Container Management - CRI (containerd/CRI-O)

Vapor supports Container Runtime Interface (CRI) compatible runtimes including containerd and CRI-O. This provides Kubernetes-compatible container management without Docker.

Prerequisites

• Either containerd or CRI-O must be installed and running
• Appropriate permissions to access the CRI socket
• crictl CLI tool (automatically used by Vapor)

Supported Runtimes

containerd

• Default runtime for many Kubernetes distributions
• Socket location: /run/containerd/containerd.sock
• Lightweight and efficient

CRI-O

• Purpose-built for Kubernetes
• Socket location: /var/run/crio/crio.sock
• OCI-compliant runtime

Navigating to Container Management

1. From the main menu, click on Containers
2. Vapor automatically detects the available CRI runtime

Runtime Detection

Vapor automatically detects which runtime is available:

1. First checks for containerd socket
2. Then checks for CRI-O socket
3. Falls back to Docker if no CRI runtime is found

The active runtime is displayed in the top status bar.

Containers

The Containers view shows all containers managed by the CRI runtime.

Container List

Each container displays:

• Container ID (truncated)
• Name and namespace
• Image reference
• State (Running, Exited, Unknown)
• Created timestamp
• Pod association

Container States

CRI containers can be in these states:

• Running: Container is actively running
• Exited: Container has stopped
• Unknown: State cannot be determined
• Created: Container created but not started

Managing Containers

Viewing Container Details

Click on a container to view:

• Full container ID
• Image ID and digest
• Pod sandbox ID
• Labels and annotations
• Created and started times
• Exit code (if stopped)

Container Logs

1. Click the Logs button
2. View streaming logs
3. Options:
   • Follow logs in real-time
   • Show timestamps
   • Limit number of lines
   • Filter by time range

Executing Commands

1. Click the Exec button
2. Select or enter command to run
3. Opens interactive terminal session
4. Supports standard shells (sh, bash)

Removing Containers

1. Stop the container first (if running)
2. Click Remove in the actions menu
3. Confirm deletion

Note: In CRI environments, containers are typically managed by Kubernetes. Direct manipulation should be done carefully.

Images

The Images section manages container images.

Image List

Shows cached images with:

• Image repository and tag
• Image ID
• Size
• Number of containers using it

Image Operations

Pulling Images

1. Click Pull Image
2. Enter full image reference:
   • Docker Hub: docker.io/library/nginx:latest
   • Other registries: quay.io/coreos/flannel:latest
3. Configure authentication if needed
4. Click Pull

Removing Images

1. Ensure no containers are using the image
2. Click Remove in the actions menu
3. Confirm deletion

Note: Image removal in CRI is more restrictive than Docker. Images in use cannot be removed.

Pods (CRI Specific)

CRI runtimes organize containers into pods (even single containers).

Pod Information

Each pod shows:

• Pod ID
• Name and namespace
• State
• Network namespace
• Created time

Pod Operations

• List Pods: View all pod sandboxes
• Pod Status: Check detailed pod status
• Remove Pod: Delete pod and its containers

Kubernetes Integration

When running on a Kubernetes node:

Node Information

• Node name and role
• Container runtime version
• Kubernetes version
• CNI plugin information

Kubernetes Containers

• System containers (kube-system namespace)
• Application containers
• Init containers
• Sidecar containers

CRI vs Docker Differences

Features Available in CRI

• Basic container lifecycle (start, stop, remove)
• Log viewing
• Command execution
• Image pull and remove
• Pod management

Features NOT Available in CRI

• Container creation (managed by Kubernetes)
• Container restart (managed by kubelet)
• Container pause/unpause
• Image building
• Volume management (managed by Kubernetes)
• Network management (managed by CNI)

Important Differences

1. Container Creation: Containers must be created through Kubernetes, not directly
2. Networking: Managed by CNI plugins, not directly configurable
3. Storage: Volumes managed by Kubernetes, not CRI
4. Image Format: Uses OCI format, compatible with Docker images

Working with crictl

Vapor uses crictl internally, but you can also use it directly:

Common Commands

# List containers
crictl ps

# List images
crictl images

# View logs
crictl logs <container-id>

# Execute command
crictl exec -it <container-id> sh

# Pull image
crictl pull nginx:latest

# Inspect container
crictl inspect <container-id>

Best Practices

1. Kubernetes First: In CRI environments, manage containers through Kubernetes when possible
2. Namespace Awareness: Be aware of Kubernetes namespaces when working with containers
3. Avoid Direct Manipulation: Don't directly modify Kubernetes-managed containers
4. Use Labels: Leverage Kubernetes labels for organization
5. Monitor Resources: CRI provides basic stats, use Kubernetes metrics for detailed monitoring
6. Log Management: Configure appropriate log drivers at the Kubernetes level

Troubleshooting

Runtime Not Detected

• Verify containerd or CRI-O is running:

  systemctl status containerd
  # or
  systemctl status crio

• Check socket exists:

  ls -la /run/containerd/containerd.sock
  # or
  ls -la /var/run/crio/crio.sock

Cannot View Containers

• Ensure you have permissions to access the socket
• Check if containers are in different namespaces
• Verify crictl is properly configured

Image Pull Failures

• Check registry accessibility
• Verify image reference format
• Configure registry mirrors if needed
• Check authentication for private registries

Container Logs Empty

• Container might be using a different log driver
• Check Kubernetes pod logs instead
• Verify log rotation settings

Exec Fails

• Container might not have shell installed
• Try different shell (sh instead of bash)
• Check container is running
• Verify permissions

Advanced Configuration

Runtime Configuration

Configuration files:

• containerd: /etc/containerd/config.toml
• CRI-O: /etc/crio/crio.conf

Registry Configuration

Configure registry mirrors and authentication:

• containerd: In config.toml under [plugins."io.containerd.grpc.v1.cri".registry]
• CRI-O: In crio.conf under [crio.image]

Debugging

Enable debug logging:

• Set log level in runtime configuration
• View logs with journalctl -u containerd or journalctl -u crio