Cri File System: Tools Link

Introduction: The Hidden Complexity of Container Filesystems In the world of containerized applications, the storage layer is often treated as a black box. Developers run docker run or kubectl apply , and somehow, the files appear. But beneath the surface lies a sophisticated ecosystem of snapshots, layers, and mount points. For those managing Kubernetes clusters using the Container Runtime Interface (CRI), understanding CRI file system tools and the critical role of the link (symbolic or hard link) is not just an advanced skill—it is a necessity for debugging, performance tuning, and disaster recovery.

ctr namespace ls # List namespaces (e.g., k8s.io) ctr -n k8s.io snapshot ls # Show all snapshots (image layers) ctr -n k8s.io snapshot mount <key> /mnt # Mount a snapshot to inspect Snapshots are immutable directories linked together via overlayfs. Each snapshot has a "parent" link to the previous layer. 3. crio-status – CRI-O’s Inspection Tool For CRI-O users, crio-status dumps storage and runtime information. cri file system tools link

/var/lib/containers/storage/overlay/<layer-id>/merged -> /var/lib/containers/storage/overlay/<layer-id>/../<parent-id>/merged Scenario 1: "No such file or directory" inside a container Even though the file exists in the image, the container cannot see it. This is often due to a broken symbolic link in a lower layer . For those managing Kubernetes clusters using the Container

# Get container PID crictl inspect <container> | grep pid nsenter -t <pid> -m bash Inside, check for broken symlinks find / -type l -xtype l 2>/dev/null | grep pid nsenter -t &lt

# Find snapshot path SNAPSHOT_PATH=$(crictl inspect <container> | jq -r '.info.rootDir') cp -al $SNAPSHOT_PATH /tmp/clone-rootfs Now modify /tmp/clone-rootfs without affecting the original (COW at file level)

crio-status info | grep -A 10 "storage" crio-status containers --id <id> # Shows container rootfs path The keyword "link" in the context of CRI file system tools refers to two distinct but related concepts: filesystem links (ln) and layer links (parent pointers) . Symbolic Links vs. Hard Links in Container Storage | Feature | Symbolic Link (symlink) | Hard Link | |---------|------------------------|------------| | Cross-filesystem | Yes | No | | Points to inode or path | Path | Inode | | Break if target deleted | Yes (dangling link) | No (file persists) | | Used in CRI for | Config file references, log paths | Deduplication of identical layers |