The Cloud Native Computing Foundation announced the graduation of the CRI-O project which provides a secure, performant, and stable Container Runtime Interface (CRI) implementation for kubelet in Kubernetes production environments. The project has been adopted by seven new organizations, released 11 new minor versions, and had more than 4,000 commits to the main branch.
New features from these releases include dropping the pause container, Seccomp notify, and Sigstore signature validation, amongst others. CRI-O is well integrated with the cloud native ecosystem and uses gRPC protocol with CNI to provision networking resources. Looking forward, CRI-O has plans to improve upstream documentation, automate the release process, and increase pod density on nodes moving parts to Rust language.
According to the CNCF Cloud Native Survey, Kubernetes saw a 51% year-over-year growth in production usage due to its increased popularity. Cloud Native Survey found that Kubernetes usage is maturing and saw a rise in production usage for runtime containers such as CRI-O.
CRI-O originated within the Kubernetes incubator back in 2016, with its inception by Red Hat. By April 2019, it had earned acceptance into the Cloud Native Computing Foundation (CNCF). To transition from its incubation phase to official graduation, CRI-O undertook several important steps. These included enhancing its governance structure, instituting a Code of Conduct, establishing a security list, undergoing a security audit conducted by Ada Logics in coordination with CNCF and OSTIF, garnering a diverse user base and conducting user interviews, investing in comprehensive documentation, and actively fostering new contributors.
Chris Aniszczyk, CTO at CNCF said,
CRI-O has remained focused on creating a simple and lightweight container runtime optimized for Kubernetes only in large-scale production environments. At the end of the day, it’s great to have options and competition in the container runtime space. We look forward to seeing even more achievements and growth from the project team as a graduated project.
Sascha Grunert, CRI-O maintainer and senior software engineer at Red Hat mentioned,
CRI-O is the first open source project I started contributing continuously as part of my professional career, and I’m proud to be part of this wonderful inclusive community. The exciting part of CRI-O is that everyone welcomes change and is willing to try experimental features, driving true innovation. CNCF provides great support for projects to grow, like providing dedicated mailing lists or test environments, and I look forward to continuing to grow with the community.
As a side, the maintainers of CRI-O will be hosting a session at KubeCon + CloudNative North America 2023. During this session, they will delve into topics such as the latest architecture, the journey of achieving graduation, and the technical intricacies behind recent enhancements like the verification of sigstore signatures.
Interested readers can learn more about the project at GitHub. Recently, CRI-O released v1.28.0. Readers can also engage with the community on their #crio channel in the Kubernetes workspace.