k8s从1.20版本起换掉了docker使用了contained，下面介绍一下contained的一些常用命令。

1.ctr

ctr -h

COMMANDS:
   plugins, plugin            provides information about containerd plugins
   version                    print the client and server versions
   containers, c, container   manage containers
   content                    manage content
   events, event              display containerd events
   images, image, i           manage images
   leases                     manage leases
   namespaces, namespace, ns  manage namespaces
   pprof                      provide golang pprof outputs for containerd
   run                        run a container
   snapshots, snapshot        manage snapshots
   tasks, t, task             manage tasks
   install                    install a new package
   oci                        OCI tools
   shim                       interact with a shim directly
   help, h                    Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --debug                      enable debug output in logs
   --address value, -a value    address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
   --timeout value              total timeout for ctr commands (default: 0s)
   --connect-timeout value      timeout for connecting to containerd (default: 0s)
   --namespace value, -n value  namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
   --help, -h                   show help
   --version, -v                print the version

containerd 相比于docker , 多了namespace概念, 每个image和container 都会在各自的namespace下可见, k8s使用k8s.io 作为命名空间。

镜像

查看命名空间
ctr namespace ls
查看 K8S 命名空间下的镜像
ctr -n k8s.io images/i ls
下载镜像
ctr -n k8s.io images pull docker.io/goharbor/nginx-photon:v1.10.10
镜像标记tag
ctr -n k8s.io i tag docker.io/goharbor/nginx-photon:v1.10.10 docker.io/goharbor/nginx-photon:v1.10.11
注意: 若新镜像reference 已存在, 需要先删除新reference, 或者如下方式强制替换
ctr -n k8s.io i tag --force docker.io/goharbor/nginx-photon:v1.10.10 docker.io/goharbor/nginx-photon:v1.10.101
删除镜像
ctr -n k8s.io i rm docker.io/goharbor/nginx-photon:v1.10.10
push 上传镜像
ctr images push docker.io/goharbor/nginx-photon:v1.10.10
导出镜像
ctr -n k8s.io i export nginx.tar  docker.io/goharbor/nginx-photon:v1.10.10
导入镜像
ctr -n k8s.io images import nginx.tar
ctr -n k8s.io images ls -q

容器

创建 container
ctr -n k8s.io c create docker.io/goharbor/nginx-photon:v1.10.10 nginx
查看容器
ctr -n k8s.io c ls
运行容器
ctr -n k8s.io run [command options] [flags] Image|RootFS ID [COMMAND] [ARG...]
ctr -n k8s.io run nginx /bin/bash
后台启动
ctr -n k8s.io t start -d nginx
查看 container
ctr -n k8s.io t ls
查看 k8s 中正在运行的容器
ctr -n k8s.io task ls
查看该容器在宿主机的PID，并进入容器
ctr -n buildkit t exec --exec-id $RANDOM -t f4bd1e21da3190e9fbd9c0ae51c3649419e87a3b7f71067df28b5ded3313b76e sh
停止容器,需要先停止容器内的task, 再删除容器
ctr -n k8s.io tasks kill -a -s 9 {id}
ctr -n k8s.io c rm {id}

2.crictl

[root@master ~]# crictl -h
NAME:
   crictl - client for CRI

USAGE:
   crictl [global options] command [command options] [arguments...]

VERSION:
   v1.19.0

COMMANDS:
   attach              Attach to a running container
   create              Create a new container
   exec                Run a command in a running container
   version             Display runtime version information
   images, image, img  List images
   inspect             Display the status of one or more containers
   inspecti            Return the status of one or more images
   imagefsinfo         Return image filesystem info
   inspectp            Display the status of one or more pods
   logs                Fetch the logs of a container
   port-forward        Forward local port to a pod
   ps                  List containers
   pull                Pull an image from a registry
   run                 Run a new container inside a sandbox
   runp                Run a new pod
   rm                  Remove one or more containers
   rmi                 Remove one or more images
   rmp                 Remove one or more pods
   pods                List pods
   start               Start one or more created containers
   info                Display information of the container runtime
   stop                Stop one or more running containers
   stopp               Stop one or more running pods
   update              Update one or more running containers
   config              Get and set crictl client configuration options
   stats               List container(s) resource usage statistics
   completion          Output shell completion code
   help, h             Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --config value, -c value            Location of the client config file. If not specified and the default does not exist, the program's directory is searched as well (default: "/etc/crictl.yaml") [$CRI_CONFIG_FILE]
   --debug, -D                         Enable debug mode (default: false)
   --image-endpoint value, -i value    Endpoint of CRI image manager service (default: uses 'runtime-endpoint' setting) [$IMAGE_SERVICE_ENDPOINT]
   --runtime-endpoint value, -r value  Endpoint of CRI container runtime service (default: uses in order the first successful one of [unix:///var/run/dockershim.sock unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock]). Default is now deprecated and the endpoint should be set instead. [$CONTAINER_RUNTIME_ENDPOINT]
   --timeout value, -t value           Timeout of connecting to the server in seconds (e.g. 2s, 20s.). 0 or less is set to default (default: 2s)
   --help, -h                          show help (default: false)
   --version, -v                       print the version (default: false)

crictl 是为k8s使用containerd而制作的, 其他非k8s创建的容器crictl是无法看到和调试的, 也就是说用 ctr run 运行的容器无法使用crictl

crictl 使用命名空间 k8s.io.