containerd Cheatsheet
Last Updated: 2024-08-23
# containerd view logs
$ journalctl -u containerd
ctr
vs crictl
:
ctr
: containerd CLI, not related to k8s.crictl
: CRI Compatible container runtime command line interface, related to k8s.
crictl image
= ctr -n=k8s.io images ls
kind load
uses "ctr", "--namespace=k8s.io", "images", "import", "--digests", "--snapshotter="+snapshotter, "-"
what's in containerd config
Config file: /etc/containerd/config.toml
- sandbox_image (you can overwrite the pause image)
- default runtime, e.g. "runc"
- registry auth/ca/mirrors
Registry
version = 2
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
Per registry config:
$ tree /etc/containerd/certs.d
/etc/containerd/certs.d
└── docker.io
└── hosts.toml
Another way to check registry mirrors: crictl info
.
Check number of sandboxes and containers
# check the number of pod sandboxes:
$ ls /var/lib/containerd/io.containerd.grpc.v1.cri/sandboxes/ | wc -l
# check the number of containers
$ ls /var/lib/containerd/io.containerd.grpc.v1.cri/containers/ | wc -l
ctr Cheatsheet
ctr
separates tasks from containers:
- containers: NOT processes, but isolated and restricted execution environments for processes.
- tasks: the actual processes.
# Pull imagge
$ ctr image pull docker.io/library/hello-world:latest
# Start the container
$ ctr run docker.io/library/hello-world:latest CONTAINER_ID
# List running containers
$ ctr container ls
# Inspect a container
$ ctr container info CONTAINER_ID
# Delete a container
$ ctr container remove CONTAINER_ID
# ctr run = ctr container create + ctr task start
$ ctr container create docker.io/library/nginx:alpine nginx1
# Start the process in background
$ ctr task start --detach nginx1
# List tasks
$ ctr task ls
# Attach the task to see the stdout and stderr.
$ ctr task attach nginx1
# Kill a task
$ ctr task kill -s 9 nginx1
# Remove a task
$ ctr task rm nginx1