Skip to content

Root access to k3s pod

on your cluser node: 

sudo k3s crictl ps

This give something like: 

pi@blue0:/etc$ sudo k3s crictl ps
CONTAINER           IMAGE               CREATED             STATE               NAME                       ATTEMPT             POD ID
d4bee9d0a1f0c       40b966d7252f5       19 minutes ago      Running             mariadb                    0                   ae8dc825ca6bb
4d85c95d02a2f       188e24df1ff17       19 minutes ago      Running             nginx                      0                   5fc9bb1035b32
69977c81098a4       1512f8ddb2df6       19 minutes ago      Running             php                        0                   2eb4908b17bab
f384051e7711a       a26b1b8875ba4       19 minutes ago      Running             drupal-tools               0                   fb23307c2191f
739784114236d       38c8612419a4b       35 hours ago        Running             replica-manager            0                   f86088061b236
b7623fbc926d7       38c8612419a4b       35 hours ago        Running             engine-manager             0                   6de4dd1b7dcf4
9e64a354e4837       1ae7d41abaf87       35 hours ago        Running             docker-registry            1                   43603a0c8e7b1
976ceae3728d9       d74b4661fc487       35 hours ago        Running             engine-image-ei-fa2dfbf0   54                  6653b7f251bdd
65d3ddf76dd4f       b9dc7b95eb9c7       35 hours ago        Running             longhorn-csi-plugin        88                  486c35da02eae
4a1636a40e223       b9dc7b95eb9c7       35 hours ago        Running             longhorn-manager           55                  8b32c62b9feaf
79862f2b438ea       368ee7d6e60fb       35 hours ago        Running             node-driver-registrar      55                  486c35da02eae

Find the short id of the container you want to access.

Now: 

sudo runc --root /run/containerd/runc/k8s.io/ list

This gives something like: 

