Skip to content



crictl is a command-line interface for CRI-compatible container runtimes. You can use it to inspect and debug container runtimes and applications on a Kubernetes node. crictl and its source are hosted in the cri-tools repository.

The crictl command has several subcommands and runtime flags. Use crictl help or crictl help for more details.

You can set the endpoint for crictl by doing one of the following:

  • Set the --runtime-endpoint and --image-endpoint flags.
  • Set the endpoint in the configuration file /etc/crictl.yaml. To specify a different file, use the --config=PATH_TO_FILE flag when you run crictl.


If you don't set an endpoint, crictl attempts to connect to a list of known endpoints, which might result in an impact to performance. You can also specify timeout values when connecting to the server and enable or disable debugging, by specifying timeout or debug values in the configuration file or using the --timeout and --debug command-line flags.

To view or edit the current configuration, view or edit the contents of /etc/crictl.yaml. For example, the configuration when using the containerd container runtime would be similar to this:

runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: true


microk8s default endpoint is: unix:////var/snap/microk8s/common/run/containerd.sock

$ cat /etc/crictl.yaml
runtime-endpoint: unix:////var/snap/microk8s/common/run/containerd.sock
image-endpoint: unix:////var/snap/microk8s/common/run/containerd.sock
timeout: 10
debug: false

To List pods

crictl pods
crictl pods --name nginx-65899c769f-wv2gp
crictl pods --label run=nginx

To List images

crictl images
crictl images nginx
crictl images -q

To pull private images using username and password using crictl

crictl pull --creds "UserName:Password" "image details from private registry@SHA details"

To list running containers

crictl ps -a
crictl ps

Execute a command in a running container

crictl exec -i -t 1f73f2d81bf98 ls

Get a container's logs

crictl logs 87d3992f84f74
crictl logs --tail=1 87d3992f84f74