Node-level CLI for inspecting and manipulating CRI containers, images, pod sandboxes, and runtime state on Kubernetes nodes.
$brew install cri-tools
Agent Compatibility
JSON Output
Agent Skill
MCP Support
AI Analysis
crictl is the Kubernetes CRI CLI for talking directly to a container runtime on a node without going through the Kubernetes API. It is mainly a debugging and runtime-operations tool for containerd, CRI-O, and other CRI-compatible runtimes.
What It Enables
- List and inspect pod sandboxes, containers, images, logs, runtime info, filesystem info, stats, metrics, and event streams directly from the CRI socket.
- Create, start, stop, update, checkpoint, and remove pod sandboxes or containers, pull and prune images, and adjust runtime settings during node-level debugging.
- Exec into containers, attach, and port-forward when troubleshooting workloads from the runtime side rather than the Kubernetes API side.
Agent Fit
- Many read paths are machine-readable:
info,inspect,inspectp,inspecti,ps,pods,images,stats,statsp,metricsp,metricdescs, andeventssupport JSON or YAML output, with go-template support on several inspect and status commands. - Commands are direct shell verbs with filters, flags, and stable exit behavior, so they fit inspect, change, and verify loops for node diagnostics and runtime-focused automation.
- Fit is narrower than cluster-facing tooling because it requires direct access to the CRI endpoint on a node, and some useful flows like
exec,attach,logs -f,events, andport-forwardare streaming or interactive rather than batch-friendly.
Caveats
- It is only useful where you can reach the CRI socket on a node; this is not a remote Kubernetes API client.
- Upstream docs warn that pods or containers created directly with
crictlmay be removed by kubelet if they do not exist in the Kubernetes API.