pi@blue0:/etc$ sudo runc --root /run/containerd/runc/k8s.io/ list
ID                                                                 PID         STATUS      BUNDLE                                                                                                                      CREATED                          OWNER
2eb4908b17bab5af2276c10ed0099a56d64a1d51768956183a1690ba447883bc   896798      running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/2eb4908b17bab5af2276c10ed0099a56d64a1d51768956183a1690ba447883bc   2024-02-24T14:56:53.075295343Z   root
43603a0c8e7b1a6bd103917382d5e469fa1074b677c27138fc33c9d7bc843dfd   2569        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/43603a0c8e7b1a6bd103917382d5e469fa1074b677c27138fc33c9d7bc843dfd   2024-02-23T04:02:29.737056032Z   root
486c35da02eae406de04f9fa0254d98af35e1953c077cdc87707a3c4bc488c32   1584        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/486c35da02eae406de04f9fa0254d98af35e1953c077cdc87707a3c4bc488c32   2024-02-23T04:02:17.001905144Z   root
4a1636a40e2236b88ab46ce7da641047eb23794483bbb37b59b9e935f507825b   1663        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/4a1636a40e2236b88ab46ce7da641047eb23794483bbb37b59b9e935f507825b   2024-02-23T04:02:17.555285757Z   root
4d85c95d02a2fed6631299b73ed2dc30ae8caa9cae68bcce0294e374168693c9   897065      running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/4d85c95d02a2fed6631299b73ed2dc30ae8caa9cae68bcce0294e374168693c9   2024-02-24T14:56:54.5730534Z     root
5fc9bb1035b32636fc80575c0b59faaf8ac4dd92a2c125d3b8702632bac43f94   897005      running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/5fc9bb1035b32636fc80575c0b59faaf8ac4dd92a2c125d3b8702632bac43f94   2024-02-24T14:56:54.415266276Z   root
65d3ddf76dd4f5e98a500a5c4995821d7bf80b16a403f9b57c8a964acd94c7b4   1705        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/65d3ddf76dd4f5e98a500a5c4995821d7bf80b16a403f9b57c8a964acd94c7b4   2024-02-23T04:02:17.641457598Z   root
6653b7f251bdd7bd433ccb2970de3d560606d51a0a27008bb74d054e2fb624a6   2051        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/6653b7f251bdd7bd433ccb2970de3d560606d51a0a27008bb74d054e2fb624a6   2024-02-23T04:02:22.23390737Z    root
69977c81098a4bcf9bed8903f54f730050cb0581459eb92651075902e5af56a7   896830      running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/69977c81098a4bcf9bed8903f54f730050cb0581459eb92651075902e5af56a7   2024-02-24T14:56:53.215449198Z   root
6de4dd1b7dcf466046c4656b2419445e02fe0021a6e2540f9a5917534c4981d1   3854        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/6de4dd1b7dcf466046c4656b2419445e02fe0021a6e2540f9a5917534c4981d1   2024-02-23T04:03:25.273200709Z   root
739784114236db60b2dbb0a7967187013476bf589a99e255c834d82fb9a7181c   3951        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/739784114236db60b2dbb0a7967187013476bf589a99e255c834d82fb9a7181c   2024-02-23T04:03:25.581645972Z   root
79862f2b438eaf299c64d3bfd732830044cba18884daaf56ebaaa4550ee4224a   1631        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/79862f2b438eaf299c64d3bfd732830044cba18884daaf56ebaaa4550ee4224a   2024-02-23T04:02:17.282795144Z   root
8b32c62b9feaf4bb8e34beb70f4d3384c2ab37ffc7d192eccdbaed93c17a51c5   1577        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/8b32c62b9feaf4bb8e34beb70f4d3384c2ab37ffc7d192eccdbaed93c17a51c5   2024-02-23T04:02:16.989165367Z   root
976ceae3728d958e7c8507809f32cc04f2149127a23ee6a0c3fd155fb8283cc5   2101        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/976ceae3728d958e7c8507809f32cc04f2149127a23ee6a0c3fd155fb8283cc5   2024-02-23T04:02:22.62778599Z    root
9e64a354e4837949cb72231536eb8ddc841fd6d71fcda77c7d4be5fef14e9c97   2609        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/9e64a354e4837949cb72231536eb8ddc841fd6d71fcda77c7d4be5fef14e9c97   2024-02-23T04:02:30.043730256Z   root
ae8dc825ca6bbf76c3e817dd925025b06f06af2abe3eac17fed7698c314ef182   897592      running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/ae8dc825ca6bbf76c3e817dd925025b06f06af2abe3eac17fed7698c314ef182   2024-02-24T14:57:00.016449215Z   root
b7623fbc926d799e7a1b8cf831fce1b35522448baeeaae3f357dd31f42eb432e   3952        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/b7623fbc926d799e7a1b8cf831fce1b35522448baeeaae3f357dd31f42eb432e   2024-02-23T04:03:25.569516719Z   root
d4bee9d0a1f0c80e12d3e305b6c8d4145a5013c91acabf451b630412205b52da   897644      running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/d4bee9d0a1f0c80e12d3e305b6c8d4145a5013c91acabf451b630412205b52da   2024-02-24T14:57:00.155764787Z   root
f384051e7711aefbff684e6976c253715ca2237607e13b68f4c058d115b2b9cd   896718      running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/f384051e7711aefbff684e6976c253715ca2237607e13b68f4c058d115b2b9cd   2024-02-24T14:56:52.870714374Z   root
f86088061b236d12deda44485238ed3a7063068873f18cdc0219e6bf108d786e   3763        running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/f86088061b236d12deda44485238ed3a7063068873f18cdc0219e6bf108d786e   2024-02-23T04:03:25.156870965Z   root
fb23307c2191f3196dcb8ab4fd35b4e180883e29f3a355807acc1b68c4704bd5   896674      running     /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/fb23307c2191f3196dcb8ab4fd35b4e180883e29f3a355807acc1b68c4704bd5   2024-02-24T14:56:52.710744595Z   root

Find the line beginning with the short container id. Now you have the long container id. Use this to get a root shell into the container.

sudo runc --root /run/containerd/runc/k8s.io/ exec -t -u 0 f384051e7711aefbff684e6976c253715ca2237607e13b68f4c058d115b2b9cd sh
Back to top