This blog was contributed by Sascha Grunert, a software engineer at SUSE, and a contributor to CRI-O project. You can find Sascha on Github.
CRI-O, the Open Container Initiative (OCI) implementation of the Kubernetes Container Runtime Interface (CRI), will join the Cloud Native Computing Foundation (CNCF) incubator today. The project provides an alternative container runtime for Kubernetes and was founded back in 2016 (originally known as OCID) with the introduction of the Kubernetes CRI. CRI-O focuses on its first principles of stability and reliability. This has been proven since one and a half year for now and CRI-O synchronizes its releases with Kubernetes to ensure these principles for the future, too. The projects popularity raised over the past years that it is now the best solution to run Kubernetes workloads in a secure fashion. Currently, CRI-O has worldwide 106 contributors and 9 maintainers coming from Intel, Red Hat, and SUSE. SUSE CaaS Platform version 3 provides it as a technology preview, where CRI-O can be chosen during the installation. No further workload changes are needed to switch from Docker or containerd to CRI-O.
One of the first principles of CRI-O is to tightly scope its functionality to a minimal subset of features, to provide a simple solution which is easy to maintain. For example, CRI-O supports multiple image formats, image downloading including image management and verification, container process life cycle management, resource isolation and monitoring. CRI-O relies on stable tools like runC and libraries like containers/image and containers/storage to achieve its feature-completeness without being too heavy weight from a source code perspective.
CRI-O is a great starting point for everyone who wants to understand how the container orchestration world works from a bare-metal perspective. The utilization of already existing runtimes like runC and libraries like containers/image and containers/storage make it easy to contribute to CRI-O, because it keeps the overall code-base simple and maintainable. Beside this, the focus on testing is very dominant in CRI-O: It starts at a basic unit testing level and ends up in running the node end-to-end tests of Kubernetes within a locally built cluster.
All these things run for every pull request, which enables CRI-O to be a great project for contributions. The early development feedback is one key in providing a stable and reliable product, which has been achieved in CRI-O over the past years.
Running a project under the CNCF incubation means providing exactly this needed stability over the whole time, by constantly increasing the user base of the project. During the past years CRI-O has proven that it is a mature piece of software which is also actively used by SUSE to empower products like the openSUSE Kubic distribution and the upcoming versions of the SUSE CaaS Platform.
SUSE is a day one maintainer and contributor to CRI-O, which makes us happy to be part of the community and recently also part of the CNCF Governing Board (GB). We believe that using CRI-O is the best way in running Kubernetes workloads and see a bright future for the project and its community. In general, the community around CRI-O is awesome and it has always been a pleasure to us to work with them. Contributions which introduce optimizations into the project are very welcome and the technical discussions are quite ingenious.
A lots of things around CRI-O are currently ongoing: The latest release v1.14.0 contains an overwhelming amount of contributions, which includes a lots of dependency updates, a runtime VM backend, support for optionally logging to journald and a lots of new test cases. Last week the project has moved from the Kubernetes SIGs incubator to its new CRI-O GitHub organization. Latest contributions focus on keeping the documentation up-to-date and implementing optimizations and fixes around testing, configuration, and dependency management.
For the future of the project it is planned to keep the continuously tracking of Kubernetes upstream releases to ensure CRI-O’s high performance and stability. Beside this, it is planned to increase the current test coverage even further and refactor parts of the codebase into libpod, an OCI maintained library for creating container pods.