crictl Commands
crictl is the essential tool for debugging containers on Kubernetes nodes. Learn to inspect pods, containers, and images directly on the node without kubectl.
crictl is a command-line interface for CRI-compatible container runtimes. It allows you to interact with containers, pods, and images on a Kubernetes node without going through the Kubernetes API server. It's the primary tool for debugging container issues at the node level.
Unlike kubectl (which communicates with the API server), crictl communicates directly with the container runtime. This makes it invaluable for troubleshooting node-level issues when the API server is unavailable or when you need to inspect containers directly.
# Install latest version
VERSION="v1.28.0"
curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz -o crictl.tar.gz
sudo tar Cxzvf /usr/local/bin crictl.tar.gz
# Verify installation
crictl --version
# Configure crictl endpoint (default for containerd)
export CONTAINER_RUNTIME_ENDPOINT=unix:///run/containerd/containerd.sock
# Or set in /etc/crictl.yaml
cat > /etc/crictl.yaml <
crictl pods
List all pods on the node
crictl pods --name nginx
Filter pods by name
crictl pods --namespace kube-system
Filter pods by namespace
crictl pods --state Ready
Filter by pod state
crictl inspectp <pod-id>
Inspect a pod
crictl rm <pod-id>
Remove a pod (sandbox)
# List all pods
crictl pods
# Example output:
POD ID CREATED STATE NAME NAMESPACE
abc123def456 2 minutes ago Ready nginx-deployment default
def456ghi789 5 minutes ago Ready kube-proxy-abc kube-system
# List pods with details
crictl pods -v
# Get pod by label
crictl pods --label app=nginx
crictl ps
List running containers
crictl ps -a
List all containers
crictl inspect <id>
Inspect a container
crictl logs <id>
View container logs
crictl exec <id> <cmd>
Execute command in container
crictl stop <id>
Stop a container
crictl rm <id>
Remove a container
# List running containers
crictl ps
# List all containers (including stopped)
crictl ps -a
# Get container details
crictl inspect
# View container logs
crictl logs
# Follow logs
crictl logs -f
# Execute command
crictl exec -it sh
# Get container stats
crictl stats
crictl images
List images
crictl inspecti <image>
Inspect an image
crictl pull <image>
Pull an image
crictl rmi <image>
Remove an image
# List images
crictl images
# List images with details
crictl images -v
# Pull image
crictl pull nginx:alpine
# Inspect image
crictl inspecti nginx:alpine
# Remove image
crictl rmi nginx:alpine
# 1. Find a pod that's failing
kubectl get pods -n myapp
# Pod is in CrashLoopBackOff or Pending
# 2. SSH to the node (or use node debug)
# 3. Find the pod on the node
crictl pods --name
# 4. Get container ID
crictl ps -a | grep
# 5. Inspect container logs
crictl logs
# 6. Inspect container details
crictl inspect | jq '.status'
# 7. Get detailed pod info
crictl inspectp | jq '.status'
# 8. Check container stats
crictl stats
# Get runtime information
crictl info
# Check CRI version
crictl version
# Get container state in JSON
crictl inspect --output json
# Get pod sandbox info
crictl inspectp --output yaml
# Filter containers by label
crictl ps --label app=nginx
# Filter containers by state
crictl ps --state Running
crictl ps --state Exited
# Remove all stopped containers
crictl ps -a | grep Exited | awk '{print $1}' | xargs -r crictl rm
- kubectl: Communicates with Kubernetes API server. Works across the entire cluster. Uses RBAC for authentication.
- crictl: Communicates directly with container runtime on a specific node. Works even if API server is down. Requires node access.
# Check if crictl can connect
crictl info
# Error: "failed to connect"
# Check runtime endpoint
cat /etc/crictl.yaml
export CONTAINER_RUNTIME_ENDPOINT=unix:///run/containerd/containerd.sock
# Check containerd status
sudo systemctl status containerd
# Check if containerd is listening on the socket
ls -la /run/containerd/containerd.sock
# Debug with verbose output
crictl --debug ps
Master crictl to debug Kubernetes nodes effectively. It's the essential tool for every Kubernetes administrator and developer.