Skip to content

Container Runtime Interface (CRI)

The Container Runtime Interface (CRI) is a set of gRPC APIs that defines the interaction between Kubernetes and the container runtime.^[400-devops-06-kubernetes-k8s-paas-kubernetes.md]

Architecture

Instead of directly calling the Docker API, the kubelet uses the CRI to indirectly execute commands via the underlying container runtime.^[400-devops-06-kubernetes-k8s-paas-kubernetes.md] For example, when using Docker, a component called dockershim acts as an intermediary, translating CRI requests into Docker API requests for the Docker Daemon.^[400-devops-06-kubernetes-k8s-paas-kubernetes.md]

Interface Components

The CRI consists of two main services:

  • RuntimeService: Handles container-specific operations such as creating, starting, and deleting containers, as well as executing commands.^[400-devops-06-kubernetes-k8s-paas-kubernetes.md]
  • ImageService: Manages container image operations, including pulling and removing images.^[400-devops-06-kubernetes-k8s-paas-kubernetes.md]

Design Principles

A key design principle of the CRI is that it focuses solely on containers, excluding the concept of a Pod.^[400-devops-06-kubernetes-k8s-paas-kubernetes.md] This separation ensures the interface remains stable and decoupled from the specific implementation details of Kubernetes' internal Pod objects, which are subject to frequent change.^[400-devops-06-kubernetes-k8s-paas-kubernetes.md]

Sources

^[400-devops-06-kubernetes-k8s-paas-kubernetes.md]