crictl

什么是crictl

CRI的CLI工具-crictl

安装与配置

安装

1 2	wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.32.0/crictl-v1.32.0-linux-amd64.tar.gz tar -zxvf crictl-v1.32.0-linux-amd64.tar.gz -C /usr/local/bin

配置

crictl连接containerd

默认情况下（没有配置crictl配置文件），crictl在Linux节点下会通过几种sock连接运行时的endpoint
- docker：unix:///var/run/dockershim.sock
- containerd: unix:///run/contianerd/containerd.sock
- Ciro: unix:///run/crio/crio/sock
- Cri-containerd: unix:///var/run/cri-dockerd.sock
如果是Windows节点，会默认连接到containerd

如果要自定义crictl的连接信息有三种形式

通过crictl –runtime-endpoint 和 –runtime-image-endpoint配置
通过设置环境变量CONTAINER_RUNTIME_ENDPOINT和IMAGE_SERVEVICE_ENDPOINT配置
通过指定crictl –config=/ect/crictl/crictl.yaml 来设置配置文件，不指定从/etc/crictl.yaml和环境变量CRI_CONFIG_FILE中配置的config文件

crictl config设置

[root@iZbp1ebizftw2vpbpm737wZ ~]# crictl config
NAME:
   crictl config - Get, set and list crictl configuration options

USAGE:
   crictl config command [command options] [<crictl options>]

EXAMPLES:
   # Set the key "debug" to "true"
   crictl config --set debug=true

   # Set the key "debug" to "true"
   crictl config debug true

   # Get the value of "debug"
   crictl config --get debug

   # Show the full configuration
   crictl config --list

CRICTL OPTIONS:
   runtime-endpoint:      Container Runtime Interface (CRI) runtime endpoint (default: "")
   image-endpoint:        Container Runtime Interface (CRI) image endpoint (default: "")
   timeout:               Timeout of connecting to server (default: 2)
   debug:                 Enable debug output (default: false)
   pull-image-on-create:  Enable pulling image on create requests (default: false)
   disable-pull-on-run:   Disable pulling image on run requests (default: false)

COMMANDS:
   help, h  Shows a list of commands or help for one command

OPTIONS:
   --get value                  Show the option value
   --list                       Show all option value (default: false)
   --set value [ --set value ]  Set option (can specify multiple or separate values with commas: opt1=val1,opt2=val2)
   --help, -h                   show help
[root@iZbp1ebizftw2vpbpm737wZ ~]#

Example:

[root@iZbp1ebizftw2vpbpm737wZ ~]# cat /etc/crictl.yaml 
# RuntimeService对应的endpoint
runtime-endpoint: unix:///run/containerd/containerd.sock
# ImageService对应的endpoint，如果为空，默认与runtime-endpoint一致
image-endpoint: unix:///run/containerd/containerd.sock
# crictl连接containerd CRI Plugin的超时时间，默认2s
timeout: 2
# 是否打印debug日志默认false
debug: false
# 是否在插件容器时拉取镜像，默认false
pull-image-on-create: false
# 是否禁止在运行容器禁止拉取镜像， 默认false
disable-pull-on-run: false
[root@iZbp1ebizftw2vpbpm737wZ ~]#

除了手动创建/etc/crictl.yaml 还可以通过crictl config –set=自动生成 /etc/crictl.yaml

使用

[root@iZbp1ebizftw2vpbpm737wZ ~]# crictl -h
NAME:
   crictl - client for CRI

USAGE:
   crictl [global options] command [command options]

