In this article we shall discuss on the installation of CRI-O Container Runtime on Rocky Linux 8|AlmaLinux 8. CRI-O is an OCI-based implementation of Kubernetes CRI (Container Runtime Interface) to enable using OCI (Open Container Initiative) compatible runtimes. It is a replacement to commonly used container runtimes such as Docker and Containerd. The Open Container Initiative is responsible for creation of the specifications for standards on Operating System process and application containers. We have a separate guide on deployment of Kubernetes Cluster on Rocky Linux 8 servers using CRI-O as container runtime.
The design of CRI-O is guided by the specifications outlined below:
- Support for multiple means to download images including trust & image verification
- Support multiple image formats including the existing Docker image format
- Container process lifecycle management
- Container image management (managing image layers, overlay filesystems, etc)
- Resource isolation as required by the CRI
- Monitoring and logging required to satisfy the CRI
CRI-O with other libraries that bridges its functionalities to deliver an awesome container runtime.
- Runtime: runc (or any OCI runtime-spec implementation) and oci runtime tools
- Images: Image management using containers/image
- Networking: Networking support through use of CNI
- Storage: Storage and management of image layers using containers/storage
The architecture of CRI-O is given below.
Install CRI-O Container Runtime on Rocky Linux 8 / AlmaLinux 8
With these few basics on CRI-O, we can go ahead and set the installation process of Rocky Linux 8|AlmaLinux 8 in motion.
Step 1 – Update OS packags
Let’s start the installation with the upgrade of all the packages installed on our system
sudo dnf -y updateWe can check exact minor version of our operating system
$ cat /etc/redhat-release
Rocky Linux release 8.10 (Green Obsidian)Step 2 – Add CRI-O Repository
The CRI-O releases page contains a list of all latest releases.
Define the Kubernetes version and used CRI-O stream
KUBERNETES_VERSION=v1.30
CRIO_VERSION=v1.30Add the repository into your system.
cat <<EOF | tee /etc/yum.repos.d/cri-o.repo
[cri-o]
name=CRI-O
baseurl=https://pkgs.k8s.io/addons:/cri-o:/stable:/$CRIO_VERSION/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/addons:/cri-o:/stable:/$CRIO_VERSION/rpm/repodata/repomd.xml.key
EOFList repositories available on the system
$ sudo dnf -y repolist
repo id repo name
appstream Rocky Linux 8 - AppStream
baseos Rocky Linux 8 - BaseOS
cri-o CRI-O
epel Extra Packages for Enterprise Linux 8 - x86_64
extras Rocky Linux 8 - Extras
packages-microsoft-com-mssql-server-2019 packages-microsoft-com-mssql-server-2019
packages-microsoft-com-prod packages-microsoft-com-prod
remi-modular Remi's Modular repository for Enterprise Linux 8 - x86_64
remi-safeStep 3 – Install CRI-O Container runtime
With the repository configured, install CRI-O Container runtime on Rocky Linux 8|AlmaLinux 8:
sudo dnf install container-selinux cri-o cri-toolsAccept installation prompts as asked during installation
Dependencies resolved.
....
Transaction Summary
======================================================================================================================================================================================================
Install 8 Packages
Total download size: 20 M
Installed size: 74 M
Is this ok [y/N]: yAs well as GPG key importation:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 29 MB/s | 20 MB 00:00
CRI-O 9.9 kB/s | 1.7 kB 00:00
Importing GPG key 0x9A296436:
Userid : "isv:kubernetes OBS Project <isv:[email protected]>"
Fingerprint: DE15 B144 86CD 377B 9E87 6E1A 2346 54DA 9A29 6436
From : https://pkgs.k8s.io/addons:/cri-o:/stable:/v1.30/rpm/repodata/repomd.xml.key
Is this ok [y/N]: yLet’s confirm package version after installation:
$ rpm -qi cri-o
Name : cri-o
Version : 1.30.3
Release : 150500.1.1
Architecture: x86_64
Install Date: Thu 11 Jul 2024 11:02:05 PM UTC
Group : Unspecified
Size : 73744871
License : Apache-2.0
Signature : RSA/SHA256, Mon 01 Jul 2024 11:32:41 AM UTC, Key ID 234654da9a296436
Source RPM : cri-o-1.30.3-150500.1.1.src.rpm
Build Date : Mon 01 Jul 2024 11:31:59 AM UTC
Build Host : i01-ch2c
Relocations : (not relocatable)
....Install crictl.
