{{tag>Brouillon K8S Docker}}

= Notes Containerd et CRI

== Install

Voir :
* [[Notes - nerdctl]]
* [[Notes k8s - How to Install Kubernetes Cluster on Debian 11-12]]


== CRI ctr crictl

Voir : 
* https://kubernetes.io/docs/tasks/debug/debug-cluster/crictl/
* https://blog.stephane-robert.info/docs/conteneurs/outils/crictl/
* https://www.hackingnote.com/en/cheatsheets/crictl/
* https://www.youtube.com/watch?v=Bnz-uR6JJyA


<code bash>
ctr tasks list
sudo ctr containers ls
sudo ctr -n k8s.io containers ls
</code>

<code ->
$ sudo crictl ps --label=io.kubernetes.container.name=etcd
WARN[0000] runtime connect using default endpoints: [unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead. 
WARN[0000] image connect using default endpoints: [unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead. 
CONTAINER           IMAGE               CREATED             STATE               NAME                ATTEMPT             POD ID              POD
26ad6c508d95f       2e96e5913fc06       53 minutes ago      Running             etcd                3                   7adfdae770dbc       etcd-vmdeb01.local
</code>

<code ->
$ sudo ctr -n k8s.io containers ls |grep etcd
26ad6c508d95f60c42468e683334b01ac46a983d0dc145f05c50e94fb27ab2a4    registry.k8s.io/etcd:3.5.15-0                      io.containerd.runc.v2    
e2deef7ab12b892a88ec02e1b4956617a95bc2418ebd05d9112d650b4a6827a4    registry.k8s.io/etcd:3.5.15-0                      io.containerd.runc.v2 

$ sudo crictl inspect 26ad6c508d95f60c42468e683334b01ac46a983d0dc145f05c50e94fb27ab2a4 2>/dev/null | jq '.status.state' 
"CONTAINER_RUNNING"
$ sudo crictl inspect e2deef7ab12b892a88ec02e1b4956617a95bc2418ebd05d9112d650b4a6827a4 2>/dev/null | jq '.status.state'
"CONTAINER_EXITED"
</code>

<code ->
$ sudo crictl pods --name etcd
WARN[0000] runtime connect using default endpoints: [unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead. 
POD ID              CREATED             STATE               NAME                 NAMESPACE           ATTEMPT             RUNTIME
7adfdae770dbc       About an hour ago   Ready               etcd-vmdeb01.local   kube-system         1                   (default)
d258693e868f9       21 hours ago        NotReady            etcd-vmdeb01.local   kube-system         0                   (default)
</code>


<code bash>
sudo crictl pods --name etcd -o yaml

# list pods by label
$ crictl pods --label component=kube-apiserver

# get the latest pod
$ crictl pods --latest

crictl logs 87d3992f84f74
</code>




== Pb

=== Pb Kubeadm 1

<code ->
root@vmdeb02:~# kubeadm init
[init] Using Kubernetes version: v1.29.0
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR CRI]: container runtime is not running: output: time="2023-12-19T04:03:10-06:00" level=fatal msg="validate service connection: validate CRI v1 runtime API for endpoint \"unix:///var/run/containerd/containerd.sock\": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService"
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
</code>

Et / ou
<code ->
# systemctl status containerd.service
Sep 10 09:35:34 vmdeb01 containerd[18699]: time="2024-09-10T09:35:34.364662398Z" level=error msg="copy shim log" error="read /proc/self/fd/17: file already closed" namespace=k8s.io
</code>



==== Solution

''/etc/containerd/config.toml''
<code ini>
#disabled_plugins = ["cri"]
disabled_plugins = []
</code>

Et
<code bash>
systemctl restart containerd.service
</code>

Voir 
<code bash>
zcat /usr/share/man/man5/containerd-config.toml.5.gz |sed -ne '/\.EX/,/\.EE/p' > /etc/containerd/config.toml.exemple1
containerd config default > /etc/containerd/config.toml.exemple2
</code>

''/etc/containerd/config.toml''
<code ini>
disabled_plugins = [""]

#root = "/var/lib/containerd"
#state = "/run/containerd"
#subreaper = true
#oom_score = 0

#[grpc]
# address = "/run/containerd/containerd.sock"
# uid = 0
# gid = 0

#[debug]
# address = "/run/containerd/debug.sock"
# uid = 0
# gid = 0
# level = "info"

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
</code>


Voir https://k8s.myprivatelab.tech/deploiement_serveur_kubernetes_v2


== Autres

<code bash>
zcat /usr/share/man/man5/containerd-config.toml.5.gz |sed -ne '/\.EX/,/\.EE/p' > /etc/containerd/config.toml.exemple
</code>

En cas de Pb désactiver Faut-il désactiver AppArmor / SELinux

Désactiver AppArmor
<code bash>
systemctl disable --now apparmor
</code>