The Kubernetes Container Runtime provides users with a simple, clear, and performant container manager for cloud native workloads
SAN FRANCISCO, Calif. – July 19, 2023 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the graduation of the CRI-O project. CRI-O provides a secure, performant, and stable Container Runtime Interface (CRI) implementation for the Kubelet to orchestrate Open Container Initiative (OCI) containers in production Kubernetes environments.
CRI-O was born in the Kubernetes incubator in 2016, initially created by Red Hat. It was accepted to CNCF in April 2019. Since then, the project has been adopted by seven new organizations to reach more than ten public adopters, including Digital Science, Lyft, and Reddit. It also runs on tens of thousands of clusters and has released 11 new minor versions, around 100 patch releases, and has had more than 4,000 commits to the main branch. New features from these releases include dropping the pause container, seccomp notify, sigstore signature validation, and many more.
“CRI-O’s simplicity and deep Kubernetes integration as an OCI runtime results in an enterprise-ready runtime that is secure by default and efficient to operate at scale,” said Tyler Lisowski, IBM Cloud Satellite Lead Architect at IBM. “It enables IBM to run workloads efficiently at scale by reducing the resources required by the container runtime. The streamlined design provides deep visibility into all layers of the stack, which is critical for operating a global large-scale Kubernetes fleet. Its support of various security tools like selinux and seccomp enable CRI-O to run workloads in the least privileged mode is critical for regulated workloads. The community has been exceptional in guiding us on our adoption journey and enhancing the runtime based on trends we have seen with our clients.”
CRI-O is well integrated with the cloud native ecosystem. The project maintainers work closely with the containerd community under the Kubernetes Special Interest Group (SIG) Node to define the CRI spec, a protocol that uses gRPC. CRI-O also utilizes CNI to provision networking resources of the pods and integrates with both Prometheus and OpenTelemetry for reporting metrics and tracing.
CNCF’s recent Cloud Native Survey found that Kubernetes has matured into a mainstream technology. As a result, more organizations are moving up the cloud native stack, leveraging technologies like Kubernetes APIs and interfaces. This was particularly apparent with runtime containers like CRI-O, which saw a rise in production usage of 51% year over year.
“CRI-O has remained focused on creating a simple and lightweight container runtime optimized for Kubernetes only in large-scale production environments,” said Chris Aniszczyk, CTO at CNCF. “At the end of the day, it’s great to have options and competition in the container runtime space. We look forward to seeing even more achievements and growth from the project team as a graduated project.”
Looking forward, CRI-O has plans to improve upstream documentation, automate the release process, increase pod density on nodes, and more. The project is also working to move certain pieces to the Rust language.
“CRI-O has provided Adobe with a solid container runtime with excellent community backing,” said Evan Foster, Senior Cloud Engineer at Adobe. “The software is rock steady at scale, meaning more stable clusters and fewer alerts. When we encountered issues or requested features, the project’s maintainers and community members swooped in to investigate and assist. CRI-O grows with and adapts to the needs of those using it.”
To officially graduate from incubating status, the CRI-O updated its governance, implemented a Code of Conduct, added a security list, participated in a security audit by Ada Logics, coordinated by CNCF and OSTIF, gained multiple end users and interviewed those end users, did documentation, encouraged new contributors.
Supporting Quotes
“Since joining CNCF, we’ve made a lot of advancements in the CRI-O community,” said Peter Hunt, CRI-O maintainer and Senior Software Engineer at Red Hat. “The performance improvements and optimizations made to hone CRI-O to the behavior of the Kubelet are the changes that I’m most proud of, as they open up the possibility of increased node density and are a key differentiating factor for CRI-O. We’re very excited to be among a growing list of projects that have proven their stability and reliability for the ecosystem.”
“CRI-O is the first open source project I started contributing continuously as part of my professional career, and I’m proud to be part of this wonderful inclusive community,” said Sascha Grunert, CRI-O maintainer and Senior Software Engineer, Red Hat. “The exciting part of CRI-O is that everyone welcomes change and is willing to try experimental features, driving true innovation. CNCF provides great support for projects to grow, like providing dedicated mailing lists or test environments, and I look forward to continuing to grow with the community.”
“CRI-O was started to be a Kubernetes focussed runtime,” said Mrunal Patel, CRI-O maintainer and Senior Principal Software Engineer at Red Hat. “We have achieved that goal while fostering new ideas and approaches to solving problems in the container runtime space. We are excited to be graduating as part of CNCF and will continue working with the cloud native community to innovate.”
“I remain impressed by the CRI-O community and its open and welcoming nature,” said Krisztian Litkey, CRI-O maintainer and Linux Software Engineer at Intel. “Software developers tend to be an opinionated bunch – we know the best programming language, libraries, way to do things, etc. One might expect a community of developers with different backgrounds to be arrogant or dismissive, but the CRI-O community is welcoming, open-minded, and helpful to newcomers with less experience. Together we’ve also made some great technical achievements.”
About Cloud Native Computing Foundation
Cloud native computing empowers organizations to build and run scalable applications with an open source software stack in public, private, and hybrid clouds. The Cloud Native Computing Foundation (CNCF) hosts critical components of the global technology infrastructure, including Kubernetes, Prometheus, and Envoy. CNCF brings together the industry’s top developers, end users, and vendors and runs the largest open source developer conferences in the world. Supported by more than 800 members, including the world’s largest cloud computing and software companies, as well as over 200 innovative startups, CNCF is part of the nonprofit Linux Foundation. For more information, please visit www.cncf.io.
###
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page. Linux is a registered trademark of Linus Torvalds.
Media Contact
Katie Meinders
The Linux Foundation
PR@CNCF.io