CRI-O is an open-source container engine and an alternative to the Docker engine. Using the CRI-O container engine, you can launch containers and pods by engaging OCI-compliant (Open Container Initiative) runtimes like runC (default runtime) or Kata Containers.
In the upcoming Kubernetes version v1.24, the Docker will no longer be supported as a runtime due to the removal of Dockershim. So, the CRI-O container engine will be a better replacement for your environment.
Here, we will see how to install CRI-O on Ubuntu 22.04 / Ubuntu 20.04.
Setup CRI-O Repository
Install the below packages to let apt
have the support of the HTTPS method.
sudo apt update sudo apt install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common
Setup variable based on the operating system and the CRI-O version you like to install. CRI-O follows the Kubernetes version release policy for minor versions (1.x.0) and patch releases (1.x.y) when required.
export OS_VERSION=xUbuntu_20.04 export CRIO_VERSION=1.23
Add the CRI-O’s GPG key to your system.
curl -fsSL https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS_VERSION/Release.key | sudo gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg curl -fsSL https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$CRIO_VERSION/$OS_VERSION/Release.key | sudo gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg
Add the CRI-O repository to the system by running the below command.
echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS_VERSION/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$CRIO_VERSION/$OS_VERSION/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$CRIO_VERSION.list
Install CRI-O on Ubuntu 22.04
First, update the repository index.
sudo apt update
Then, install CRI-O and run-time client using the apt
command.
sudo apt install -y cri-o cri-o-runc
Start and enable CRI-O Service
Use the below commands to start the CR-O service.
sudo systemctl daemon-reload sudo systemctl enable crio sudo systemctl start crio
By now, the CRI-O service should be up and running.
sudo systemctl status crio
Output:
● crio.service - Container Runtime Interface for OCI (CRI-O) Loaded: loaded (/lib/systemd/system/crio.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2022-04-29 12:04:02 EDT; 4min 31s ago Docs: https://github.com/cri-o/cri-o Main PID: 931 (crio) Tasks: 11 Memory: 61.3M CPU: 1.189s CGroup: /system.slice/crio.service └─931 /usr/bin/crio Apr 29 12:04:02 ubuntu-2204 crio[931]: time="2022-04-29 12:04:02.141059476-04:00" level=warning msg="The binary con> Apr 29 12:04:02 ubuntu-2204 systemd[1]: Started Container Runtime Interface for OCI (CRI-O). Apr 29 12:04:02 ubuntu-2204 crio[931]: time="2022-04-29 12:04:02.235133356-04:00" level=info msg="Successfully clea
Install CNI Plugins For CRI-O
For the Pod to run, you need to set up CNI (Container Network Interface) and install CNI plugins. CNI configurations are stored in the /etc/cni/net.d
directory and the bridge and loopback configurations are enabled by default which is enough for running Pods using CRI-O.
The default bridge configuration supports both IPv4 and IPv6. However, if you are setting up CNI on a node with IPv6 disabled, then I recommend you use 11-crio-ipv4-bridge.conf
and remove the existing bridge configuration file 100-crio-bridge.conf
.
In addition to the CNI configuration, you also need to install CNI plugins /opt/cni/bin
for CRI-O. So, use the apt command to install CNI plugins.
sudo apt install -y containernetworking-plugins
Restart the CRI-O service.
sudo systemctl restart crio
Verify CRI-O Installation
Install CRI Tools to manage pods and containers.
sudo apt install -y cri-tools
Now, check the CRIO-O version using the below command.
sudo crictl --runtime-endpoint unix:///var/run/crio/crio.sock version
Output:
Version: 0.1.0 RuntimeName: cri-o RuntimeVersion: 1.23.2 RuntimeApiVersion: v1alpha2
Finally, validate if CRI-O is ready for deploying Pods and containers.
sudo crictl info
Output:
{ "status": { "conditions": [ { "type": "RuntimeReady", "status": true, "reason": "", "message": "" }, { "type": "NetworkReady", "status": true, "reason": "", "message": "" } ] }
Manging Pods Using CRI-O crictl
Creating a Pod
Now that the CRI-O is ready to create a Pod. This section will walk you through launching a Ngnix web server in a Pod. Once the Nginx web server runs, we will validate if it serves web requests.
First, you need to set up a Pod sandbox (an isolated environment) using a Pod configuration.
sudo nano sandbox_nginx.json
Then, add the below configuration into the sandbox_nginx.json
file.
{ "metadata": { "name": "nginx-sandbox", "namespace": "default", "attempt": 1, "uid": "hdishd83djaidwnduwk28bcsb" }, "linux": { }, "log_directory": "/tmp" }
Then, create the Pod configuration file. Also, store the Pod ID in a variable for later use.
SANDBOXPOD_ID=$(sudo crictl runp sandbox_nginx.json)
Validate if the Pod is created.
sudo crictl pods
Output:
POD ID CREATED STATE NAME NAMESPACE ATTEMPT RUNTIME 56a093bcd36b2 2 seconds ago Ready nginx-sandbox default 1 (default)
Use the crictl
command to get the status of the Pod.
sudo crictl inspectp --output table $SANDBOXPOD_ID
Output:
Name: nginx-sandbox
UID: hdishd83djaidwnduwk28bcsb
Namespace: default
Attempt: 1
Status: SANDBOX_READY
Created: 2022-04-29 02:51:07.235894834 -0400 EDT
IP Addresses: 10.85.0.2
Additional IP: 1100:200::2
Info: ....
........
........
Create Container Inside the Pod
First, use the crictl
command to pull the Nginx image from Docker Hub.
sudo crictl pull nginx
Then, create container configuration for the Nginx web server.
sudo nano container_nginx.json
Add the below configuration into the container_nginx.json
file.
{ "metadata": { "name": "nginx" }, "image":{ "image": "nginx" }, "log_path":"nginx.0.log", "linux": { } }
Now, attach the container to the sandbox Pod created earlier.
CONTAINER_ID=$(sudo crictl create $SANDBOXPOD_ID container_nginx.json sandbox_nginx.json)
Finally, Start the Nginx web server container
sudo crictl start $CONTAINER_ID
Validate if the container is running.
sudo crictl ps
Output:
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID b0e8f4d5b6bad nginx 37 seconds ago Running nginx 0 56a093bcd36b2
Test Nginx Container
First, get Sandbox Pod’s IP to access the Nginx web server.
SANDBOXPOD_IP=$(sudo crictl inspectp --output go-template --template '{{.status.network.ip}}' $SANDBOXPOD_ID)
Then, validate if the Nginx web server is serving HTTP requests.
curl $SANDBOXPOD_IP
Output:
<!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
Conclusion
That’s All. I hope you have learned how to install CRI-O on Ubuntu 22.04 / Ubuntu 20.04.