CRI (Container Runtime Interface) consists of a protobuf API, specifications/requirements (to-be-added), and libraries for container runtimes to integrate with kubelet on a node. CRI is currently in Alpha.
In the future, we plan to add more developer tools such as the CRI validation tests.
Prior to the existence of CRI, container runtimes (e.g.,
integrated with kubelet through implementing an internal, high-level interface
in kubelet. The entrance barrier for runtimes was high because the integration
required understanding the internals of kubelet and contributing to the main
Kubernetes repository. More importantly, this would not scale because every new
addition incurs a significant maintenance overhead in the main Kubernetes
Kubernetes aims to be extensible. CRI is one small, yet important step to enable pluggable container runtimes and build a healthier ecosystem.
For Kubernetes 1.6+:
CRI is still young and we are actively incorporating feedback from developers to improve the API. Although we strive to maintain backward compatibility, developers should expect occasional API breaking changes.
For Kubernetes 1.5, additional flags are required:
- Set apiserver flag
- Set kubelet flag
Yes, Kubelet always uses CRI except for using the rktnetes integration.
The old, pre-CRI Docker integration was removed in 1.7.
The Kubernetes 1.5 blog post on CRI serves as a general introduction.
Below is a mixed list of CRI specifications/requirements, design docs and proposals. We are working on adding more documentation for the API.
--enable-criflag has been removed.
The Docker CRI integration has been promoted to Beta, and been enabled by
default in Kubelet.
- Upgrade: It is recommended to drain your node before upgrading the
Kubelet. If you choose to perform in-place upgrade, the Kubelet will
restart all Kubernetes-managed containers on the node.
- Resource usage and performance: There is no performance regression
in our measurement. The memory usage of Kubelet increases slightly
(~0.27MB per pod) due to the additional gRPC serialization for CRI.
- Disable: To disable the Docker CRI integration and fall back to the
old implementation, set
--enable-cri=false. Note that the old
implementation has been deprecated and is scheduled to be removed in
the next release. You are encouraged to migrate to CRI as early as
- Others: The Docker container naming/labeling scheme has changed
significantly in 1.6. This is perceived as implementation detail and
should not be relied upon by any external tools or scripts.