Red Hat CRI-O focuses on making container runtime easier
Red Hat announced it has deployed its Container Runtime Interface 1.0 (CRI-O), which allows users to run containers directly from Kubernetes without making changes to code or tooling. While the first version of CRI-O v1.0 is based on Kubernetes 1.7, future releases will be compatible with different versions of the paltform.
Containers are a lightweight form of technology that allows providers to launch multiple applications and their dependencies on a single operating system. A container runtime enables users to make best use of network resources by providing APIs and tools that abstract lower level functions.
The O in CRI-O derives from the the Open Container Initiative (OCI), which released the first set of standards for runtime and formats for containers with an emphasis on security in July. In particular, OCI centers on standards for monitoring containers for security vulnerabilities and malware. With CRI-O, users can launch containers with Kubernetes provided they are OCI compliant.
Before CRI-O was introduced, Kubernetes was anchored to particular container runtimes through an internal and volatile interface, which required maintenance overhead for the upstream Kubernetes community and vendors creating solutions using the platform.
“With CRI, Kubernetes can be container runtime-agnostic. Providers of container runtimes don’t need to implement features that Kubernetes already provides. This is a win for the broad community, as it allows projects to move independently while still working well together,” Red Hat wrote in a company blogpost.
CRI-O supports OCI-based runtimes such as runC and Clear Container, can pull images from any container registry and manage networks through a container network interface to ensure any CNI-compatible networking plugin for a project.
According to Daniel Walsh, a consulting engineer at Red Hat, what makes CRI-O different from alternative runtime options is it is able to do more with less. “We did not want to pull all of the locking and container state into memory like some other container runtimes have, which prevents other processes on the system being able to work with images and storage,” he wrote. “Because of this CRI-O works well with tools like Skopeo and Buildah.”
Other aims of the initiative include providing container runtimes that are more lightweight, have a smaller footprint and perform better on Kubernetes than other container runtimes. The news follows the Cloud Foundry Foundation’s release of the Cloud Foundry Container Runtime (CFCR) as the default deployment and management platform for containers using Kubernetes and BOSH.