1.介绍
crictl 是Kubelet容器接口(CRI)的CLI和验证工具。可以使用它来检查和调试 Kubernetes 节点上的容器运行时和应用程序。 crictl 和它的源代码在 cri-tools 代码库。
-
它不会负责以下内容:
-
基于CRI构建新的kubelet容器运行时;
-
由终端用户管理CRI兼容运行时的pod/container,例如crictl创建的pod可能会被kubelet自动删除,因为在kube-apiserver上不存在。
-
版本兼容
2. 安装 crictl
下载指定版本:https://github.com/kubernetes-sigs/cri-tools/releases
bash
VERSION="v1.28.0"
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz
3. 配置
crictl 命令有几个子命令和运行时参数。 有关详细信息,请使用 crictl help 或 crictl help 获取帮助信息。
crictl 默认连接到 unix:///var/run/dockershim.sock。 对于其他的运行时,你可以用多种不同的方法设置端点:
通过设置参数 --runtime-endpoint 和 --image-endpoint
通过设置环境变量 CONTAINER_RUNTIME_ENDPOINT 和 IMAGE_SERVICE_ENDPOINT
通过在配置文件中设置端点 --config=/etc/crictl.yaml
你还可以在连接到服务器并启用或禁用调试时指定超时值,方法是在配置文件中指定 timeout 或 debug 值,或者使用 --timeout 和 --debug 命令行参数。
要查看或编辑当前配置,请查看或编辑 /etc/crictl.yaml 的内容。
bash
cat /etc/crictl.yaml
runtime-endpoint: unix:///var/run/dockershim.sock
image-endpoint: unix:///var/run/dockershim.sock
timeout: 10
debug: true
4.命令
bash
crictl [global options] command [command options] [arguments...]
COMMANDS:
attach: Attach to a running container
create: Create a new container
exec: Run a command in a running container
version: Display runtime version information
images, image, img: List images
inspect: Display the status of one or more containers
inspecti: Return the status of one or more images
imagefsinfo: Return image filesystem info
inspectp: Display the status of one or more pods
logs: Fetch the logs of a container
port-forward: Forward local port to a pod
ps: List containers
pull: Pull an image from a registry
run: Run a new container inside a sandbox
runp: Run a new pod
rm: Remove one or more containers
rmi: Remove one or more images
rmp: Remove one or more pods
pods: List pods
start: Start one or more created containers
info: Display information of the container runtime
stop: Stop one or more running containers
stopp: Stop one or more running pods
update: Update one or more running containers
config: Get and set crictl client configuration options
stats: List container(s) resource usage statistics
statsp: List pod(s) resource usage statistics
completion: Output bash shell completion code
checkpoint: Checkpoint one or more running containers
events, event: Stream the events of containers
help, h: Shows a list of commands or help for one command
crictl by default connects on Unix to:
unix:///var/run/dockershim.sock or
unix:///run/containerd/containerd.sock or unix:///run/crio/crio.sock
or unix:///var/run/cri-dockerd.sock or on Windows to:
npipe:./pipe/dockershim or npipe:./pipe/containerd-containerd or
npipe:./pipe/cri-dockerd For other runtimes, use:
frakti: unix:///var/run/frakti.sock The endpoint can be set in three
ways:
By setting global option flags --runtime-endpoint (-r) and
--image-endpoint (-i) By setting environment variables CONTAINER_RUNTIME_ENDPOINT and IMAGE_SERVICE_ENDPOINT By setting the
endpoint in the config file --config=/etc/crictl.yaml If the endpoint
is not set then it works as follows:
If the runtime endpoint is not set, crictl will by default try to
connect using: dockershim containerd cri-o cri-dockerd If the image
endpoint is not set, crictl will by default use the runtime endpoint
setting Note: The default endpoints are now deprecated and the runtime
endpoint should always be set instead. The performance maybe affected
as each default connection attempt takes n-seconds to complete before
timing out and going to the next in sequence.
5.使用(部分命令)
bash
crictl pods #查看pods
bash
crictl pull 镜像名 #拉取镜像
crictl images #查看镜像
crictl ps -a #查看所有容器
crictl exec -i -t #进入容器
crictl start #启动容器