Slide 1

Slide 1 text

CRI-O Overview A lightweight alternative to using Docker as the runtime for kubernetes

Slide 2

Slide 2 text

Why talk about Containers ?

Slide 3

Slide 3 text

© 2020 Cloud Native Computing Foundation 3 CNCF Cloud Native Definition v1.0 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil.

Slide 4

Slide 4 text

© 2020 Cloud Native Computing Foundation 4 Cloud Native Design Principles

Slide 5

Slide 5 text

© 2020 Cloud Native Computing Foundation 5 Cloud Native Trail Map Trail Map: l.cncf.io

Slide 6

Slide 6 text

OK but we have docker. Why CRI-O?

Slide 7

Slide 7 text

© 2020 Cloud Native Computing Foundation 7 Containers are not new.

Slide 8

Slide 8 text

© 2020 Cloud Native Computing Foundation 8 From Docker to OCI

Slide 9

Slide 9 text

© 2020 Cloud Native Computing Foundation 9 OCI - Open Container Initiative

Slide 10

Slide 10 text

© 2020 Cloud Native Computing Foundation 10 Two Spec from OCI The Open Container Initiative Runtime Specification aims to specify the configuration, execution environment, and lifecycle of a container. https://bit.ly/oci-runtimespec The goal of The Open Container Initiative Image Format Specification is to enable the creation of interoperable tools for building, transporting, and preparing a container image to run. https://bit.ly/oci-imagespec

Slide 11

Slide 11 text

© 2020 Cloud Native Computing Foundation 11 Container Runtime Interface (CRI) -- 2016 CRI a plugin interface that gives kubelet (a cluster node agent used to create pods and start containers) the ability to use different OCI-compliant container runtimes, without needing to recompile Kubernetes.

Slide 12

Slide 12 text

© 2020 Cloud Native Computing Foundation 12 What is Container Runtime Interface (CRI) ? ○ A gRPC interface and a group of libraries ○ Enables Kubernetes to use a wide variety of container runtimes ○ Introduced in Kubernetes 1.5

Slide 13

Slide 13 text

© 2020 Cloud Native Computing Foundation 13 Container Runtime Interface (CRI) Runtimes https://www.youtube.com/watch?v=FKoVztEQHss

Slide 14

Slide 14 text

CRI-O A lightweight alternative to using Docker as the runtime for kubernetes

Slide 15

Slide 15 text

© 2020 Cloud Native Computing Foundation 15 What is CRI-O? • An implementation of the Kubernetes CRI (Container Runtime Interface) to enable using OCI (Open Container Initiative) compatible runtimes • It allows Kubernetes to use any OCI-compliant runtime as the container runtime for running pods • Today it supports runc and Kata Containers as the container runtimes but any OCI-conformant runtime can be plugged in principle. • It is a lightweight alternative to using Docker, Moby or rkt as the runtime for Kubernetes.

Slide 16

Slide 16 text

© 2020 Cloud Native Computing Foundation 16 Cloud Native Computing Foundation • Nonprofit, part of the Linux Foundation; founded Dec. 2015 • Platinum members: Incubating Service Mesh Storage Service Discovery Graduated Package Management Distributed Tracing API Messaging Distributed Tracing Software Update Spec Security Networking API Orchestration Monitoring Registry Key/Value Store Policy Container Runtime Container Runtime Logging Remote Procedure Call Storage Serverless Container Security Continuous Integration & Deployment Image Distribution Network Proxy Key/Value Store

Slide 17

Slide 17 text

© 2020 Cloud Native Computing Foundation 17 Architecture & Components ● OCI compatible runtime ● containers/storage ● containers/image ● networking (CNI) ● container monitoring (conmon) ● security is provided by several core Linux capabilities

Slide 18

Slide 18 text

Let's Use?

Slide 19

Slide 19 text

© 2020 Cloud Native Computing Foundation 19 Minikube minikube start \ --network-plugin=cni \ --container-runtime=cri-o minikube start \ --network-plugin=cni \ --extra-config=kubelet.container-runtime=remote \ --extra-config=kubelet.container-runtime-endpoint=/var/run/crio/crio.sock \ --extra-config=kubelet.image-service-endpoint=/var/run/crio/crio.sock

Slide 20

Slide 20 text

© 2020 Cloud Native Computing Foundation 20 Kubernetes # cat /etc/systemd/system/kubelet.service | grep Wants Wants=docker.socket crio.service # cat /etc/kubernetes/kubelet.env | grep KUBELET_ARGS KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests --pod-infra-container-image=gcr.io/google_containers/pause-amd64:3.0 --cluster_dns=10.233.0.3 --cluster_domain=cluster.local --resolv-conf=/etc/resolv.conf --kubeconfig=/etc/kubernetes/node-kubeconfig.yaml --require-kubeconfig" You need to add following parameters to KUBELET_ARGS: ● --container-runtime=remote - Use remote runtime with provided socket. ● --container-runtime-endpoint=unix:///var/run/crio/crio.sock - Socket for remote runtime (default criosocket localization). ● --runtime-request-timeout=10m - Optional but useful. Some requests, especially pulling huge images, may take longer than default (2 minutes) and will cause an error. # cat /etc/cni/net.d/10-crio.conf { "name": "crio", "type": "flannel" } # systemctl start crio # systemctl start kubelet

Slide 21

Slide 21 text

https://cncf.io Please follow up with CNCF