At Bangalore Kubernetes meetup April 2017. This is about running Kubernetes using alternative container runtime cri-o and runc. Event report for the meetup: suraj.io/post/blr-k8s-meetup-april-2017/

1. Suraj Deshmukh
Bangalore Kubernetes Meetup - April 2017
on

2. About me:
● Contributor to Kompose, OpenCompose,
OpenShift, cri-o, etc.
● Red Hatter.
● OpenSource enthusiast.
● Find me:
○ Twitter: surajd_
○ IRC, slack, telegram: surajd
○ suraj.io
○ surajd.service@gmail.com & surajd@redhat.com

3. Some jargons

4. OCI - Open Container Initiative
The Open Container Initiative (OCI) is a lightweight, open governance structure (project), formed under the
auspices of the Linux Foundation, for the express purpose of creating open industry standards around
container formats and runtime. The OCI was launched on June 22nd 2015 by Docker, CoreOS and other
leaders in the container industry.

5. OCI
● It contains two specification, the container runtime specification and
container image specification.
● Runtime specification defines how to run a filesystem bundle that is
unpacked on the disk.
● Image specification defines container image format which has sufficient
information to run an application on target platform.

6. CRI - Container Runtime Interface
● Plugin API for container runtimes.
● These new clearly defined abstraction enables anyone to define container
runtime and plugin with kubernetes.
● This helps support for multiple runtimes without the need to recompile
code.
● There are many CRI runtimes in progress crio, rktlet, frakti, etc.

7. CRI
● docker and rkt integration was done by directly writing code in k8s repo.
● This code will be deprecated in k8s1.7
● Now docker integration is using docker CRI.
● Docker supported versions are 1.11 & 1.12

8. CRI-O
OCI-based implementation of Kubernetes Container Runtime Interface

9. CRI-O
● Any runtime that is OCI compliant can be plugged in to kubelet and that
glue is CRI-O
● CRI-O has runtime service and the image service
● All the runtime knows is how to start/stop/remove sandboxes, pod,
container
● Container process lifecycle
● Container image lifecycle

10. Components
● Server:
○ ocid server
○ conmon
○ image and storage
○ cni
○ OCI runtime
● Clients:
○ kubelet
○ ocic

11. ocid
● gRPC API
● ocid is the daemon listening on UNIX socket and takes request from client
● It does runtime and image management

12. conmon
● Standalone C application
● Sits in between ocid and runtime
● It is parent to container, this decouples the container from ocid daemon
● IO, logs, container exit codes, etc.

13. Image and storage
● containers/image
● containers/storage

14. CNI - networking
● The CNI (Container Network Interface) project consists of a specification
and libraries for writing plugins to configure network interfaces in Linux
containers, along with a number of supported plugins.
● CNI concerns itself only with network connectivity of containers and
removing allocated resources when the container is deleted.

15. OCI runtime
● Any OCI conformant runtime can be plugged in.
● cri-o's default is runc, which is the reference implementation for the OCI
runtime specification.
● runc can do all the things that docker or rkt can do except building image.

16. Demo
Setup: http://suraj.io/post/using-crio-with-k8s-single-node/

17. References
● OCI https://www.opencontainers.org/about
● Image spec https://github.com/opencontainers/image-spec
● Runtime spec https://github.com/opencontainers/runtime-spec
● CRIO project https://github.com/kubernetes-incubator/cri-o
● CRI: the Container Runtime Interface
https://github.com/kubernetes/community/blob/master/contributors/devel/container-runtime-interface.md
● Frakti https://github.com/kubernetes/frakti
● Intro to CRI http://blog.kubernetes.io/2016/12/container-runtime-interface-cri-in-kubernetes.html
● How CRI-O Would Put Kubernetes at the Center of the Container Ecosystem
https://thenewstack.io/cri-o-make-kubernetes-center-container-ecosystem
● CRI-O: A kubernetes runtime https://www.youtube.com/watch?v=R-p7BXhtodo

18. Thank You