CNCF Formally Adopts CRI-O Runtime for Kubernetes

The Cloud Native Computing Foundation (CNCF) announced today that a container runtime designed specifically for Kubernetes has been formally accepted as an incubation project.

The Container Runtime Interface – Orchestrator (CRI-O) is lightweight runtime optimized for Kubernetes clusters developed by Red Hat and then handed over to a subset of the Special Interest Group (SIG) that oversees the development of Kubernetes. The CNCF recognizes that CRI-O will play a larger role than simply being an adjunct Kubernetes project by making CRI-O an independent incubation project.

CRI-O provides an alternative to relying on the Docker runtime that is compatible with the container images that are compatible with the Open Container Initiative (OCI) format. That makes it possible to run different types of container images on top of CRI-O. A kubelet from the Kubernetes cluster communicates with CRI-O using the CRI gRPC application programming interface (API). The CRI image pulls down images as needed to run containers in a pod. CRI-O uses the containers/image library to pull images to the node. The runtime service is responsible for running the containers and relies on the containers/storage library to create Copy-On-Write-based root filesystems for the containers.

The CRI-O rutime also include a conmon monitoring process that records an exit code for containers, write logs and handles tty for the containers, service attach clients, reaping processes and reporting Out of Memory (OOM) conditions. CRI-O relies on the container networking interface (CNI) for setting up networking so plugins such as flannel, Cilium, weave or OpenShift-SDN are supported.

At present, there are 105 contributors to the CRI-O project and seven maintainers from Red Hat, Intel and SUSE.

Vincent Batts, a CRI-O maintainer and senior principal software engineer for Red Hat, says the team that oversees the development of CRI-O is also moving toward creating a CRI application programming interface (API) that would enable CRI-O to be deployed on platforms other than Kubernetes.

In the meantime, Batts says enterprise IT organizations not only will appreciate how much more streamlined CRI-O is, but also how that smaller footprint reduces the overall size of the attack surface that ultimately needs to be defended.

In general, Batts says Kubernetes adoption is reaching a tipping point. Kubernetes has been widely adopted, but the percentage of the workloads running on Kubernetes in the enterprise remains relatively small. As standard interfaces become more solidified, the more confidence there will be in Kubernetes. That confidence will result not only in more developers being attracted to the platform faster, but also the development of more tools that leverage those interfaces, says Batts.

In the meantime, the number of Kubernetes distributions continues to grow. While vendors have made several extensions to those distributions, adherence to the standards defined by the Kubernetes SIG has kept the community together. Container applications can move easily from one Kubernetes instance to another. In fact, Kubernetes is rapidly emerging as the foundation for emerging hybrid cloud computing strategies spanning multiple clouds as well as bare-metal servers, legacy virtual machines and emerging classes of lighter-weight virtual machines. The challenge now is turning all the Kubernetes potential into everyday enterprise IT reality.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1658 posts and counting. See all posts by Mike Vizard