This guide will walk you through the installation of CRI-O Container Runtime on Ubuntu 22.04|20.04|18.04. CRI-O is an OCI-based implementation of Kubernetes Container Runtime Interface (CRI) designed to provide an integration path between OCI conformant runtimes and the kubelet.
CRI-O is created to provide following core functionalities:
- Support multiple image formats including the existing Docker image format
- Support for multiple means to download images including trust & image verification
- Container image management (managing image layers, overlay filesystems, etc)
- Container process lifecycle management
- Monitoring and logging required to satisfy the CRI
- Resource isolation as required by the CRI
The libraries used by CRI-O are:
- Runtime: runc (or any OCI runtime-spec implementation) and oci runtime tools
- Images: Image management using containers/image
- Storage: Storage and management of image layers using containers/storage
- Networking: Networking support through use of CNI
Install CRI-O Container Runtime on Ubuntu 22.04|20.04|18.04
We will use pre-built binary packages to install CRI-O container runtime. Follow the steps below to install CRI-O Container Runtime on Ubuntu 22.04|20.04|18.04.
Step 1: Update System
Ensure your Ubuntu system is updated. If you’re afraid this could break your system you can skip.
sudo apt update && sudo apt -y full-upgrade
It is recommended to reboot your system to ensure it is running on updated version.
[ -f /var/run/reboot-required ] && sudo reboot -fStep 2: Add CRI-O Kubic repository
Add the Kubic repository which host binary packages for Debian based systems. If using CRI-O with Kubernetes, install the version matching Kubernetes version you’ll setup.
If your Kubernetes version is 1.26, install CRI-O version 1.26. We’ll start by adding the APT repository which contains CRI-O packages:
Ubuntu 22.04/20.04:
OS=xUbuntu_20.04
CRIO_VERSION=1.26
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$CRIO_VERSION/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$CRIO_VERSION.list
Ubuntu 18.04:
OS=xUbuntu_18.04
CRIO_VERSION=1.26
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$CRIO_VERSION/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$CRIO_VERSION.listOnce the repository is added to your system, import GPG key:
curl -L https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$CRIO_VERSION/$OS/Release.key | sudo apt-key add -
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | sudo apt-key add -Step 3: Install CRI-O on Ubuntu22.04|20.04|18.04
When repository is added, update apt cache and install CRI-O on Ubuntu.
sudo apt update
sudo apt install cri-o cri-o-runc
Accept installation prompt with y key.
The following additional packages will be installed:
conmon containers-common
Suggested packages:
cri-o-runc | runc containernetworking-plugins
The following NEW packages will be installed:
conmon containers-common cri-o
0 upgraded, 3 newly installed, 0 to remove and 94 not upgraded.
Need to get 20.2 MB of archives.
After this operation, 99.4 MB of additional disk space will be used.
Do you want to continue? [Y/n] yChecking the version of CRI-O installed on Ubuntu:
$ apt show cri-o
Package: cri-o
Version: 1.26.1~0
Priority: optional
Section: devel
Maintainer: Peter Hunt <[email protected]>
Installed-Size: 139 MB
Depends: libgpgme11, libseccomp2, conmon, containers-common (>= 0.1.27) | golang-github-containers-common, tzdata
Suggests: cri-o-runc | runc (>= 1.0.0), containernetworking-plugins
Replaces: cri-o-1.22, cri-o-1.23, cri-o-1.24
Homepage: https://github.com/cri-o/cri-o
Download-Size: 30.6 MB
APT-Manual-Installed: yes
Start and enable crio service:
sudo systemctl enable crio.service
sudo systemctl start crio.serviceService status can be checked with the command:
$ systemctl status crio
