Basic troubleshooting with Crictl tool

News Knowledge Base
1

In case kubectl isn't functioning, how to perform basic troubleshooting using crictl instead of kubectl?

Description: In the case that Kubectl is unavailable or not working, it is possible to perform basic troubleshooting using the crtictl tool, such as verifying the status of images, pods, and containers. Additionally, it is possible to review the container logs from the failing pods.

First it is required to install and configure crictl tool by following below steps:

  1. Login as root
sudo su -
  1. Download the tar file: Download the crictl tar package from the cri-tools release page. You can use the following command, replacing "VERSION" with the version that corresponds to your version of Kubernetes 
VERSION="v1.26.0" # check the latest version on the releases page
curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz --output crictl-$VERSION-linux-amd64.tar.gz
  1. Extract the file: Extract the downloaded tar file and move it to a location on your system path, such as /usr/local/bin/. You can use the following command: 
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
  1. Remove the tar file: After extraction, you can remove the downloaded tar file to clean up
rm -f crictl-$VERSION-linux-amd64.tar.gz
  1. Check the version: Verify the installation by checking the version of crictl: 
crictl --version
  1. To enable Crictl Set the CONTAINER_RUNTIME_ENDPOINT and IMAGE_SERVICE_ENDPOINT environment variables. 
export CONTAINER_RUNTIME_ENDPOINT=unix:///run/k3s/containerd/containerd.sock
export IMAGE_SERVICE_ENDPOINT=unix:///run/k3s/containerd/containerd.sock

(For RKE2, the Containerd socket is located at /run/k3s/containerd/containerd.sock)



Here is a basic example of how to collect logs from a container that is not running a pod.

  1. List the pods
crictl pods

All of the pods with the ID will be displayed.

pods.PNG

  1. List the pods in the "NotReady" state 
crictl pods |grep NotReady

Note down the relevant "pod ID"

  1. List all the containers
crictl ps -a

It will display each container along with its ID and the name / ID of the associated pods.

all containers.PNG

  1. Use the grep command to display the specific containers for the "NotReady" pod
crictl ps -a |grep

Note down the "container's ID"

  1. Examine the container's logs
crictl logs

Other use full commands to list the images and inspect the containers can be found here Container Runtime Interface (CRI) CLI .