cri-containerd
is a containerd based implementation of Kubernetes container runtime interface (CRI).
With it, you could run Kubernetes using containerd as the container runtime.
cri-containerd
is in alpha:
- It is feature complete.
- It works with Kubernetes >= 1.7.
- It has passed all CRI validation tests.
- It has passed all regular node e2e tests.
For a multi node cluster installer and bring up steps using ansible and kubeadm refer here.
For non ansible users, you can download the cri-containerd
release tarball and deploy
kubernetes cluster using kubeadm as described here.
The current release of cri-containerd
has the following dependencies:
See versions of these dependencies cri-containerd
is tested with.
As containerd and runc move to their respective general availability releases,
we will do our best to rebase/retest cri-containerd
with these releases on a
weekly/monthly basis. Similarly, given that cri-containerd
uses the Open
Container Initiative (OCI) image
and runtime specifications, we
will also do our best to update cri-containerd
to the latest releases of these
specifications as appropriate.
- Install development libraries:
- libseccomp development library. Required by cri-containerd and runc seccomp support.
libseccomp-dev
(Ubuntu, Debian) /libseccomp-devel
(Fedora, CentOS, RHEL). On releases of Ubuntu <=Trusty and Debian <=jessie a backport version oflibsecomp-dev
is required. See travis.yml for an example on trusty. - libapparmor development library. Required by cri-containerd and runc apparmor support. To use apparmor on Debian, Ubuntu, and related distributions the installation of
libapparmor-dev
is required. - btrfs development library. Required by containerd btrfs support.
btrfs-tools
(Ubuntu, Debian) /btrfs-progs-devel
(Fedora, CentOS, RHEL)
- Install other dependencies:
nsenter
: Required by CNI and portforward.socat
: Required by portforward.
- Install and setup a go 1.8.x development environment.
- Make a local clone of this repository.
- Install binary dependencies by running the following command from your cloned
cri-containerd/
project directory:
# Note: install.deps installs the above mentioned runc, containerd, and CNI
# binary dependencies. install.deps is only provided for general use and ease of
# testing. To customize `runc` and `containerd` build tags and/or to configure
# `cni`, please follow instructions in their documents.
make install.deps
To build and install cri-containerd
enter the following commands from your cri-containerd
project directory:
make
sudo make install
cri-containerd
supports optional build tags for compiling support of various features.
To add build tags to the make option the BUILDTAGS
variable must be set.
make BUILD_TAGS='seccomp apparmor'
Build Tag | Feature | Dependency |
---|---|---|
seccomp | syscall filtering | libseccomp development library |
selinux | selinux process and mount labeling | |
apparmor | apparmor profile support | libapparmor development library |
Another Kubernetes incubator project called cri-tools
includes programs for exercising CRI implementations such as cri-containerd
.
More importantly, cri-tools includes the program critest
which is used for running
CRI Validation Testing.
Run the CRI Validation test to validate your installation of cri-containerd
:
make test-cri
If you already have a working development environment for supported Kubernetes version, you can
try cri-containerd
in a local cluster:
- Start
containerd
as root in a first terminal:
sudo containerd
- Start
cri-containerd
as root in a second terminal:
sudo cri-containerd -v 2 --alsologtostderr
- From the Kubernetes project directory startup a local cluster using
cri-containerd
:
CONTAINER_RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT='/var/run/cri-containerd.sock' ./hack/local-up-cluster.sh
See here for information about test.
See here for additional documentation.
Interested in contributing? Check out the documentation.
This is a Kubernetes Incubator project. The project was established 2017/4/13. The incubator team for the project is:
- Sponsor: Dawn Chen (@dchen1107)
- Champion: Yuju Hong (@yujuhong)
- SIG:
sig-node
For more information about sig-node
and the cri-containerd
project:
- sig-node community site
- Slack:
#sig-node
channel in Kubernetes (kubernetes.slack.com) - Mailing List: https://groups.google.com/forum/#!forum/kubernetes-sig-node
Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.