Skip to content

CRI (container Runtime Interface)

CRI (container Runtime Interface) is a set of gRPC interfaces that define how the kubelet interacts with container runtimes^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md]. Instead of calling the Docker API directly, the kubelet uses CRI to manage container lifecycles and images in a runtime-agnostic way^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md].

Architecture

The introduction of CRI serves as a buffer between the Kubernetes core and specific container technologies^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md]. For example, when using Docker, a specific component called dockershim acts as an adapter^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md].

In this workflow, the kubelet invokes a generic component (e.g., GenericRuntime), which sends CRI requests. The dockershim receives these requests, translates them into Docker API calls, and forwards them to the Docker Daemon^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md].

Interface Definition

The CRI specification consists of two main services, each handling a specific domain of container operations^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md]:

  1. RuntimeService: Manages the lifecycle of containers and sandboxes (Pods). Key operations include creating, starting, and deleting containers, as well as executing commands inside containers (exec)^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md].
  2. ImageService: Manages container images. Operations include pulling images from a registry and removing them from the node^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md].

Design Principles

A core principle of CRI is to focus strictly on containers rather than Pods^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md].

  • Runtime Abstraction: Since "Pod" is a Kubernetes orchestration concept and not a native container runtime concept, CRI does not assume the underlying runtime can map directly to a Pod API^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md].
  • Interface Stability: By decoupling the interface from the Pod object definition, CRI avoids the need for frequent updates. Since the Pod API fields changed frequently during early Kubernetes development, keeping the interface container-focused ensures stability for runtime implementors^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md].

Consequently, there is no direct "create Pod" or "start Pod" method within the CRI interface itself^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md].

Sources

^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes调度机制.md]