At Bangalore Kubernetes meetup April 2017. This is about running Kubernetes using alternative container runtime cri-o and runc.
Event report for the meetup: suraj.io/post/blr-k8s-meetup-april-2017/
4. OCI - Open Container Initiative
The Open Container Initiative (OCI) is a lightweight, open governance structure (project), formed under the
auspices of the Linux Foundation, for the express purpose of creating open industry standards around
container formats and runtime. The OCI was launched on June 22nd 2015 by Docker, CoreOS and other
leaders in the container industry.
5. OCI
● It contains two specification, the container runtime specification and
container image specification.
● Runtime specification defines how to run a filesystem bundle that is
unpacked on the disk.
● Image specification defines container image format which has sufficient
information to run an application on target platform.
6. CRI - Container Runtime Interface
● Plugin API for container runtimes.
● These new clearly defined abstraction enables anyone to define container
runtime and plugin with kubernetes.
● This helps support for multiple runtimes without the need to recompile
code.
● There are many CRI runtimes in progress crio, rktlet, frakti, etc.
7. CRI
● docker and rkt integration was done by directly writing code in k8s repo.
● This code will be deprecated in k8s1.7
● Now docker integration is using docker CRI.
● Docker supported versions are 1.11 & 1.12
9. CRI-O
● Any runtime that is OCI compliant can be plugged in to kubelet and that
glue is CRI-O
● CRI-O has runtime service and the image service
● All the runtime knows is how to start/stop/remove sandboxes, pod,
container
● Container process lifecycle
● Container image lifecycle
11. ocid
● gRPC API
● ocid is the daemon listening on UNIX socket and takes request from client
● It does runtime and image management
12. conmon
● Standalone C application
● Sits in between ocid and runtime
● It is parent to container, this decouples the container from ocid daemon
● IO, logs, container exit codes, etc.
14. CNI - networking
● The CNI (Container Network Interface) project consists of a specification
and libraries for writing plugins to configure network interfaces in Linux
containers, along with a number of supported plugins.
● CNI concerns itself only with network connectivity of containers and
removing allocated resources when the container is deleted.
15. OCI runtime
● Any OCI conformant runtime can be plugged in.
● cri-o's default is runc, which is the reference implementation for the OCI
runtime specification.
● runc can do all the things that docker or rkt can do except building image.
17. References
● OCI https://www.opencontainers.org/about
● Image spec https://github.com/opencontainers/image-spec
● Runtime spec https://github.com/opencontainers/runtime-spec
● CRIO project https://github.com/kubernetes-incubator/cri-o
● CRI: the Container Runtime Interface
https://github.com/kubernetes/community/blob/master/contributors/devel/container-runtime-interface.md
● Frakti https://github.com/kubernetes/frakti
● Intro to CRI http://blog.kubernetes.io/2016/12/container-runtime-interface-cri-in-kubernetes.html
● How CRI-O Would Put Kubernetes at the Center of the Container Ecosystem
https://thenewstack.io/cri-o-make-kubernetes-center-container-ecosystem
● CRI-O: A kubernetes runtime https://www.youtube.com/watch?v=R-p7BXhtodo