Skip to main content
It is highly recommended to use crictl to debug Kubernetes nodes.

Summary

containerd

Provides a container runtime.

ctr

Low-level debugging tool, mainly for debugging containerd.

nerdctl

General purpose, Docker-like CLI alternative to Docker for containerd.

crictl

Interacts with any CRI runtime, mainly for inspecting and debugging container runtimes. Ideal for Kubernetes users.

Why Kubernetes Doesn’t Need Docker

Kubernetes supports other runtime engines that adhere to the OCI standards, like containerd or Rocket, so it is not necessary to install Docker before installing Kubernetes. Kubernetes only needs the Container Runtime Interface (CRI) to work with a container runtime. Therefore, Kubernetes is compatible with any runtime engine via CRI, such as Rocket, containerd, CRI-O, etc.

containerD

If you don’t need Docker’s other features, you can install containerD without Docker. When you install containerD, it will auto-install its command-line tool ctr.

ctr

ctr is solely made for debugging containerd and is not user-friendly, but it gives you a great way to understand how containers work under the hood. 
ctr --help
ctr images pull docker.io/library/redis:alpine
ctr run docker.io/library/redis:alpine redis

nerdctl

nerdctl provides a stable, human-friendly user experience and is mainly used for general purposes. It uses the same UI/UX as Docker.
  • Same Docker-like CLI
  • Supports Docker Compose (nerdctl compose up)
  • Supports rootless mode
  • Supports lazy-pulling
  • Supports encrypted container images
  • Supports P2P image distribution
  • Supports container image signing and verifying
  • Applies Kubernetes namespaces for containers
nerdctl run -it ubuntu
nerdctl run -p 8080:8080 -d webapplication
nerdctl compose -f ./docker-compose.yaml up

crictl

crictl provides a CLI for CRI-compatible container runtimes like containerd.
  • Must be installed separately
  • Can interact with any CRI runtime — developers can debug without installing Kubernetes components
  • Used to inspect and debug container runtimes; not ideal for creating containers
crictl help
crictl pull busybox
crictl images
crictl ps -a
crictl pods
If you use crictl to create containers on a Kubernetes environment, kubelet will delete them. Since kubelet ensures a specific number of pods are available on a single node, containers created outside kubelet’s environment are unknown to it. Use crictl for debugging purposes only (e.g., exec into a container).

Build docs developers (and LLMs) love

Get started for freeTalk to us