![Page 1: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/1.jpg)
Antonio Murdaca < [email protected] >
Senior Software Engineer, Red Hat Inc.
@runc0m
CRI-OAll the Runtime Kubernetes need
![Page 2: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/2.jpg)
Issues...
● Docker● ...breaks● rkt● Pod concept● Maintenance● Pluggability
![Page 3: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/3.jpg)
CRI Container Runtime Interface
● Plug and play● Protocol buffers● gRPC● 1.5+● Client - Server
![Page 4: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/4.jpg)
Runtime Service
● Pods lifecycle● Containers lifecycle● Interactions
![Page 5: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/5.jpg)
Image Service
● Images lifecycle● FS information
![Page 6: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/6.jpg)
CRI in action
![Page 7: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/7.jpg)
● Open governance● Open source● Lean● Stable● Secure● BORING!
CRI-O
![Page 8: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/8.jpg)
![Page 9: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/9.jpg)
![Page 10: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/10.jpg)
● Tied to the CRI● Shaped around Kubernetes● Only supported user is
Kubernetes● No features that can mine
stability and performance● Versioning is tied to
Kubernetes● Support is tied to Kubernetes
Scope
![Page 11: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/11.jpg)
Architecture
![Page 12: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/12.jpg)
OCI runtimes
![Page 13: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/13.jpg)
containers/storage
● overlayfs (default)● Manage layers on COW● Former “storage drivers”
![Page 14: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/14.jpg)
containers/image
● Where everything started● Battle tested● Seamlessly pull any of your
images● New features
![Page 15: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/15.jpg)
OCI runtime tools
● Generates OCI configurations● OCI runtimes can understand
the very same configuration● There’s a library!!!● Run containers
![Page 16: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/16.jpg)
CNI - Container Network Interface
● Pluggable network stack● Flannel● Weave● …● openshift-sdn
![Page 17: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/17.jpg)
conmon
● Monitoring● Logging● Handling tty● Serving attach clients● Detecting and reporting OOM● CRI-O restarts
![Page 18: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/18.jpg)
Pod architecture (runc)
Infra Container
Pod (ipc, net, pid namespaces)
Container A(runc)
Container B(runc)
conmon conmon conmon
![Page 19: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/19.jpg)
Pod architecture (Clear Containers & Kata Containers)
Pod
conmon
Virtual Machine
Container B
Container A
conmon cc-shim
cc-shim
Agent
![Page 20: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/20.jpg)
...live demo?
![Page 21: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/21.jpg)
● k8s tests● OpenShift tests● critest● Integration tests● Performance tests● On every PR● Tests?● Tests??● Tests??? ● Tests????● Tests?????
Status
![Page 22: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/22.jpg)
Status
● CRI at any time is fully implemented● Released 1.7 (1.0), 1.8, 1.9, 1.10, 1.11-dev● Maintainers/contributors from Red Hat, Intel, IBM,
SUSE, Lyft and many others (80+)● Kubeadm works for setting up k8s with CRI-O● Minikube works● Support for mixed workloads● Deployed to our OpenShift Online test cluster● Available in Fedora, Ubuntu, RHEL ...
![Page 23: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/23.jpg)
Kubernetes setup
$ minikube start \ --network-plugin=cni \ --container-runtime=cri-o \ --bootstrapper=kubeadm
![Page 24: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/24.jpg)
Local Kubernetes setup
$ CONTAINER_RUNTIME=remote \ CONTAINER_RUNTIME_ENDPOINT=' \ /var/run/crio/crio.sock \ --runtime-request-timeout=5m' \ hack/local-up-cluster.sh
![Page 25: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/25.jpg)
OpenShift setup
[...]kubeletArguments: [...] container-runtime-endpoint: - "/var/run/crio/crio.sock" container-runtime: - "remote" runtime-request-timeout: - "15m"[...]
![Page 26: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/26.jpg)
Debug
● https://github.com/kubernetes-incubator/cri-tools
● crictl● Upstream community tool● Debugging through the CRI on a node● Work is ongoing to move the project
into Kubernetes core
![Page 27: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/27.jpg)
![Page 28: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/28.jpg)
skopeo
● Play with container images● No daemon running● Perfect for pipelines (Jenkins?)● Transports
![Page 29: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/29.jpg)
buildah
● Build images● No daemon running● shell-like syntax● Build from Dockerfile(s)
![Page 30: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/30.jpg)
podman
● Running containers● Integrated with CRI-O (soon)● No daemon running● Known CLI
![Page 31: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/31.jpg)
Summary
● CRI● CRI-O● Ecosystem ● New tools from legos
![Page 32: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/32.jpg)
Roadmap
● Switch to CRI-O as the default in Kube? (trollface)● Keep pace with upstream Kubernetes
○ Tracking and supporting k8s versions● Graduating out of incubator● GA in OpenShift 3.9 (not the default yet)● Default container runtime for OpenShift 3.10 (hopefully)● Deployed to OpenShift Online
![Page 33: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/33.jpg)
Get involved!
Blog: https://medium.com/cri-o
Github: https://github.com/kubernetes-incubater/cri-o
IRC: freenode: #cri-o
Slack: sig-node
Site: https://cri-o.io, https://www.projectatomic.io
![Page 34: All the Runtime Kubernetes need @runc0m CRI-O Senior ... · Antonio Murdaca < runcom@redhat.com > Senior Software Engineer, Red Hat Inc. @runc0m CRI-O All the Runtime Kubernetes](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5dcefd03eef7a965b9f34/html5/thumbnails/34.jpg)
Obrigado!