CRI-O Overview A lightweight alternative to using Docker as the runtime for kubernetes

Why talk about Containers ?

© 2020 Cloud Native Computing Foundation 3 CNCF Cloud Native Definition v1.0 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil.

© 2020 Cloud Native Computing Foundation 4 Cloud Native Design Principles

© 2020 Cloud Native Computing Foundation 5 Cloud Native Trail Map Trail Map: l.cncf.io

OK but we have docker. Why CRI-O?

© 2020 Cloud Native Computing Foundation 7 Containers are not new.

© 2020 Cloud Native Computing Foundation 8 From Docker to OCI

© 2020 Cloud Native Computing Foundation 9 OCI - Open Container Initiative

© 2020 Cloud Native Computing Foundation 10 Two Spec from OCI The Open Container Initiative Runtime Specification aims to specify the configuration, execution environment, and lifecycle of a container. https://bit.ly/oci-runtimespec The goal of The Open Container Initiative Image Format Specification is to enable the creation of interoperable tools for building, transporting, and preparing a container image to run. https://bit.ly/oci-imagespec

© 2020 Cloud Native Computing Foundation 11 Container Runtime Interface (CRI) -- 2016 CRI a plugin interface that gives kubelet (a cluster node agent used to create pods and start containers) the ability to use different OCI-compliant container runtimes, without needing to recompile Kubernetes.

© 2020 Cloud Native Computing Foundation 12 What is Container Runtime Interface (CRI) ? ○ A gRPC interface and a group of libraries ○ Enables Kubernetes to use a wide variety of container runtimes ○ Introduced in Kubernetes 1.5

© 2020 Cloud Native Computing Foundation 13 Container Runtime Interface (CRI) Runtimes https://www.youtube.com/watch?v=FKoVztEQHss

CRI-O A lightweight alternative to using Docker as the runtime for kubernetes

© 2020 Cloud Native Computing Foundation 15 What is CRI-O? • An implementation of the Kubernetes CRI (Container Runtime Interface) to enable using OCI (Open Container Initiative) compatible runtimes • It allows Kubernetes to use any OCI-compliant runtime as the container runtime for running pods • Today it supports runc and Kata Containers as the container runtimes but any OCI-conformant runtime can be plugged in principle. • It is a lightweight alternative to using Docker, Moby or rkt as the runtime for Kubernetes.

© 2020 Cloud Native Computing Foundation 16 Cloud Native Computing Foundation • Nonprofit, part of the Linux Foundation; founded Dec. 2015 • Platinum members: Incubating Service Mesh Storage Service Discovery Graduated Package Management Distributed Tracing API Messaging Distributed Tracing Software Update Spec Security Networking API Orchestration Monitoring Registry Key/Value Store Policy Container Runtime Container Runtime Logging Remote Procedure Call Storage Serverless Container Security Continuous Integration & Deployment Image Distribution Network Proxy Key/Value Store

© 2020 Cloud Native Computing Foundation 17 Architecture & Components ● OCI compatible runtime ● containers/storage ● containers/image ● networking (CNI) ● container monitoring (conmon) ● security is provided by several core Linux capabilities

Let's Use?

© 2020 Cloud Native Computing Foundation 19 Minikube minikube start \ --network-plugin=cni \ --container-runtime=cri-o minikube start \ --network-plugin=cni \ --extra-config=kubelet.container-runtime=remote \ --extra-config=kubelet.container-runtime-endpoint=/var/run/crio/crio.sock \ --extra-config=kubelet.image-service-endpoint=/var/run/crio/crio.sock

© 2020 Cloud Native Computing Foundation 20 Kubernetes # cat /etc/systemd/system/kubelet.service | grep Wants Wants=docker.socket crio.service # cat /etc/kubernetes/kubelet.env | grep KUBELET_ARGS KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests --pod-infra-container-image=gcr.io/google_containers/pause-amd64:3.0 --cluster_dns=10.233.0.3 --cluster_domain=cluster.local --resolv-conf=/etc/resolv.conf --kubeconfig=/etc/kubernetes/node-kubeconfig.yaml --require-kubeconfig" You need to add following parameters to KUBELET_ARGS: ● --container-runtime=remote - Use remote runtime with provided socket. ● --container-runtime-endpoint=unix:///var/run/crio/crio.sock - Socket for remote runtime (default criosocket localization). ● --runtime-request-timeout=10m - Optional but useful. Some requests, especially pulling huge images, may take longer than default (2 minutes) and will cause an error. # cat /etc/cni/net.d/10-crio.conf { "name": "crio", "type": "flannel" } # systemctl start crio # systemctl start kubelet

https://cncf.io Please follow up with CNCF