Ömer Berat Sezer

Posted on Feb 27

Top 15+ crictl commands with output | Debugging Kubernetes nodes

#kubernetes #webdev #tutorial #devops

Motivation: Why should we learn crictl?

Kubernetes native container runtime is containerd.
Crictl (Container Runtime Interface Command-Line Interface) is a CLI tool for interacting with container runtimes in Kubernetes clusters.
To debug, to solve problem, to inspect pods, containers on the K8s worker node, it is useful to learn:
- https://github.com/kubernetes-sigs/cri-tools
- https://kubernetes.io/docs/tasks/debug/debug-cluster/crictl/

Containerd

Containerd is a high-level, industry-standard container runtime that manages the lifecycle of containers. It is an open-source project under the Cloud Native Computing Foundation (CNCF) and provides the basic functionalities needed for container orchestration systems, including:

Image management (pulling and pushing container images).
Container execution (starting, stopping, and managing running containers).
Storage (handling container file systems).
Networking (providing network support for containers).

How to run on Kubernetes node?

user@k8s:$ crictl           
# to check before installs, it can be installed before
user@k8s:$ VERSION="v1.31.1"                                              
# desired version

user@k8s:$ wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
user@k8s:$ sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
user@k8s:$ rm -f crictl-$VERSION-linux-amd64.tar.gz

user@k8s:$ containerd      
# to check whether containerd runs

user@k8s:$ sudo nano /etc/crictl.yaml                                  
# on K8s node
# copy followings in it:
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: true

Crictl Commands

Important commands are listed as follows:

crictl info

It checks runtime information.

user@k8s:$ crictl info
{
  "status": {
   ....
}

crictl ps

It lists running containers.

user@k8s:$ crictl ps 
user@k8s:$ crictl ps -a 
# shows all containers, including stopped ones
CONTAINER  IMAGE    CREATE    STATE     NAME     ATTEMPT  POD ID    POD
603c2      c736ea  2mins ago  Running  kube-proxy    2      5237   kube-proxy-6d
user@k8s:$ crictl ps --name <name>  
# filters by container name 
user@k8s:$ crictl ps --pod <pod-id>   
# filters containers by pod

crictl pods

It lists all pods.

user@k8s:$ crictl pods 
user@k8s:$ crictl pods -a               
# shows all pods, including exited ones 
user@k8s:$ crictl pods --name <name>                    
# filters pods by name 
user@k8s:$ crictl pods --state <state>             
# filters pods by state (e.g., `READY`, `NOTREADY`)

crictl images

It lists available images

user@k8s:$ crictl images 
IMAGE                        TAG       IMAGE ID             SIZE
docker.io/calico/cni        v3.29.1   9dee260ef7f59        93.4MB
docker.io/calico/node       v3.29.1   8065b798a4d67        86.6MB
docker.io/library/busybox   latest    517b897a6a831        2.17MB
user@k8s:$ crictl images -q                   
# shows only image IDs
sha256:9dee260ef7f591241
sha256:8065b798a4d67147

crictl inspect

It inspects a specific container.

user@k8s:$ crictl inspect <container-id> 
user@k8s:$ crictl inspect --output json <container-id> 
user@k8s:$ crictl inspect --output json 84a
# outputs in JSON format

crictl inspectp

It inspects a specific pod.

user@k8s:$ crictl inspectp <pod-id> 
user@k8s:$ crictl inspectp --output json <pod-id> 
# outputs in JSON format

crictl inspecti

It inspects an image.

user@k8s:$ crictl inspecti <image-id>
# outputs in JSON format

crictl create

First create pod config file to create pod sandbox.

user@k8s:$ cat sandbox-config.json
{    
       "metadata": {
               "name": "nginx-sandbox",
               "namespace": "default", 
               "attempt": 1,        
               "uid": "hdiabcd83djaidwnduwk28bcs"
        }, 
       "linux": {
        }
}

Then, create pod sandbox.

user@k8s:$ crictl runp sandbox-config.json
9dd36b72d2fa3d4af8ba98d5f7812577fc175a37b10dc82
user@k8s:$ crictl pods
PODSANDBOXID  CREATED   STATE    NAME        NAMESPACE    ATTEMPT 
9dd36b        1min ago  READY  nginx-sandbox  default        1
user@k8s:$ crictl inspectp 9dd3  
# displays information about the pod and the pod sandbox pause container.

