What is CRI-O?
CRI-O is an implementation of Kubernetes CRI, i.e. Container Runtime Interface from Red Hat. This should make it much easier to manage containers, as there is no need to execute additional code. The same applies to any tooling.
CRI-O is a suitcase word from the Container Runtime Interface (CRI) and the Open Container Initiative (OCI). CRI allows Kubeletes to use different runtimes for containers. It must Kubernetes each time be compiled again.
Before the interface was published by Red Hat, Kubernetes was linked to special runtimes. CRI broke this connection. This process was continued with CRI-O: Now OCI-compatible containers can be started and stopped completely independently of additional code or tooling.
This is how CRI-O works
- Kubernetes wants to start a specific container.
- It speaks to CRI-O for this.
- The interface addresses the image and memory libraries of the container.
- Runtime is activated at the same time.
- The runtime starts the container in interaction with the libraries.
- The runtime tells the Linux kernel which processes need to be executed.
Stopping containers basically works in the same way. Instead of the start command, the command is given to stop the container.
The weak points of CRI-O
At some point, CRI-O should really work with all OCI containers. However, it is still unclear when this full compatibility will be achieved. So far, runC and clear container runtimes have been supported.
In addition, if you want to create images, you still have to rely on Source-to-Image from OpenShift or Buildah. The CRI-O Command Line Interface is not suitable for this. It is only intended to check CRI-O. Container management in a production environment , however, cannot do it.
CRI-O is a problem for Docker
In the beginning, Kubernetes only had one runtime for containers: Docker . Rkt was added later. However, adding more runtimes proved to be time-consuming and difficult. Docker therefore always had a kind of special role. CRI-O aims to end this.
Docker has recognized this and created a “lightweight” option for managing containers with the “containerd” system. Since version 1.1 there is even a native plug-in for CRI on board. However, containerd has not been optimized for use with Kubernetes, but was developed for a variety of purposes. This suggests that Docker is likely to lose its role as “the standard runtime” for Kubernetes.