CRI-O All the Runtime Kubernetes need Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m
Issues... ● Docker ● ...breaks ● rkt ● Pod concept ● Maintenance ● Pluggability
CRI Container Runtime Interface Plug and play ● ● Protocol buffers ● gRPC ● 1.5+ Client - Server ●
Runtime Service Pods lifecycle ● ● Containers lifecycle ● Interactions
Image Service Images lifecycle ● ● FS information
CRI in action
CRI-O Open governance ● ● Open source ● Lean Stable ● Secure ● ● BORING!
Scope ● Tied to the CRI Shaped around Kubernetes ● Only supported user is ● Kubernetes ● No features that can mine stability and performance Versioning is tied to ● Kubernetes ● Support is tied to Kubernetes
Architecture
OCI runtimes
containers/storage overlayfs (default) ● ● Manage layers on COW ● Former “storage drivers”
containers/image Where everything started ● ● Battle tested ● Seamlessly pull any of your images New features ●
OCI runtime tools Generates OCI configurations ● ● OCI runtimes can understand the very same configuration There’s a library!!! ● Run containers ●
CNI - Container Network Interface Pluggable network stack ● ● Flannel ● Weave … ● openshift-sdn ●
conmon Monitoring ● ● Logging ● Handling tty Serving attach clients ● Detecting and reporting OOM ● ● CRI-O restarts
Pod architecture (runc) conmon conmon conmon Infra Container Container A Container B (runc) (runc) Pod (ipc, net, pid namespaces)
Pod architecture (Clear Containers & Kata Containers) Pod conmon cc-shim Container B Agent Container A conmon cc-shim Virtual Machine
...live demo?
Status k8s tests ● ● OpenShift tests ● critest Integration tests ● Performance tests ● ● On every PR ● Tests? Tests?? ● Tests??? ● ● Tests???? ● Tests?????
Status ● CRI at any time is fully implemented Released 1.7 (1.0), 1.8, 1.9, 1.10, 1.11-dev ● Maintainers/contributors from Red Hat, Intel, IBM, ● SUSE, Lyft and many others (80+) ● Kubeadm works for setting up k8s with CRI-O Minikube works ● Support for mixed workloads ● ● Deployed to our OpenShift Online test cluster ● Available in Fedora, Ubuntu, RHEL ...
Kubernetes setup $ minikube start \ --network-plugin=cni \ --container-runtime=cri-o \ --bootstrapper=kubeadm
Local Kubernetes setup $ CONTAINER_RUNTIME=remote \ CONTAINER_RUNTIME_ENDPOINT=' \ /var/run/crio/crio.sock \ --runtime-request-timeout=5m' \ hack/local-up-cluster.sh
OpenShift setup [...] kubeletArguments: [...] container-runtime-endpoint: - "/var/run/crio/crio.sock" container-runtime: - "remote" runtime-request-timeout: - "15m" [...]
Debug ● https://github.com/kubernetes-incubat or/cri-tools crictl ● Upstream community tool ● ● Debugging through the CRI on a node ● Work is ongoing to move the project into Kubernetes core
skopeo Play with container images ● ● No daemon running ● Perfect for pipelines (Jenkins?) Transports ●
buildah Build images ● ● No daemon running ● shell-like syntax Build from Dockerfile(s) ●
podman Running containers ● ● Integrated with CRI-O (soon) ● No daemon running Known CLI ●
Summary CRI ● ● CRI-O ● Ecosystem New tools from legos ●
Roadmap ● Switch to CRI-O as the default in Kube? (trollface) Keep pace with upstream Kubernetes ● Tracking and supporting k8s versions ○ ● Graduating out of incubator ● GA in OpenShift 3.9 (not the default yet) Default container runtime for OpenShift 3.10 (hopefully) ● Deployed to OpenShift Online ●
Get involved! Blog : https://medium.com/cri-o Github : https://github.com/kubernetes-incubater/cri-o IRC : freenode: #cri-o Slack : sig-node Site : https://cri-o.io, https://www.projectatomic.io
Obrigado!
Recommend
More recommend