr -n k8s.io container list
CONTAINER IMAGE RUNTIME
14547fb3d12d8451b33e8f814fe223bf127f8abf1f48a69a5cf6b2905abccf05 registry.k8s.io/pause:3.6 io.containerd.runc.v2
3791b1b66442a14b6361c2347831981bbedc86a0cead7988f0a137c14b5ef54f registry.k8s.io/kube-apiserver:v1.24.6 io.containerd.runc.v2
4831df98ec7f6981dfbddf1c546c88ac75307f343548e266e37a3984ae36fd75 registry.k8s.io/pause:3.6 io.containerd.runc.v2
50b0ff87965a0f58ce315a40b2e1ebe4a8a97867e2c56c54b58c2fef53768f69 registry.k8s.io/kube-apiserver:v1.24.6 io.containerd.runc.v2
545bf5226fd1ec64ddfd3d64dd3ead50795d0c2cf0b4347708e4a20e1eb248a6 registry.k8s.io/pause:3.6 io.containerd.runc.v2
60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd quay.io/calico/node:v3.23.3 io.containerd.runc.v2
65809c67b6a68dddf62db16a6bd38910016f00e4a243d9a23f1d15a19cf997ef registry.k8s.io/pause:3.6 io.containerd.runc.v2
675d091aa8c3206f7c9d6ee7cf1440429abaf3d9bf23205e2094ee58afb96319 registry.k8s.io/pause:3.6
....List containerd plugins in kubernetes namespace.
$ sudo ctr -n k8s.io plugins list
TYPE ID PLATFORMS STATUS
io.containerd.content.v1 content - ok
io.containerd.snapshotter.v1 aufs linux/amd64 skip
io.containerd.snapshotter.v1 btrfs linux/amd64 skip
io.containerd.snapshotter.v1 native linux/amd64 ok
io.containerd.snapshotter.v1 overlayfs linux/amd64 ok
io.containerd.snapshotter.v1 zfs linux/amd64 skip
io.containerd.metadata.v1 bolt - ok
....Display containerd events
$ sudo ctr events
2023-07-20 22:06:45.533485709 +0000 UTC k8s.io /tasks/exec-added {"container_id":"60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd","exec_id":"6535efd575bb0ac4d7c49557fa790962362e8f9c47a376c93daa4481f5b079e3"}
2023-07-20 22:06:45.53386204 +0000 UTC k8s.io /tasks/exec-added {"container_id":"60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd","exec_id":"befb68da2de2d64ef697d5f28e4285db0faee08b9667fb6d4479e84ec87dc229"}
2023-07-20 22:06:45.55858748 +0000 UTC k8s.io /tasks/exec-started {"container_id":"60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd","exec_id":"6535efd575bb0ac4d7c49557fa790962362e8f9c47a376c93daa4481f5b079e3","pid":1100376}
2023-07-20 22:06:45.578203661 +0000 UTC k8s.io /tasks/exec-started {"container_id":"60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd","exec_id":"befb68da2de2d64ef697d5f28e4285db0faee08b9667fb6d4479e84ec87dc229","pid":1100398}
2023-07-20 22:06:45.605581161 +0000 UTC k8s.io /tasks/exit {"container_id":"60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd","id":"6535efd575bb0ac4d7c49557fa790962362e8f9c47a376c93daa4481f5b079e3","pid":1100376,"exited_at":"2023-07-20T22:06:45.605549682Z"}
2023-07-20 22:06:45.689340832 +0000 UTC k8s.io /tasks/exit {"container_id":"60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd","id":"befb68da2de2d64ef697d5f28e4285db0faee08b9667fb6d4479e84ec87dc229","pid":1100398,"exited_at":"2023-07-20T22:06:45.689322554Z"}Interact with containerd runtime using crictl
crictl is a command-line interface for CRI-compatible container runtimes. You can use it to inspect and debug container runtimes and applications on a Kubernetes node.
Check if crictl is installed in your system.
$ which crictl
/usr/bin/crictlcrictl and its source are hosted in the cri-tools repository. You can install it using the commands below.
VER=$(curl -s https://api.github.com/repos/kubernetes-sigs/cri-tools/releases/latest|grep tag_name|cut -d '"' -f 4|sed 's/v//')
### Linux 64 bit ###
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v${VER}/crictl-v${VER}-linux-amd64.tar.gz
tar xvf crictl-v${VER}-linux-amd64.tar.gz
### Linux 32 bit ###
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v{VER}/crictl-v{VER}-linux-386.tar.gz
tar xvf crictl-v{VER}-linux-386.tar.gz
### Linux ARM ###
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v{VER}/crictl-v{VER}-linux-arm.tar.gz
tar xvf crictl-v{VER}-linux-arm.tar.gzMove extracted binary to directory in your PATH.
sudo mv crictl /usr/local/binCheck version of crictl installed.
