2 min Applications

Cloud Native Computing Foundation adopts CRI-O

Cloud Native Computing Foundation adopts CRI-O

The Cloud Native Computing Foundation (CNCF) has adopted the open source Container Runtime Interface – Orchestrator (CRI-O) runtime. According to ZDNet, the orchestration program may thus become the top of container deployments.

According to ZDNet, the reason behind this rise to the top is that an orchestration program is required to run containers to scale. At the end of 2017, kubernetes became the most popular container orchestrator. Now it is possible to use Docker to turn containers under cubes, but the lightweight CRI-O runtime works well with cubes.

CRI began as an API to define calls to container runtimes. This made it possible to create cubernete-friendly, lightweight container runtime programs. CRI-O was the first cubic nets of CRI-compatible container runtime. It was developed by Google and Red Hat, with the help of Intel, Suse and IBM.

CRI-O’s popularity, according to Cubernet co-founder Brendan Burns, is partly due to “CRI-O was not intended to reinvent the wheel, but to use and refine shared components that have been tested in production”.

Features

CRI-O therefore has various functions. For example, the github.com/containers/storage library is used to manage layers and to create root file systems for the containers in a pod. OverlayFS, devicemapper, AUFS and btrfs are implemented, with OverlayFS as the standard driver.

The github.com/container/image library is then used to extract images from registries. Currently, the Docker supports schema2/version 1, as well as schema 2/version 2. In addition, it passes all Docker and kubernetes tests.

In the field of networking, the Container Network Interface (CNI) is used to set up networking for the pods. Several CNI plug-ins such as Flannel, Weave, Cilium and OpenShift-SDN have been tested with CRI-O and work as expected. github.com/containers/conmon is used to monitor the containers, handle the logging of the container process, provide attach clients and detect and report Out Of Memory situations.

Finally, container security separation policies are provided by a series of tools, including SELinux, Capabilities and seccomp.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.