How to Install CRI-O on Ubuntu 22.04 / Ubuntu 20.04


CRI-O is an open-source container engine and an alternative to the Docker engine. Using the CRI-O container engine, you can launch containers and pods by engaging OCI-compliant (Open Container Initiative) runtimes like runC (default runtime) or Kata Containers.

In the upcoming Kubernetes version v1.24, the Docker will no longer be supported as a runtime due to the removal of Dockershim. So, the CRI-O container engine will be a better replacement for your environment.

Here, we will see how to install CRI-O on Ubuntu 22.04 / Ubuntu 20.04.

Setup CRI-O Repository

Install the below packages to let apt have the support of the HTTPS method.

sudo apt update

sudo apt install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common

Setup variable based on the operating system and the CRI-O version you like to install. CRI-O follows the Kubernetes version release policy for minor versions (1.x.0) and patch releases (1.x.y) when required.

When writing this post, CRI-O packages are yet to be published for Ubuntu 22.04. However, the CRI-O packages for Ubuntu 20.04 are compatible with Ubuntu 22.04.
export OS_VERSION=xUbuntu_20.04

export CRIO_VERSION=1.23

Add the CRI-O’s GPG key to your system.

curl -fsSL$OS_VERSION/Release.key | sudo gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg

curl -fsSL$CRIO_VERSION/$OS_VERSION/Release.key | sudo gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg

Add the CRI-O repository to the system by running the below command.

echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg]$OS_VERSION/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list

echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg]$CRIO_VERSION/$OS_VERSION/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$CRIO_VERSION.list

Install CRI-O on Ubuntu 22.04

First, update the repository index.

sudo apt update

Then, install CRI-O and run-time client using the apt command.

sudo apt install -y cri-o cri-o-runc

Start and enable CRI-O Service

Use the below commands to start the CR-O service.

sudo systemctl daemon-reload

sudo systemctl enable crio

sudo systemctl start crio

By now, the CRI-O service should be up and running.

sudo systemctl status crio


 crio.service - Container Runtime Interface for OCI (CRI-O)
     Loaded: loaded (/lib/systemd/system/crio.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-04-29 12:04:02 EDT; 4min 31s ago
   Main PID: 931 (crio)
      Tasks: 11
     Memory: 61.3M
        CPU: 1.189s
     CGroup: /system.slice/crio.service
             └─931 /usr/bin/crio

Apr 29 12:04:02 ubuntu-2204 crio[931]: time="2022-04-29 12:04:02.141059476-04:00" level=warning msg="The binary con>
Apr 29 12:04:02 ubuntu-2204 systemd[1]: Started Container Runtime Interface for OCI (CRI-O).
Apr 29 12:04:02 ubuntu-2204 crio[931]: time="2022-04-29 12:04:02.235133356-04:00" level=info msg="Successfully clea

Install CNI Plugins For CRI-O

For the Pod to run, you need to set up CNI (Container Network Interface) and install CNI plugins. CNI configurations are stored in the /etc/cni/net.d directory and the bridge and loopback configurations are enabled by default which is enough for running Pods using CRI-O.

The default bridge configuration supports both IPv4 and IPv6. However, if you are setting up CNI on a node with IPv6 disabled, then I recommend you use 11-crio-ipv4-bridge.conf and remove the existing bridge configuration file 100-crio-bridge.conf.

In addition to the CNI configuration, you also need to install CNI plugins /opt/cni/bin for CRI-O. So, use the apt command to install CNI plugins.

sudo apt install -y containernetworking-plugins

Restart the CRI-O service.

sudo systemctl restart crio

Verify CRI-O Installation

Install CRI Tools to manage pods and containers.

sudo apt install -y cri-tools

Now, check the CRIO-O version using the below command.

sudo crictl --runtime-endpoint unix:///var/run/crio/crio.sock version


Version: 0.1.0
RuntimeName: cri-o
RuntimeVersion: 1.23.2
RuntimeApiVersion: v1alpha2

Finally, validate if CRI-O is ready for deploying Pods and containers.

sudo crictl info


  "status": {
    "conditions": [
        "type": "RuntimeReady",
        "status": true,
        "reason": "",
        "message": ""
        "type": "NetworkReady",
        "status": true,
        "reason": "",
        "message": ""

Manging Pods Using CRI-O crictl

Creating a Pod

Now that the CRI-O is ready to create a Pod. This section will walk you through launching a Ngnix web server in a Pod. Once the Nginx web server runs, we will validate if it serves web requests.

First, you need to set up a Pod sandbox (an isolated environment) using a Pod configuration.

sudo nano sandbox_nginx.json

Then, add the below configuration into the sandbox_nginx.json file.

    "metadata": {
        "name": "nginx-sandbox",
        "namespace": "default",
        "attempt": 1,
        "uid": "hdishd83djaidwnduwk28bcsb"
    "linux": {
    "log_directory": "/tmp"

Then, create the Pod configuration file. Also, store the Pod ID in a variable for later use.

SANDBOXPOD_ID=$(sudo crictl runp sandbox_nginx.json)

Validate if the Pod is created.

sudo crictl pods


POD ID              CREATED             STATE               NAME                NAMESPACE           ATTEMPT             RUNTIME
56a093bcd36b2       2 seconds ago       Ready               nginx-sandbox       default             1                   (default)

Use the crictl command to get the status of the Pod.

sudo crictl inspectp --output table $SANDBOXPOD_ID


Name: nginx-sandbox
UID: hdishd83djaidwnduwk28bcsb
Namespace: default
Attempt: 1
Created: 2022-04-29 02:51:07.235894834 -0400 EDT
IP Addresses:
Additional IP: 1100:200::2
Info: ....

Create Container Inside the Pod

First, use the crictl command to pull the Nginx image from Docker Hub.

sudo crictl pull nginx

Then, create container configuration for the Nginx web server.

sudo nano container_nginx.json

Add the below configuration into the container_nginx.json file.

  "metadata": {
      "name": "nginx"
      "image": "nginx"
  "linux": {

Now, attach the container to the sandbox Pod created earlier.

CONTAINER_ID=$(sudo crictl create $SANDBOXPOD_ID container_nginx.json sandbox_nginx.json)

Finally, Start the Nginx web server container

sudo crictl start $CONTAINER_ID

Validate if the container is running.

sudo crictl ps


CONTAINER           IMAGE               CREATED             STATE               NAME                ATTEMPT             POD ID
b0e8f4d5b6bad       nginx               37 seconds ago      Running             nginx               0                   56a093bcd36b2

Test Nginx Container

First, get Sandbox Pod’s IP to access the Nginx web server.

SANDBOXPOD_IP=$(sudo crictl inspectp --output go-template --template '{{}}' $SANDBOXPOD_ID)

Then, validate if the Nginx web server is serving HTTP requests.



<!DOCTYPE html>
<title>Welcome to nginx!</title>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href=""></a>.<br/>
Commercial support is available at
<a href=""></a>.</p>

<p><em>Thank you for using nginx.</em></p>


That’s All. I hope you have learned how to install CRI-O on Ubuntu 22.04 / Ubuntu 20.04.

You might also like