Closed reegnz closed 5 months ago
+1 on this
crictl
is the tool recommended by upstream Kubernetes to debug node issues: https://kubernetes.io/docs/tasks/debug/debug-cluster/crictl/
It is hard to understand that EKS nodes by default have a non-working version of a non-standard tool but do not have the standard tool recommended by upstream.
nerdctl
works fine, its default config was improved in: https://github.com/awslabs/amazon-eks-ami/pull/1488nerdctl
is the official CLI for containerd
with (IMO) much better ergonomics than crictl
; but it can definitely be helpful to have crictl
. 👍
What would you like to be added: Install cri-tools and configure it with /etc/crictl.yaml.
Previously there was an issue that requested this (#797) but it was closed by a change that introduced nerdctl instead. AFAICT amazon-linux does have a cri-tools package, so installing it should be trivial.
Why is this needed:
Crictl is the officially documented tooling for kubernetes to troubleshoot nodes: https://kubernetes.io/docs/tasks/debug/debug-cluster/crictl/
Nerdctl does not have a concept of pods, while crictl does. This allows continuing to use pod semantics when troubleshooting within on a node using crictl vs using nerdctl and figuring out which containers belong to which pod (not terribly difficult, but still an extra step).
Having nerdctl on the nodes is nice and I think it belongs with any containerd installation by default, but the nodes are k8s nodes, missing capabilities that crictl does add, which is pod-aware semantics during troubleshooting.
Additional notes:
nerdctl is not properly configured on a node,
nerdctl ps
doesn't list anything, you have to usenerdctl --namespace="k8s.io" ps
. I'll open a separate ticket to fix that as well, because on a k8s node one would expect nerdctl to default to the kubernetes pods namespace.