● crio.service - Container Runtime Interface for OCI (CRI-O)
Loaded: loaded (/lib/systemd/system/crio.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-02-15 09:24:21 UTC; 3s ago
Docs: https://github.com/cri-o/cri-o
Main PID: 18601 (crio)
Tasks: 7
Memory: 11.8M
CPU: 184ms
CGroup: /system.slice/crio.service
└─18601 /usr/bin/crio
Feb 15 09:24:21 jammy crio[18601]: time="2023-02-15 09:24:21.509528773Z" level=warning msg="Error validating CNI config file /etc/cni/net.d/100-crio-bridge.conflist: [failed to find plugin \"bridge>
Feb 15 09:24:21 jammy crio[18601]: time="2023-02-15 09:24:21.509579946Z" level=error msg="Error loading CNI config list file /etc/cni/net.d/200-loopback.conflist: error parsing configuration list: >
Feb 15 09:24:21 jammy crio[18601]: time="2023-02-15 09:24:21.509657796Z" level=info msg="Updated default CNI network name to "
Feb 15 09:24:21 jammy crio[18601]: time="2023-02-15 09:24:21.528747854Z" level=warning msg="Error encountered when checking whether cri-o should wipe containers: open /var/run/crio/version: no such>
Feb 15 09:24:21 jammy crio[18601]: time="2023-02-15 09:24:21.529188571Z" level=info msg="Starting seccomp notifier watcher"
Feb 15 09:24:21 jammy crio[18601]: time="2023-02-15 09:24:21.529249385Z" level=info msg="Create NRI interface"
Feb 15 09:24:21 jammy crio[18601]: time="2023-02-15 09:24:21.529342425Z" level=info msg="NRI interface is disabled in the configuration."
Feb 15 09:24:21 jammy crio[18601]: time="2023-02-15 09:24:21.529632747Z" level=error msg="Writing clean shutdown supported file: open /var/lib/crio/clean.shutdown.supported: no such file or directo>
Feb 15 09:24:21 jammy crio[18601]: time="2023-02-15 09:24:21.529671360Z" level=error msg="Failed to sync parent directory of clean shutdown file: open /var/lib/crio: no such file or directory"
Feb 15 09:24:21 jammy systemd[1]: Started Container Runtime Interface for OCI (CRI-O).
Step 4: Using CRI-O on Ubuntu22.04|20.04|18.04
The command line tool crioctl can be installed through cri-tools package.
sudo apt install cri-toolsCheck existence of crictl command:
$ sudo crictl info
{
"status": {
"conditions": [
{
"type": "RuntimeReady",
"status": true,
"reason": "",
"message": ""
},
{
"type": "NetworkReady",
"status": false,
"reason": "NetworkPluginNotReady",
"message": "Network plugin returns error: Missing CNI default network"
}
]
}
}Pull a test image:
$ sudo crictl pull nginx
Image is up to date for docker.io/library/nginx@sha256:c870bf53de0357813af37b9500cb1c2ff9fb4c00120d5fe1d75c21591293c34d
$ sudo crictl pull hello-world
Image is up to date for docker.io/library/hello-world@sha256:6a65f928fb91fcfbc963f7aa6d57c8eeb426ad9a20c7ee045538ef34847f44f1
$ sudo crictl pull busybox
Image is up to date for docker.io/library/busybox@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209
List available images:
$ sudo crictl images
IMAGE TAG IMAGE ID SIZE
docker.io/library/alpine latest a24bb4013296f 5.85MB
docker.io/library/busybox latest 1c35c44120825 1.44MB
docker.io/library/hello-world latest bf756fb1ae65a 20kB
docker.io/library/nginx latest 4392e5dad77db 136MBCreate pod sandbox config file:
cat >nginx.json<<EOF
{
"metadata": {
"name": "nginx-container",
"attempt": 1
},
"image": {
"image": "nginx"
},
"log_path": "nginx.log",
"linux": {
"security_context": {
"namespace_options": {}
}
}
}
EOF
cat >net-pod.json<<EOF
{
"metadata": {
"name": "networking",
"uid": "networking-pod-uid",
"namespace": "default",
"attempt": 1
},
"hostname": "networking",
"port_mappings": [
{
"container_port": 80
}
],
"log_directory": "/tmp/net-pod",
"linux": {}
}
EOF
Run the pod
sudo crictl runp net-pod.json
sudo crictl create nginx.json net-pod.json
sudo crictl ps -aEnjoy using CRI-O on Ubuntu with Kubernetes. If you want to master Kubernetes administration, checkout the books below.
For installation of CRI-O on CentOS Linux, refer to:
