CRI-O is an OCI-based implementation of Kubernetes Container Runtime Interface (CRI). CRI-O is meant to provide an integration path between OCI conformant runtimes and the kubelet. In this guide, we will discuss on the installation of CRI-O Container Runtime on CentOS 8 / CentOS 7 Linux system. The scope of CRI-O is restricted to the following functionalities:
- Support multiple image formats including the existing Docker image format
- Support for multiple means to download images including trust & image verification
- Container image management (managing image layers, overlay filesystems, etc)
- Container process lifecycle management
- Monitoring and logging required to satisfy the CRI
- Resource isolation as required by the CRI
CRI-O use best of breed libraries for different aspects:
- Runtime: runc (or any OCI runtime-spec implementation) and oci runtime tools
- Images: Image management using containers/image
- Storage: Storage and management of image layers using containers/storage
- Networking: Networking support through use of CNI
Install CRI-O Container Runtime on CentOS 8 / CentOS 7
CRI-O and Kubernetes follow the same release cycle and deprecation policy. For more information visit the Kubernetes versioning documentation. Update your system prior to installation:
sudo yum -y updateBelow are the steps you’ll follow to install CRI-O on CentOS 8 / CentOS 7 Linux server or Workstation machine.
Step 1: Add CRI-O Repository
So if you’re running Kubernetes version 1.19, you’ll install cri-o 1.19.x. We’ll save this version to a variable. Then add repository to our system.
Add repository to CentOS 8:
VERSION=1.22
sudo dnf -y install 'dnf-command(copr)'
sudo dnf -y copr enable rhcontainerbot/container-selinux
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_8/devel:kubic:libcontainers:stable.repo
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/CentOS_8/devel:kubic:libcontainers:stable:cri-o:$VERSION.repoAdd repository to CentOS 7:
VERSION=1.22
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_7/devel:kubic:libcontainers:stable.repo
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/CentOS_7/devel:kubic:libcontainers:stable:cri-o:$VERSION.repoStep 2: Install CRI-O Container Runtime on CentOS 8 / CentOS 7
Once the repository is added, install CRI-O Container Runtime on CentOS 8 / CentOS 7 with this command:
sudo yum install cri-o cri-toolsAgree to install a number of dependencies shown:
Transaction Summary
========================================================================================================================================================
Install 19 Packages
Upgrade 8 Packages
Total download size: 91 M
Is this ok [y/N]: yGPG key should be imported as well.
......
Importing GPG key 0x75060AA4:
Userid : "devel:kubic OBS Project "
Fingerprint: 2472 D6D0 D2F6 6AF8 7ABA 8DA3 4D64 3903 7506 0AA4
From : https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.19/CentOS_8/repodata/repomd.xml.key
Is this ok [y/N]: y Confirm installation of CRI-O on CentOS:
$ rpm -qi cri-o
Name : cri-o
Epoch : 0
Version : 1.22.1
Release : 4.1.el8
Architecture: x86_64
Install Date: Tue Nov 16 09:45:55 2021
Group : Unspecified
Size : 118545650
License : ASL 2.0
Signature : RSA/SHA256, Thu Nov 11 20:27:38 2021, Key ID 4d64390375060aa4
Source RPM : cri-o-1.22.1-4.1.el8.src.rpm
Build Date : Thu Nov 11 20:26:52 2021
Build Host : hci-cnode2-e5
Relocations : (not relocatable)
Vendor : obs://build.opensuse.org/devel:kubic
URL : https://github.com/cri-o/cri-oStep 3: Start CRI-O Service
The cri-o service is not enabled or started by default. Let’s start it:
sudo systemctl enable --now crioCheck service status if running:
$ systemctl status crio
● crio.service - Container Runtime Interface for OCI (CRI-O)
Loaded: loaded (/usr/lib/systemd/system/crio.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2021-11-16 09:46:34 UTC; 25s ago
Docs: https://github.com/cri-o/cri-o
Main PID: 13140 (crio)
Tasks: 11
Memory: 22.3M
CGroup: /system.slice/crio.serviSocket file:
/var/run/crio/crio.sockIn the guides to follow, we’ll cover creation of Kubernetes Cluster with CRI-O runtime engine and maybe interacting with cri-o containers with crictl command line tool.
