# cri
*Note: The standalone `cri-containerd` binary is end-of-life. `cri-containerd` is transitioning from a standalone binary that talks to containerd to a plugin within containerd. This github branch is for the `cri` plugin. See [standalone-cri-containerd branch](https://github.com/containerd/cri/tree/standalone-cri-containerd) for information about the standalone version of `cri-containerd`.* *Note: You need to [drain your node](https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/) before upgrading from standalone `cri-containerd` to containerd with `cri` plugin.* [![Build Status](https://api.travis-ci.org/containerd/cri.svg?style=flat-square)](https://travis-ci.org/containerd/cri) [![Go Report Card](https://goreportcard.com/badge/github.com/containerd/cri)](https://goreportcard.com/report/github.com/containerd/cri) `cri` is a [containerd](https://containerd.io/) plugin implementation of Kubernetes [container runtime interface (CRI)](https://github.com/kubernetes/cri-api/blob/master/pkg/apis/runtime/v1alpha2/api.proto). With it, you could run Kubernetes using containerd as the container runtime. ![cri](./docs/cri.png) ## Current Status `cri` is a native plugin of containerd 1.1 and above. It is built into containerd and enabled by default. `cri` is in GA: * It is feature complete. * It (the GA version) works with Kubernetes 1.10 and above. * It has passed all [CRI validation tests](https://github.com/kubernetes/community/blob/master/contributors/devel/cri-validation.md). * It has passed all [node e2e tests](https://github.com/kubernetes/community/blob/master/contributors/devel/e2e-node-tests.md). * It has passed all [e2e tests](https://github.com/kubernetes/community/blob/master/contributors/devel/e2e-tests.md). See [test dashboard](https://k8s-testgrid.appspot.com/sig-node-containerd) ## Support Metrics | CRI-Containerd Version | Containerd Version | Kubernetes Version | CRI Version | |:----------------------:|:------------------:|:------------------:|:-----------:| | v1.0.0-alpha.x | | 1.7, 1.8 | v1alpha1 | | v1.0.0-beta.x | | 1.9 | v1alpha1 | | End-Of-Life | v1.1 | 1.10+ | v1alpha2 | | | v1.2 | 1.10+ | v1alpha2 | | | HEAD | 1.10+ | v1alpha2 | **Note:** The support table above specifies the Kubernetes Version that was supported at time of release of the containerd - cri integration. The following is the current support table for containerd CRI integration taking into account that Kubernetes only supports n-3 minor release versions and 1.10 and 1.11 are now end-of-life. | Containerd Version | Kubernetes Version | CRI Version | |:------------------:|:------------------:|:-----------:| | v1.1 | 1.12+ | v1alpha2 | | v1.2 | 1.12+ | v1alpha2 | | HEAD | 1.12+ | v1alpha2 | ***Although not recommended, if you still plan to use containerd 1.2+ with Kubernetes <=1.11, please be sure to set `disable_proc_mount=true`.*** ## Production Quality Cluster on GCE For a production quality cluster on GCE brought up with `kube-up.sh` refer [here](docs/kube-up.md). ## Installing with Ansible and Kubeadm For a multi node cluster installer and bring up steps using ansible and kubeadm refer [here](contrib/ansible/README.md). ## Custom Installation For non ansible users, you can download the `cri-containerd` release tarball and deploy kubernetes cluster using kubeadm as described [here](docs/installation.md). ## Getting Started for Developers ### Binary Dependencies and Specifications The current release of the `cri` plugin has the following dependencies: * [containerd](https://github.com/containerd/containerd) * [runc](https://github.com/opencontainers/runc) * [CNI](https://github.com/containernetworking/cni) See [versions](./vendor.conf) of these dependencies `cri` is tested with. As containerd and runc move to their respective general availability releases, we will do our best to rebase/retest `cri` with these releases on a weekly/monthly basis. Similarly, given that `cri` uses the Open Container Initiative (OCI) [image](https://github.com/opencontainers/image-spec) and [runtime](https://github.com/opencontainers/runtime-spec) specifications, we will also do our best to update `cri` to the latest releases of these specifications as appropriate. ### Install Dependencies 1. Install development libraries: * **libseccomp development library.** Required by `cri` and runc seccomp support. `libseccomp-dev` (Ubuntu, Debian) / `libseccomp-devel` (Fedora, CentOS, RHEL). On releases of Ubuntu <=Trusty and Debian <=jessie a backport version of `libseccomp-dev` is required. See [travis.yml](.travis.yml) for an example on trusty. * **btrfs development library.** Required by containerd btrfs support. `btrfs-tools`(Ubuntu, Debian) / `btrfs-progs-devel`(Fedora, CentOS, RHEL) 2. Install **`socat`** (required by portforward). 2. Install and setup a go 1.10 development environment. 3. Make a local clone of this repository. 4. Install binary dependencies by running the following command from your cloned `cri/` project directory: ```bash # Note: install.deps installs the above mentioned runc, containerd, and CNI # binary dependencies. install.deps is only provided for general use and ease of # testing. To customize `runc` and `containerd` build tags and/or to configure # `cni`, please follow instructions in their documents. make install.deps ``` ### Build and Install `cri` To build and install a version of containerd with the `cri` plugin, enter the following commands from your `cri` project directory: ```bash make sudo make install ``` *NOTE: The version of containerd built and installed from the `Makefile` is only for testing purposes. The version tag carries the suffix "-TEST".* #### Build Tags `cri` supports optional build tags for compiling support of various features. To add build tags to the make option the `BUILD_TAGS` variable must be set. ```bash make BUILD_TAGS='seccomp apparmor' ``` | Build Tag | Feature | Dependency | |-----------|------------------------------------|---------------------------------| | seccomp | syscall filtering | libseccomp development library | | selinux | selinux process and mount labeling |