Containerd¶
containerd is available as a daemon for Linux and Windows. It manages the complete container lifecycle of its host system, from image transfer and storage to container execution and supervision to low-level storage to network attachments and beyond.
Containerd supports namespaces at the container runtime level. These namespaces are entirely different from the Kubernetes namespaces. Containerd namespaces are used to provide isolation to different applications that might be using containerd like docker, kubelet, etc.
Below are two well-known namespaces.
K8s.io: contains all the containers started from the CRI plugin by kubelet, irrespective of the namespace in Kubernetes
moby: comprises all containers started by docker
Managing containerd¶
- crictl - is a tool for managing containers through the Container Runtime Interface (CRI).
- ctr- is a tool for managing containers directly through the containerd runtime.
cri-tools¶
crictl is a command-line interface for CRI-compatible container runtimes. You can use it to list, run, stop, inspect and debug container runtimes and applications on a Kubernetes node. It can also used to pull an image and execute a command in a container. crictl and its source are hosted in the cri-tools repository.
https://kubernetes.io/docs/tasks/debug-application-cluster/crictl/
https://github.com/kubernetes-sigs/cri-tools
https://github.com/kubernetes-sigs/cri-tools/blob/master/docs/crictl.md
The crictl command has several subcommands and runtime flags. Use crictl help or crictl
You can set the endpoint for crictl by doing one of the following:
- Set the --runtime-endpoint and --image-endpoint flags.
- Set the CONTAINER_RUNTIME_ENDPOINT and IMAGE_SERVICE_ENDPOINT environment variables.
- Set the endpoint in the configuration file /etc/crictl.yaml. To specify a different file, use the --config=PATH_TO_FILE flag when you run crictl.
Note
If you don't set an endpoint, crictl attempts to connect to a list of known endpoints, which might result in an impact to performance.
You can also specify timeout values when connecting to the server and enable or disable debugging, by specifying timeout or debug values in the configuration file or using the --timeout
and --debug
command-line flags.
To view or edit the current configuration, view or edit the contents of /etc/crictl.yaml
. For example, the configuration when using the containerd container runtime would be similar to this:
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: true
Note
microk8s default endpoint is: unix:////var/snap/microk8s/common/run/containerd.sock
$ cat /etc/crictl.yaml
runtime-endpoint: unix:////var/snap/microk8s/common/run/containerd.sock
image-endpoint: unix:////var/snap/microk8s/common/run/containerd.sock
timeout: 10
debug: false
https://kubernetes.io/docs/tasks/debug/debug-cluster/crictl/
To List pods
crictl pods
crictl pods --name nginx-65899c769f-wv2gp
crictl pods --label run=nginx
To List images
crictl images
crictl images nginx
crictl images -q
To pull private images using username and password using crictl
crictl pull --creds "UserName:Password" "image details from private registry@SHA details"
To list running containers
crictl ps -a
crictl ps
Execute a command in a running container
crictl exec -i -t 1f73f2d81bf98 ls
Get a container's logs
crictl logs 87d3992f84f74
crictl logs --tail=1 87d3992f84f74
ctr¶
ctr is a tool for managing containers directly through the containerd runtime. ctr can be used to perform a variety of tasks, such as listing all Images, Pulling an Image, Running a Container, Removing an Image, Executing a command in a container etc..
To list all containers managed by kubelett
ctr -n k8s.io containers list
To list the containers managed by docker daemon
ctr -n moby containers list