System Servicescrikubeletcontainerocidebuggingvalidationkubernetes

cri-tools

cri-tools provides command line utilities for debugging and validating Kubelet CRI interfaces, including crictl for CRI client operations and critest for validation test suites. It supports creating OCI images and interacting with container runtimes.

Description

cri-tools is a collection of tools designed for working with Container Runtime Interface (CRI) in Kubernetes environments. The package includes crictl, a CLI client for kubelet CRI, and critest, validation test suites for kubelet CRI. These tools are essential for debugging, managing, and testing container runtimes compatible with CRI standards.

crictl enables operators to attach to containers, create new ones, execute commands, checkpoint running containers, and stream events. It supports multiple container runtimes through configurable endpoints, making it versatile for different CRI implementations like containerd, CRI-O, and cri-dockerd.

critest provides comprehensive testing capabilities using the Ginkgo testing framework, allowing users to control test order, parallelism, filtering, failure handling, output formatting, and debugging. This makes it valuable for ensuring CRI runtime compliance and reliability in production Kubernetes clusters.

How It Works

cri-tools communicates with CRI-compatible container runtimes via Unix sockets (unix:///run/containerd/containerd.sock, unix:///run/crio/crio.sock, unix:///var/run/cri-dockerd.sock) using configurable endpoints. crictl acts as a client sending gRPC requests to the CRI runtime service for container lifecycle management and image operations. critest runs Ginkgo-based test suites that validate CRI conformance by executing container creation, execution, and teardown sequences against the runtime, with configurable parallelism and filtering for comprehensive coverage.

Installation

bash

sudo apt install cri-tools

Flags

--config value, -c valueLocation of the client config file. If not specified and the default does not exist, the program's directory is searched as well (default: "/etc/crictl.yaml")

--debug, -DEnable debug mode

--runtime-endpoint value, -r valueEndpoint of CRI container runtime service (default: uses first successful one of [unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock])

--image-endpoint value, -i valueEndpoint of CRI image manager service (default: uses 'runtime-endpoint' setting)

--timeout value, -t valueTimeout of connecting to the server in seconds (e.g. 2s, 20s.). 0 or less is set to default (default: 2s)

--ginkgo.seed [int]The seed used to randomize the spec suite

--ginkgo.fail-fastIf set, ginkgo will stop running a test suite after a failure occurs

--ginkgo.vIf set, emits more output including GinkgoWriter contents

Examples

Display help for crictl showing available commands and global options

crictl -h

Attach to a running container

crictl attach

Run a command in a running container

crictl exec

Stream the events of containers

crictl events

Get, set and list crictl configuration options

crictl config

Display help for critest showing Ginkgo test flags and options

critest -h

Use specific containerd runtime endpoint

crictl --runtime-endpoint unix:///run/containerd/containerd.sock

Updated 2026-04-16kali.org ↗