From Christoph's Personal Wiki
Jump to: navigation, search

Containerd is an industry-standard core container runtime. It is currently available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system. In 2015, Docker donated the OCI Specification to The Linux Foundation with a reference implementation called runc. Since 28 February 2019, it is an official CNCF project. Its general availability and intention to donate the project to CNCF was announced by Docker in 2017.


crictl is a command-line interface for CRI-compatible container runtimes. You can use it to inspect and debug container runtimes and applications on a Kubernetes node. crictl and its source are hosted in the cri-tools repository.


NOTE: crictl requires a Linux operating system with a CRI runtime.

Download a compressed archive crictl from the cri-tools release page, for several different architectures. Download the version that corresponds to your version of Kubernetes. Extract it and move it to a location on your system path, such as /usr/local/bin/.

Containerd and Kubernetes

Kubernetes nodes use the container runtime to launch, manage, and stop containers running in Pods. The Kubernetes project is removing built-in support for the Docker runtime in Kubernetes version 1.24 and later. To achieve this, Kubernetes is removing a component called dockershim, which allows Docker to communicate with Kubernetes components like the kubelet.

The containerd runtime is an industry-standard container runtime that is supported by Kubernetes, and used by many other projects. The containerd runtime provides the layering abstraction that allows for the implementation of a rich set of features like gVisor and Image streaming to extend GKE functionality.

The containerd runtime is considered more resource efficient and secure than the Docker runtime.

Troubleshooting containers

For debugging or troubleshooting on Linux nodes, you can interact with containerd using the portable command-line tool built for Kubernetes container runtimes: crictl. crictl supports common functionalities to view containers and images, read logs, and execute commands in the containers. Refer to the crictl user guide for the complete set of supported features and usage information.

View container logs with systemd:

$ journalctl -u containerd

See also

External links