# Containerd Commands And Info ## Containerd Commands Containerd supports namespaces at the container runtime level. **These namespaces are entirely different from the Kubernetes namespaces.** Containerd namespaces are used to provide isolation to different applications that might be using containerd like docker, kubelet, etc. Below are two well-known namespaces. 1. K8s.io : contains all the containers started from the CRI plugin by kubelet, irrespective of the namespace in Kubernetes 2. moby : comprises all containers started by docker Since containerd allows different apps to use different namespaces, we must provide [k8s.io](http://k8s.io/) as a namespace when interacting with containerd directly, to manage containers started as part of PMK stack. All containers started in PMK stack are added to the[k8s.io](http://k8s.io/) namespace. Even the containers started by PMK directly (i.e., etcd, bouncer and kube-proxy as added to k8s.io namespace) need the apiserver to be able to access the etcd container and similar containers for the same reasons. ## Container Commands | Docker | Nerdctl | crictl | ctr | | ----------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `docker ps` | `/opt/pf9/pf9-kube/bin/nerdctl -n k8s.io ps` | `/opt/pf9/pf9-kube/bin/crictl -r unix:///run/containerd/containerd.sock ps` | `ctr -n k8s.io containers list` | |

docker inspect

Example

docker inspect etcd

/opt/pf9/pf9-kube/bin/nerdctl inspect

Example

/opt/pf9/pf9-kube/bin/nerdctl -n k8s.io inspect etcd

for more detail info use -mode=native

/opt/pf9/pf9-kube/bin/nerdctl -n k8s.io inspect -mode=native etcd

| `/opt/pf9/pf9-kube/bin/crictl -r unix:///run/containerd/containerd.sock inspect ` | `ctr -n k8s.io containers info ` | | `docker exec` | `/opt/pf9/pf9-kube/bin/nerdctl -n k8s.io exec -it etcd /bin/sh` | `/opt/pf9/pf9-kube/bin/crictl -r unix:///run/containerd/containerd.sock exec -ti sh` |

1. get the container ID from list of containers
2. check if the container has a task associated with it (not all containers have a task associated. For such containers nerdctl or crictl might need to be used to exec)

ctr -n k8s.io tasks ls

3. Exec into container using ID

ctr -n k8s.io tasks exec--exec-id /bin/sh

/opt/pf9/pf9-kube/bin/nerdctl -n k8s.io logs etcd

/opt/pf9/pf9-kube/bin/crictl -r unix:///run/containerd/containerd.sock logs \

| `/opt/pf9/pf9-kube/bin/crictl -r unix:///run/containerd/containerd.sock logs ` | N/A | | | | | | ## Containerd Logs Locations * /var/log/containers/ * /var/log/pods/ ## Containerd Configuration File */etc/containerd/config.toml* ## Partially Migrated Clusters One of the questions often raised was, “what happens if the cluster is partially migrated, i.e., some nodes are running with containerd runtime while others are running with docker runtime?” Pods continued to run as usual when the cluster is partially migrated. Moreover, the pods were able to communicate across nodes irrespective of the container runtime on the source and destination nodes where the pods are running. {% tabs %} {% tab title="Bash" %} ```bash root@ip-10-0-2-16:~# kubectl --kubeconfig /etc/pf9/kube.d/kubeconfigs/admin.yaml get po -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-6799fc88d8-2cl9l 1/1 Running 0 3m22s 10.20.123.19 ip-10-0-2-168.us-west-2.compute.internal nginx-6799fc88d8-4rj7s 1/1 Running 0 3m22s 10.20.215.76 ip-10-0-2-16.us-west-2.compute.internal nginx-6799fc88d8-g9jx9 1/1 Running 0 3m22s 10.20.132.198 ip-10-0-1-90.us-west-2.compute.internal nginx-6799fc88d8-q2wvs 1/1 Running 0 3m22s 10.20.132.197 ip-10-0-1-90.us-west-2.compute.internal nginx-6799fc88d8-vd4cp 1/1 Running 0 3m22s 10.20.123.18 ip-10-0-2-168.us-west-2.compute.internal root@ip-10-0-2-16:~# kubectl --kubeconfig /etc/pf9/kube.d/kubeconfigs/admin.yaml get no -owide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME ip-10-0-1-90.us-west-2.compute.internal Ready worker 27m v1.21.3 10.0.1.90 34.221.171.199 Ubuntu 20.04.2 LTS 5.4.0-1041-aws docker://19.3.11 ip-10-0-2-16.us-west-2.compute.internal Ready master 30m v1.21.3 10.0.2.16 34.220.60.240 Ubuntu 20.04.2 LTS 5.4.0-1041-aws docker://19.3.11 ip-10-0-2-168.us-west-2.compute.internal Ready worker 27m v1.21.3 10.0.2.168 54.200.68.102 Ubuntu 20.04.2 LTS 5.4.0-1041-aws containerd://1.4.6 ## On the worker nodes that is using docker runtime root@ip-10-0-1-90:~# /opt/pf9/pf9-kube/bin/crictl exec -ti 1a4fb967877cb bash WARN[0000] runtime connect using default endpoints: [unix:///var/run/dockershim.sock unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock]. As the default settings are now deprecated, you should set the endpoint instead. ## Verify east-west connectivity across pods of the nginx deployment root@nginx-6799fc88d8-q2wvs:/# for i in 10.20.123.19 10.20.215.76 10.20.132.198 10.20.132.197 10.20.123.18; do curl http://$i; done Welcome to nginx!

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.