This article explores the relationship between CRI-compliant runtimes (containerd and CRI-O), the filesystem tools that manipulate container storage, and how the humble link (both symbolic and hard) functions as the architectural glue holding container layers together. Before diving into tools and links, we must establish a baseline. The CRI is a Kubernetes API that kubelet uses to communicate with container runtimes. It abstracts the runtime implementation, allowing Kubernetes to work with Docker (via dockershim, now deprecated), containerd, CRI-O, and others.
Rebuild the image ensuring absolute symlinks or correct relative paths. Scenario 2: Disk space leak from dangling snapshot links Sometimes, the parent link remains even after the child snapshot is deleted, preventing garbage collection. cri file system tools link
# Get container PID crictl inspect <container> | grep pid nsenter -t <pid> -m bash Inside, check for broken symlinks find / -type l -xtype l 2>/dev/null # Get container PID crictl inspect <container> |
ctr -n k8s.io snapshot rm <snapshot-key> ctr -n k8s.io snapshot gc # Garbage collects unlinked snapshots Check /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/metadata.db (a BoltDB file) for orphaned links. Tools like boltdb-viewer can inspect it. Scenario 3: Migrating container rootfs to another disk using symlinks Suppose your /var/lib/containerd partition is full. You can move the storage directory and create a symbolic link. | grep pid nsenter -t <
systemctl stop containerd mv /var/lib/containerd /mnt/new-disk/containerd ln -s /mnt/new-disk/containerd /var/lib/containerd systemctl start containerd Ensure the link is absolute and permissions (owner root:root , mode 0755 ) match. Advanced: Manipulating CRI Snapshots with Hard Links for Fast Cloning Hard links are not just for files—they can be used at the directory level (via cp -al ) to create instant clones of container root filesystems without copying data. This is a powerful technique when you need multiple copies of a snapshot for testing.