CRI-O is an OCI-based implementation of Kubernetes Container Runtime Interface (CRI). CRI-O is meant to provide an integration path between OCI conformant runtimes and the kubelet. In this guide, we will discuss on the installation of CRI-O Container Runtime on CentOS 8 / CentOS 7 Linux system. The scope of CRI-O is restricted to the following functionalities:
- Support multiple image formats including the existing Docker image format
- Support for multiple means to download images including trust & image verification
- Container image management (managing image layers, overlay filesystems, etc)
- Container process lifecycle management
- Monitoring and logging required to satisfy the CRI
- Resource isolation as required by the CRI
CRI-O use best of breed libraries for different aspects:
- Runtime: runc (or any OCI runtime-spec implementation) and oci runtime tools
- Images: Image management using containers/image
- Storage: Storage and management of image layers using containers/storage
- Networking: Networking support through use of CNI
Install CRI-O Container Runtime on CentOS 8 / CentOS 7
CRI-O and Kubernetes follow the same release cycle and deprecation policy. For more information visit the Kubernetes versioning documentation. Update your system prior to installation:
sudo yum -y update
sudo yum -y install epel-releaseBelow are the steps you’ll follow to install CRI-O on CentOS 8 / CentOS 7 Linux server or Workstation machine.
Step 1: Add CRI-O Repository
So if you’re running Kubernetes version 1.28, you’ll install cri-o 1.28.x. We’ll save this version to a variable. Then add repository to our system.
Add repository to RHEL 8 based systems:
VERSION=1.28
OS=CentOS_8
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:/kubic:/libcontainers:/stable.repo
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repoAdd repository to RHEL 7 based systems:
VERSION=1.28
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_7/devel:kubic:libcontainers:stable.repo
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:${VERSION}.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:${VERSION}/CentOS_7/devel:kubic:libcontainers:stable:cri-o:${VERSION}.repoStep 2: Install CRI-O Container Runtime
Once the repository is added, install CRI-O Container Runtime on CentOS 8 / CentOS 7 with this command:
sudo yum install cri-o cri-toolsAgree to install a number of dependencies shown:
Transaction Summary
========================================================================================================================================================
Install 19 Packages
Upgrade 8 Packages
Total download size: 91 M
Is this ok [y/N]: yGPG key should be imported as well.
......
Importing GPG key 0x75060AA4:
Userid : "devel:kubic OBS Project <devel:[email protected]>"
Fingerprint: 2472 D6D0 D2F6 6AF8 7ABA 8DA3 4D64 3903 7506 0AA4
From : https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.19/CentOS_8/repodata/repomd.xml.key
Is this ok [y/N]: yConfirm installation of CRI-O on CentOS:
$ rpm -qi cri-o
Name : cri-o
Epoch : 0
Version : 1.28.1
Release : 2.2.el7
Architecture: x86_64
Install Date: Wed 11 Oct 2023 11:06:34 PM UTC
Group : Unspecified
Size : 265912940
License : ASL 2.0
Signature : RSA/SHA256, Thu 21 Sep 2023 03:27:14 PM UTC, Key ID 4d64390375060aa4
Source RPM : cri-o-1.28.1-2.2.el7.src.rpm
Build Date : Thu 21 Sep 2023 03:26:50 PM UTC
Build Host : i02-ch2c
Relocations : (not relocatable)
Vendor : obs://build.opensuse.org/devel:kubic
...Step 3: Start CRI-O Service
The cri-o service is not enabled or started by default. Let’s start it:
sudo systemctl enable --now crioCheck service status if running:
$ systemctl status crio
● crio.service - Container Runtime Interface for OCI (CRI-O)
Loaded: loaded (/usr/lib/systemd/system/crio.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2023-10-11 23:07:58 UTC; 5s ago
Docs: https://github.com/cri-o/cri-o
Main PID: 1681 (crio)
CGroup: /system.slice/crio.service
└─1681 /usr/bin/crio
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.644729542Z" level=info msg="Restore irqbalance config: created backup file"
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.656763388Z" level=warning msg="Error encountered when checking whether cri-o should wipe containers: open /var/ru...or directory"
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.657506676Z" level=info msg="Registered SIGHUP reload watcher"
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.658944460Z" level=info msg="Starting seccomp notifier watcher"
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.659044052Z" level=info msg="Create NRI interface"
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.659066806Z" level=info msg="NRI interface is disabled in the configuration."
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.659050193Z" level=info msg="Serving metrics on :9537 via HTTP"
Oct 11 23:07:58 cent7.mylab.io systemd[1]: Started Container Runtime Interface for OCI (CRI-O).Socket file:
/var/run/crio/crio.sockIn the guides to follow, we’ll cover creation of Kubernetes Cluster with CRI-O runtime engine and maybe interacting with cri-o containers with crictl command line tool.
In the meantime, check other container related articles available on our site.
