CRI-O is an OCI-based implementation of Kubernetes Container Runtime Interface (CRI). CRI-O is meant to provide an integration path between OCI conformant runtimes and the kubelet. In this guide, we will discuss on the installation of CRI-O Container Runtime on CentOS 8 / CentOS 7 Linux system. The scope of CRI-O is restricted to the following functionalities:

  • Support multiple image formats including the existing Docker image format
  • Support for multiple means to download images including trust & image verification
  • Container image management (managing image layers, overlay filesystems, etc)
  • Container process lifecycle management
  • Monitoring and logging required to satisfy the CRI
  • Resource isolation as required by the CRI

CRI-O use best of breed libraries for different aspects:

Install CRI-O Container Runtime on CentOS 8 / CentOS 7

CRI-O and Kubernetes follow the same release cycle and deprecation policy. For more information visit the Kubernetes versioning documentation. Update your system prior to installation:

sudo yum -y update
sudo yum -y install epel-release

Below are the steps you’ll follow to install CRI-O on CentOS 8 / CentOS 7 Linux server or Workstation machine.

Step 1: Add CRI-O Repository

So if you’re running Kubernetes version 1.28, you’ll install cri-o 1.28.x. We’ll save this version to a variable. Then add repository to our system.

Add repository to RHEL 8 based systems:

VERSION=1.28
OS=CentOS_8
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:/kubic:/libcontainers:/stable.repo
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo

Add repository to RHEL 7 based systems:

VERSION=1.28
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_7/devel:kubic:libcontainers:stable.repo
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:${VERSION}.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:${VERSION}/CentOS_7/devel:kubic:libcontainers:stable:cri-o:${VERSION}.repo

Step 2: Install CRI-O Container Runtime

Once the repository is added, install CRI-O Container Runtime on CentOS 8 / CentOS 7 with this command:

sudo yum install cri-o cri-tools

Agree to install a number of dependencies shown:

Transaction Summary
========================================================================================================================================================
Install  19 Packages
Upgrade   8 Packages

Total download size: 91 M
Is this ok [y/N]: y

GPG key should be imported as well.

......   
Importing GPG key 0x75060AA4:
 Userid     : "devel:kubic OBS Project <devel:[email protected]>"
 Fingerprint: 2472 D6D0 D2F6 6AF8 7ABA 8DA3 4D64 3903 7506 0AA4
 From       : https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.19/CentOS_8/repodata/repomd.xml.key
Is this ok [y/N]: y

Confirm installation of CRI-O on CentOS:

$ rpm -qi cri-o
Name        : cri-o
Epoch       : 0
Version     : 1.28.1
Release     : 2.2.el7
Architecture: x86_64
Install Date: Wed 11 Oct 2023 11:06:34 PM UTC
Group       : Unspecified
Size        : 265912940
License     : ASL 2.0
Signature   : RSA/SHA256, Thu 21 Sep 2023 03:27:14 PM UTC, Key ID 4d64390375060aa4
Source RPM  : cri-o-1.28.1-2.2.el7.src.rpm
Build Date  : Thu 21 Sep 2023 03:26:50 PM UTC
Build Host  : i02-ch2c
Relocations : (not relocatable)
Vendor      : obs://build.opensuse.org/devel:kubic
...

Step 3: Start CRI-O Service

The cri-o service is not enabled or started by default. Let’s start it:

sudo systemctl enable --now crio

Check service status if running:

$ systemctl status crio
 crio.service - Container Runtime Interface for OCI (CRI-O)
   Loaded: loaded (/usr/lib/systemd/system/crio.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2023-10-11 23:07:58 UTC; 5s ago
     Docs: https://github.com/cri-o/cri-o
 Main PID: 1681 (crio)
   CGroup: /system.slice/crio.service
           └─1681 /usr/bin/crio

Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.644729542Z" level=info msg="Restore irqbalance config: created backup file"
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.656763388Z" level=warning msg="Error encountered when checking whether cri-o should wipe containers: open /var/ru...or directory"
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.657506676Z" level=info msg="Registered SIGHUP reload watcher"
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.658944460Z" level=info msg="Starting seccomp notifier watcher"
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.659044052Z" level=info msg="Create NRI interface"
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.659066806Z" level=info msg="NRI interface is disabled in the configuration."
Oct 11 23:07:58 cent7.mylab.io crio[1681]: time="2023-10-11 23:07:58.659050193Z" level=info msg="Serving metrics on :9537 via HTTP"
Oct 11 23:07:58 cent7.mylab.io systemd[1]: Started Container Runtime Interface for OCI (CRI-O).

Socket file:

/var/run/crio/crio.sock

In the guides to follow, we’ll cover creation of Kubernetes Cluster with CRI-O runtime engine and maybe interacting with cri-o containers with crictl command line tool.

In the meantime, check other container related articles available on our site.

LEAVE A REPLY

Please enter your comment!
Please enter your name here