Virtualization Technology News and Information
Cloud Native Computing Foundation Announces Graduation of CRI-O
The Cloud Native Computing Foundation (CNCF), which builds sustainable ecosystems for cloud native software, announced the graduation of the CRI-O project. CRI-O provides a secure, performant, and stable Container Runtime Interface (CRI) implementation for the Kubelet to orchestrate Open Container Initiative (OCI) containers in production Kubernetes environments.

CRI-O was born in the Kubernetes incubator in 2016, initially created by Red Hat. It was accepted to CNCF in April 2019. Since then, the project has been adopted by seven new organizations to reach more than ten public adopters, including Digital Science, Lyft, and Reddit. It also runs on tens of thousands of clusters and has released 11 new minor versions, around 100 patch releases, and has had more than 4,000 commits to the main branch. New features from these releases include dropping the pause container, seccomp notify, sigstore signature validation, and many more.

"CRI-O's simplicity and deep Kubernetes integration as an OCI runtime results in an enterprise-ready runtime that is secure by default and efficient to operate at scale," said Tyler Lisowski, IBM Cloud Satellite Lead Architect at IBM. "It enables IBM to run workloads efficiently at scale by reducing the resources required by the container runtime. The streamlined design provides deep visibility into all layers of the stack, which is critical for operating a global large-scale Kubernetes fleet. Its support of various security tools like selinux and seccomp enable CRI-O to run workloads in the least privileged mode is critical for regulated workloads. The community has been exceptional in guiding us on our adoption journey and enhancing the runtime based on trends we have seen with our clients." 

CRI-O is well integrated with the cloud native ecosystem. The project maintainers work closely with the containerd community under the Kubernetes Special Interest Group (SIG) Node to define the CRI spec, a protocol that uses gRPC. CRI-O also utilizes CNI to provision networking resources of the pods and integrates with both Prometheus and OpenTelemetry for reporting metrics and tracing. 

CNCF's recent Cloud Native Survey found that Kubernetes has matured into a mainstream technology. As a result, more organizations are moving up the cloud native stack, leveraging technologies like Kubernetes APIs and interfaces. This was particularly apparent with runtime containers like CRI-O, which saw a rise in production usage of 51% year over year.

"CRI-O has remained focused on creating a simple and lightweight container runtime optimized for Kubernetes only in large-scale production environments," said Chris Aniszczyk, CTO at CNCF. "At the end of the day, it's great to have options and competition in the container runtime space. We look forward to seeing even more achievements and growth from the project team as a graduated project."

Looking forward, CRI-O has plans to improve upstream documentation, automate the release process, increase pod density on nodes, and more. The project is also working to move certain pieces to the Rust language.

"CRI-O has provided Adobe with a solid container runtime with excellent community backing," said Evan Foster, Senior Cloud Engineer at Adobe. "The software is rock steady at scale, meaning more stable clusters and fewer alerts. When we encountered issues or requested features, the project's maintainers and community members swooped in to investigate and assist. CRI-O grows with and adapts to the needs of those using it."

To officially graduate from incubating status, the CRI-O updated its governance, implemented a Code of Conduct, added a security list, participated in a security audit by Ada Logics, coordinated by CNCF and OSTIF, gained multiple end users and interviewed those end users, did documentation, encouraged new contributors.

Published Wednesday, July 19, 2023 3:33 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2023>