- K8s 1.20: Docker runtime deprecated
- K8s 1.24: Docker runtime removed
- CRI: standard API; any compliant runtime plugs in; containerd is default on most clusters
- OCI image format unchanged:
docker build/ push still works; cluster runs via containerd, not Docker daemon
CLI tools
| Tool | Use |
|---|---|
ctr | Low-level containerd: debugging only |
nerdctl | Docker-compatible CLI for containerd: dev machine |
crictl | CRI-level: inspect/debug on K8s nodes |
Command equivalents
| Operation | docker | nerdctl | crictl |
|---|---|---|---|
| Run | docker run | nerdctl run | crictl run |
| List | docker ps | nerdctl ps | crictl ps |
| Pull | docker pull | nerdctl pull | crictl pull |
| Logs | docker logs | nerdctl logs | crictl logs |
| Exec | docker exec | nerdctl exec | crictl exec |
Exam tips
crictl runcreates containers not managed by kubelet: GC removes them; use for inspection only- On worker nodes:
crictl; on laptop:nerdctlor Docker for builds