Increasingly, docker is being replaced with containerd in kubernetes clusters. These days, in my daily work, I am dealing with clusters almost exclusively with containerd as CRI. In such cases, sometimes there is a need to pull or push some images to say, internal / private registries. without docker cli installed and docker daemon running, how do we achieve this? Read on.
Option 1 – use ctr – the containerd CLI
ContainerD gets installed with its own CLI – ctr – which is lot more minimal than docker cli. But fortunately, push and pull commands are available. I am yet to find a way to see the logs and exec into a containers ( at least in v1.4)
# pull image using ctr
sudo ctr i pull docker.io/utkuozdemir/pv-migrate-sshd:1.0.0
# tag the image for your internal container registry
sudo ctr i tag docker.io/utkuozdemir/pv-migrate-sshd:1.0.0 my-internal-nexus:5002/pv-migrate-sshd:1.0.0
# Push to internal container registry server
sudo ctr i push --platform linux/amd64 my-internal-nexus:5002/pv-migrate-sshd:1.0.0One thing to remember about ctr is that it expects that you have image for all the platforms to push. If you have downloaded the image, it would only be for one platform say.. linux-amd64. So in push command, we must specify --platform linux/amd64. If we don’t do this, ctr push command fails with very cryptic error about not having image content.
Option 2 – use crictl
kubernetes CRI team has created crictl which you can download and install and it provides docker like CLI to deal with containers.
crictl is certainly much easier to use than ctr but downloading arbitary things on your servers is not an option in many places, rightfully, due to security concerns. In such cases, ctr is the only option you are left with.
That’s it for now.