CRI (Container Runtime Interface)
Definition
CRI (Container Runtime Interface) is a Kubernetes API specification that defines how orchestration systems like Kubernetes communicate with container runtimes. It provides a standardized gRPC interface between the kubelet and container runtimes, allowing any runtime to work with Kubernetes.
CRI replaced earlier integrations (Docker shim, rkt) with a single, vendor-neutral interface.
CRI Architecture
Kubernetes API Server
↓
kubelet (on each worker node)
↓
CRI API (gRPC)
↓
Container Runtime (containerd, CRI-O, etc.)
↓
OCI-compliant containers
CRI Components
| Component |
Purpose |
| RuntimeService |
Manage container lifecycle (create, start, stop, delete) |
| ImageService |
Manage container images (pull, list, inspect) |
| NetworkPlugin |
Configure container networking (CNI) |
| VolumePlugin |
Manage container volumes |
CRI Runtimes
| Runtime |
Type |
Notes |
| containerd |
CNCF graduated |
Most popular, Docker uses containerd |
| CRI-O |
CNCF graduated |
Red Hat’s lightweight CRI runtime |
| dockerd (deprecated) |
Docker |
Docker shim removed in K8s 1.24 |
| Frakti |
Experimental |
Hypervisor-based containers (VMs) |
CRI vs CNI
| Aspect |
CRI |
CNI |
| Purpose |
Container lifecycle management |
Container networking |
| Scope |
Runtime integration |
Network configuration |
| API |
gRPC |
Binary plugins |
| Standard |
Kubernetes spec |
CNCF spec |
| Example |
containerd, CRI-O |
Calico, Flannel |
CRI Implementation
// Example: CRI gRPC service definition (simplified)
service RuntimeService {
rpc Version(VersionRequest) returns (VersionResponse) {}
rpc RunPodContainer(RunPodContainerRequest) returns (RunPodContainerResponse) {}
rpc StopPodContainer(StopPodContainerRequest) returns (StopPodContainerResponse) {}
rpc RemovePodContainer(RemovePodContainerRequest) returns (RemovePodContainerResponse) {}
// ... more methods
}
service ImageService {
rpc ListImages(ListImagesRequest) returns (ListImagesResponse) {}
rpc PullImage(PullImageRequest) returns (PullImageResponse) {}
rpc RemoveImage(RemoveImageRequest) returns (RemoveImageResponse) {}
// ... more methods
}
- Kubernetes — most popular CRI runtime
- CRI-O — lightweight CRI runtime by Red Hat
- Docker — container image and runtime standards
References