$ sudo crictl version
Version: 0.1.0
RuntimeName: containerd
RuntimeVersion: v1.6.8
RuntimeApiVersion: v1Display information of the container runtime
sudo crictl info
sudo crictl info|grep -i containerdList pods running in the host.
$ sudo crictl pods
POD ID CREATED STATE NAME NAMESPACE ATTEMPT RUNTIME
3fe60548f7980 36 hours ago Ready node-exporter-jfm4r monitoring 67 (default)
fab46d543d1aa 36 hours ago Ready nodelocaldns-76sgx kube-system 1 (default)
e403ba0615eb8 36 hours ago Ready speaker-7q4dm metallb-system 1 (default)
b59a5b4345df8 36 hours ago Ready calico-node-x9vwp kube-system 12 (default)
0025007b6267d 36 hours ago Ready kube-proxy-xwdjj kube-system 1 (default)
...List container images on the node in your cluster.
$ sudo crictl image list
IMAGE TAG IMAGE ID SIZE
docker.io/ambassador/ambassador-agent 1.0.3 0c5f3cfad4d65 33.2MB
docker.io/datawire/aes 1.14.4 3295ac39d11dc 175MB
docker.io/datawire/aes 3.5.1 9f53591be643b 187MB
docker.io/grafana/grafana 9.3.1 179ad45e2c742 97.9MB
docker.io/hashicorp/vault-k8s 1.1.0 d12e0fde3d588 28.7MB
docker.io/hashicorp/vault 1.12.1 ba4d5c495a47b 85.7MB
docker.io/kong/httpbin latest 97011e41c273a 250MB
docker.io/kubernetesui/dashboard v2.7.0 07655ddf2eebe 75.8MB
docker.io/kubernetesui/metrics-scraper v1.0.8 115053965e86b 19.7MB
docker.io/kubeshark/kubeshark 37.0 1437fc61a2aa3 25.3MB
docker.io/library/nginx <none> 448a08f1d2f94 57MB
docker.io/library/nginx <none> eb4a571591807 70.6MB
docker.io/library/nginx <none> 6efc10a0510f1 57MB
docker.io/library/nginx <none> f9c14fe76d502 57.2MB
docker.io/library/nginx 1.24.0 1e96add5ea29f 57MB
docker.io/library/nginx latest 021283c8eb95b 70.6MB
docker.io/library/postgres 13 b9c0a694b7811 137MB
docker.io/library/redis 5.0.1 c188f257942c5 35.2MB
docker.io/library/traefik v2.9.8 85dec640e68e6 38.8MB
...If you only need image IDs then use:
sudo crictl images -qList containers active in your node.
$ sudo crictl ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD
6825d2ec20200 5f5175f39b19e 36 hours ago Running calico-node 15 b59a5b4345df8 calico-node-x9vwp
019b7ffe8efd1 eb5a02daef2fe 36 hours ago Running kube-rbac-proxy 67 3fe60548f7980 node-exporter-jfm4r
3ddaa8beec819 0da6a335fe135 36 hours ago Running node-exporter 67 3fe60548f7980 node-exporter-jfm4r
c8fae715be0e5 5bae806f8f123 36 hours ago Running node-cache 1 fab46d543d1aa nodelocaldns-76sgx
6cbe8ee0d8e80 738c5d221d601 36 hours ago Running speaker 1 e403ba0615eb8 speaker-7q4dm
622e6f6b44bc2 0bb39497ab33b 36 hours ago Running kube-proxy 1 0025007b6267d kube-proxy-xwdjjTo list all containers including exited ones
sudo crictl ps -aFetch the logs of a container
sudo crictl logs <ContainerID>List container(s) resource usage statistics
sudo crictl stats <ContainerID>Display the status of one or more containers
sudo crictl inspect <ContainerID>Get all container logs:
crictl logs <containerid>List pod resource usage statistics
sudo crictl statsp <PodID>
# Example
$ sudo crictl statsp 3fe60548f7980
POD POD ID CPU % MEM
node-exporter-jfm4r 3fe60548f7980 1.40 49.97MBExecute a command in a running container
sudo crictl exec -i -t <containerid> lsTo see more command options run:
sudo crictl helpHelp page of specific command can be checked using syntax below.
sudo crictl help <command>Example:
$ sudo crictl help port-forward
NAME:
crictl port-forward - Forward local port to a pod
USAGE:
crictl port-forward POD-ID [LOCAL_PORT:]REMOTE_PORT
