logo

containerd Cheatsheet

Last Updated: 2024-08-23
# containerd view logs
$ journalctl -u containerd

ctr vs crictl:

  • ctr: containerd CLI, not related to k8s.
  • crictl: CRI Compatible container runtime command line interface, related to k8s.

crictl image = ctr -n=k8s.io images ls

kind load uses "ctr", "--namespace=k8s.io", "images", "import", "--digests", "--snapshotter="+snapshotter, "-"

what's in containerd config

Config file: /etc/containerd/config.toml

  • sandbox_image (you can overwrite the pause image)
  • default runtime, e.g. "runc"
  • registry auth/ca/mirrors

Registry

version = 2

[plugins."io.containerd.grpc.v1.cri".registry]
   config_path = "/etc/containerd/certs.d"

Per registry config:

$ tree /etc/containerd/certs.d
/etc/containerd/certs.d
└── docker.io
    └── hosts.toml

Another way to check registry mirrors: crictl info.

Check number of sandboxes and containers

# check the number of pod sandboxes:
$ ls /var/lib/containerd/io.containerd.grpc.v1.cri/sandboxes/ | wc -l

# check the number of containers
$ ls /var/lib/containerd/io.containerd.grpc.v1.cri/containers/ | wc -l

ctr Cheatsheet

ctr separates tasks from containers:

  • containers: NOT processes, but isolated and restricted execution environments for processes.
  • tasks: the actual processes.
# Pull imagge
$ ctr image pull docker.io/library/hello-world:latest

# Start the container
$ ctr run docker.io/library/hello-world:latest CONTAINER_ID

# List running containers
$ ctr container ls

# Inspect a container
$ ctr container info CONTAINER_ID

# Delete a container
$ ctr container remove CONTAINER_ID

# ctr run = ctr container create + ctr task start
$ ctr container create docker.io/library/nginx:alpine nginx1
# Start the process in background
$ ctr task start --detach nginx1

# List tasks
$ ctr task ls

# Attach the task to see the stdout and stderr.
$ ctr task attach nginx1

# Kill a task
$ ctr task kill -s 9 nginx1

# Remove a task
$ ctr task rm nginx1