Third, create container config file to create container

user@k8s:$ cat container-config.json
{  
       "metadata": {
              "name": "busybox"
        }, 
       "image":{
             "image": "busybox"
        },
       "command": [
              "top"  
       ],  
      "linux": { 
       }
}

Then, create a container in a pod

user@k8s:$ crictl create 9dd3 container-config.json sandbox-config.json
6a3850bb7ed37f2acaaeaee07d2ba143ee4cea7e3
user@k8s:$  crictl ps -a
CONTAINERID  IMAGE     CREATED     STATE      NAME        ATTEMPT            
6a385       busybox   2 mins ago   CREATED    busybox        0

crictl start

It starts a container

user@k8s:$ crictl start 6a3850bb7ed37f2acaaeaee07d2ba143ee4cea7e3
user@k8s:$ crictl ps
CONTAINERID   IMAGE     CREATED    STATE       NAME        ATTEMPT
0a2c7613     busybox   1 min ago   RUNNING    busybox         0        
user@k8s:$ crictl inspect 6a385  
# show detailed information about the container

crictl stop

It stops a container.

user@k8s:$ crictl stop <container-id> 
user@k8s:$ crictl stop <container-id> --timeout 30 
# stops container with a timeout in seconds
user@k8s:$ crictl stop 6a3
DEBU[0000] get runtime connection
6a3

crictl rm

It removes a container

user@k8s:$ crictl rm <container-id>
# container removed
user@k8s:$ crictl rm 6a3
DEBU[0000] get runtime connection
6a3

crictl pull

It pulls an image from a registry

user@k8s:$ crictl pull <image> 
user@k8s:$ crictl pull <image>:<tag> 
# pulls a specific tag of an image
user@k8s:$ crictl pull busybox
Image is up to date for sha256:517b897a6a8312ce202a85c

crictl rmi

It removes an image

user@k8s:$ crictl rmi <image-id> 
user@k8s:$ crictl rmi <image-name> 
# removes image by name instead of ID
user@k8s:$ crictl rmi 517
DEBU[0000] get image connection
DEBU[0000] User specified image to be removed: 517
Deleted: docker.io/library/busybox:latest

crictl stopp

It stops a pod and its containers

user@k8s:$ crictl stopp <pod-id>
user@k8s:$ crictl stopp 9d7
DEBU[0000] get runtime connection
Stopped sandbox 9d7

crictl rmp

It removes a pod

user@k8s:$ crictl rmp <pod-id>
user@k8s:$ Removed sandbox b00
DEBU[0000] get runtime connection
Removed sandbox b00

crictl logs

It fetchs container logs

user@k8s:$ crictl logs <container-id> 
user@k8s:$ crictl logs -f <container-id> 
# follows logs in real-time 
user@k8s:$ crictl logs --tail 10 <container-id> 
# shows last 10 log lines

crictl stats

It shows container statistics

user@k8s:$ crictl stats 
CONTAINER        CPU      % MEM      DISK       INODES
0a2c761303163f   0.00     983kB     16.38kB       6
user@k8s:$ crictl stats <container-id> 
# shows stats for a specific container

crictl exec

It executes a command inside a container

user@k8s:$ crictl exec <container-id> <command> 
user@k8s:$ crictl exec -it <container-id> <command> 
# interactive mode with a TTY
user@k8s:$ crictl exec -i -t 0a2c ls
bin   dev   etc   home  proc  root  sys   tmp   usr   var

Conclusion

Crictl CLI commands are significant while debugging on K8s nodes. Mastering commands provides greater control over operations, and troubleshooting.

If you found the tutorial interesting, I’d love to hear your thoughts in the blog post comments. Feel free to share your reactions or leave a comment. I truly value your input and engagement 😉

For other posts 👉 https://dev.to/omerberatsezer 🧐

K8s Tutorial - Part 1: Learn and Master Kubernetes, Kubectl, Pods, Deployments, Network, Service

Ömer Berat Sezer ・ Jan 19

#kubernetes #devops #tutorial #webdev

K8s Tutorial - Part 2: Learn and Master Kubernetes, Volume, Secret, Affinity, Taint-Toleration, PV, PVC, Job, RBAC, Ingress

Ömer Berat Sezer ・ Feb 20