VERSION:
   v1.32.0

COMMANDS:
   attach                 Attach to a running container
   checkpoint             Checkpoint one or more running containers
   completion             Output shell completion code
   config                 Get, set and list crictl configuration options
   create                 Create a new container
   events, event          Stream the events of containers
   exec                   Run a command in a running container
   imagefsinfo            Return image filesystem info
   images, image, img     List images
   info                   Display information of the container runtime
   inspect                Display the status of one or more containers
   inspecti               Return the status of one or more images
   inspectp               Display the status of one or more pods
   logs                   Fetch the logs of a container
   metricsp               List pod metrics. Metrics are unstructured key/value pairs gathered by CRI meant to replace cAdvisor's /metrics/cadvisor endpoint.
   pods                   List pods
   port-forward           Forward local port to a pod
   ps                     List containers
   pull                   Pull an image from a registry
   rm                     Remove one or more containers
   rmi                    Remove one or more images
   rmp                    Remove one or more pods
   run                    Run a new container inside a sandbox
   runp                   Run a new pod
   runtime-config         Retrieve the container runtime configuration
   start                  Start one or more created containers
   stats                  List container(s) resource usage statistics
   statsp                 List pod statistics. Stats represent a structured API that will fulfill the Kubelet's /stats/summary endpoint.
   stop                   Stop one or more running containers
   stopp                  Stop one or more running pods
   update                 Update one or more running containers
   update-runtime-config  Update the runtime configuration
   version                Display runtime version information
   help, h                Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --config value, -c value                   Location of the client config file. If not specified and the default does not exist, the program's directory is searched as well (default: "/etc/crictl.yaml") [$CRI_CONFIG_FILE]
   --debug, -D                                Enable debug mode (default: false)
   --enable-tracing                           Enable OpenTelemetry tracing. (default: false)
   --image-endpoint value, -i value           Endpoint of CRI image manager service (default: uses 'runtime-endpoint' setting) [$IMAGE_SERVICE_ENDPOINT]
   --profile-cpu value                        Write a pprof CPU profile to the provided path.
   --profile-mem value                        Write a pprof memory profile to the provided path.
   --runtime-endpoint value, -r value         Endpoint of CRI container runtime service (default: uses in order the first successful one of [unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]). Default is now deprecated and the endpoint should be set instead. [$CONTAINER_RUNTIME_ENDPOINT]
   --timeout value, -t value                  Timeout of connecting to the server in seconds (e.g. 2s, 20s.). 0 or less is set to default (default: 2s)
   --tracing-endpoint value                   Address to which the gRPC tracing collector will send spans to. (default: "127.0.0.1:4317")
   --tracing-sampling-rate-per-million value  Number of samples to collect per million OpenTelemetry spans. Set to 1000000 or -1 to always sample. (default: -1)
   --help, -h                                 show help
   --version, -v                              print the version
[root@iZbp1ebizftw2vpbpm737wZ ~]#

pod相关

# 运行一个新的Pod
crictl runp 

# 停止一个或者多个正在运行的pod
crictp stopp 

# 删除一个或多个Pod
crictp rmp
 
# 列出pods
crictl pods

# 以指定格式显示一个或多个pod的状态和详细信息，支持的格式有json、yaml、go-templdate、table
crictl inspectp

# 列出一个或多个pod的资源利用率(cpu、memory)
crictl statsp

容器相关

# 在sandbox中创建容器
crictl create 

# 启动一个或多个容器
crictl start

# 停止一个或多个运行的容器
crictl stop 

# 删除一个或多个容器
crictl rm

# 在sandbox启动容器，等价于create+start
crictl run

# 列出正在运行的容器，通过-a列出所有的容器
crictl ps

# 以指定的格式显示一个或多个容器的状态，支持json\yaml\go-template\table
crictl inspect

# 更新一个或者多个正在运行的容器
crictl update

# 列出一个或者多个容器状态
crictl stats

# 拉取镜像
crictl pull 

# 列出所有镜像
images、image、img

# 以指定格式显示一个或者多个镜像的详细信息，支持json、yaml、go-template、table
crictl inspecti

# 删除一个或者多个镜像
crictl rmi

Streaming

# attach到正在运行进程
crictl attch

# 在正在运行的容器执行命令
crictl exec 

# 将本地端口转发到pod上
crictl port-forward

# 获取容器的日志
crictl logs

其他

# 打印runtime的版本信息
crictl version

# 打印镜像文件系统的信息
crictl imagefsinfo

# 获取runtime信息（CRI+CNI的状态）
crictl info

# 获取和设置crictl配置信息
crictl config

# 输出自动补全信息的shell
crictl completion

# 打印帮助信息
crictl -h help