VERSION=$(curl -s https://api.github.com/repos/kubernetes-sigs/cri-tools/releases/latest | grep -oP '"tag_name": "\K(.*)(?=")')
curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-${VERSION}-linux-amd64.tar.gz --output crictl-${VERSION}-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
sudo chmod +x /usr/local/bin/crictl
rm -f crictl-$VERSION-linux-amd64.tar.gzStep 4 – Start CRI-O service
The name of the service to start is crio.
$ sudo systemctl enable --now crio
Created symlink /etc/systemd/system/cri-o.service → /usr/lib/systemd/system/crio.service.
Created symlink /etc/systemd/system/multi-user.target.wants/crio.service → /usr/lib/systemd/system/crio.service.Checking service status;
$ systemctl status crio
● crio.service - Container Runtime Interface for OCI (CRI-O)
Loaded: loaded (/usr/lib/systemd/system/crio.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2024-07-11 23:02:35 UTC; 4s ago
Docs: https://github.com/cri-o/cri-o
Main PID: 12642 (crio)
Tasks: 5
Memory: 12.1M
CGroup: /system.slice/crio.service
└─12642 /usr/bin/crio
Jul 11 23:02:35 rocky8.cloudspinx.com crio[12642]: time="2024-07-11 23:02:35.976489095Z" level=info msg="Restore irqbalance config: created backup file"
Jul 11 23:02:35 rocky8.cloudspinx.com crio[12642]: time="2024-07-11 23:02:35.989722554Z" level=warning msg="Error encountered when checking whether cri-o should wipe containers: open /var/run/crio/>
Jul 11 23:02:35 rocky8.cloudspinx.com crio[12642]: time="2024-07-11 23:02:35.990006864Z" level=info msg="Registered SIGHUP reload watcher"
Jul 11 23:02:35 rocky8.cloudspinx.com crio[12642]: time="2024-07-11 23:02:35.990023143Z" level=info msg="Starting seccomp notifier watcher"
Jul 11 23:02:35 rocky8.cloudspinx.com crio[12642]: time="2024-07-11 23:02:35.990057014Z" level=info msg="Create NRI interface"
Jul 11 23:02:35 rocky8.cloudspinx.com crio[12642]: time="2024-07-11 23:02:35.990119552Z" level=info msg="runtime interface created"
Jul 11 23:02:35 rocky8.cloudspinx.com crio[12642]: time="2024-07-11 23:02:35.990132156Z" level=info msg="Registered domain \"k8s.io\" with NRI"
Jul 11 23:02:35 rocky8.cloudspinx.com crio[12642]: time="2024-07-11 23:02:35.990137231Z" level=info msg="runtime interface starting up..."
Jul 11 23:02:35 rocky8.cloudspinx.com crio[12642]: time="2024-07-11 23:02:35.990142597Z" level=info msg="starting plugins..."
Jul 11 23:02:35 rocky8.cloudspinx.com systemd[1]: Started Container Runtime Interface for OCI (CRI-O).The path to CRI-O sock file is:
$ ls /var/run/crio/crio.sock
/var/run/crio/crio.sockWith this installation, you get crictl tool which provides a CLI for CRI-compatible container runtime. This enables you to debug the runtime without needing to set up Kubernetes components.
Let’s pull some test images from a registry
$ sudo crictl pull hello-world:latest
Image is up to date for docker.io/library/hello-world@sha256:cc15c5b292d8525effc0f89cb299f1804f3a725c8d05e158653a563f15e4f685
$ sudo crictl pull alpine:latest
Image is up to date for docker.io/library/alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300List container images available
$ sudo crictl images
IMAGE TAG IMAGE ID SIZE
docker.io/library/alpine latest c059bfaa849c4 5.87MB
docker.io/library/hello-world latest feb5d9fea6a5e 19.9kBTo set container registries and set priority, edit the file:
sudo vim /etc/containers/registries.confExample
unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]If using CRI-O on Kubernetes, read through Debugging Kubernetes nodes with crictl documentation to learn more on its usage.
Other guides to check out on Kubernetes:
- Install and Configure Wiki.js on Kubernetes Cluster
- Deploy Nginx Ingress Controller on Kubernetes using Helm Chart
- How To Deploy Rook Ceph Storage on Kubernetes Cluster
