kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add CRI architecture to cluster concepts 

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
pull/30606/head
Sascha Grunert 2021-11-23 09:58:06 +01:00
parent 199047637f
commit 26aa51a940
No known key found for this signature in database
GPG Key ID: 09D97D153EF94D93
2 changed files with 73 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
content/en/docs/concepts/architecture/cri.md Normal file
View File

@ -0,0 +1,51 @@
---
title: Container Runtime Interface (CRI)
content_type: concept
weight: 50
---
<!-- overview -->
The CRI is a plugin interface which enables the kubelet to use a wide variety of
container runtimes, without having a need to recompile the cluster components.
You need a working
{{<glossary_tooltip text="container runtime" term_id="container-runtime">}} on
each Node in your cluster, so that the
{{< glossary_tooltip text="kubelet" term_id="kubelet" >}} can launch
{{< glossary_tooltip text="Pods" term_id="pod" >}} and their containers.
{{< glossary_definition term_id="container-runtime-interface" length="all" >}}
<!-- body -->
## The API {#api}
{{< feature-state for_k8s_version="v1.23" state="stable" >}}
The kubelet acts as a client when connecting to the container runtime via gRPC.
The runtime and image service endpoints have to be available in the container
runtime, which can be configured separately within the kubelet by using the
`--image-service-endpoint` and `--container-runtime-endpoint` [command line
flags](/docs/reference/command-line-tools-reference/kubelet)
For Kubernetes v{{< skew currentVersion >}}, the kubelet prefers to use CRI `v1`.
If a container runtime does not support `v1` of the CRI, then the kubelet tries to
negotiate any older supported version.
The v{{< skew currentVersion >}} kubelet can also negotiate CRI `v1alpha2`, but
this version is considered as deprecated.
If the kubelet cannot negotiate a supported CRI version, the kubelet gives up
and doesn't register as a node.
## Upgrading
When upgrading Kubernetes, then the kubelet tries to automatically select the
latest CRI version on restart of the component. If that fails, then the fallback
will take place as mentioned above. If a gRPC re-dial was required because the
container runtime has been upgraded, then the container runtime must also
support the initially selected version or the redial is expected to fail. This
requires a restart of the kubelet.
## {{% heading "whatsnext" %}}
- Learn more about the CRI [protocol definition](https://github.com/kubernetes/cri-api/blob/c75ef5b/pkg/apis/runtime/v1/api.proto)

22
content/en/docs/reference/glossary/container-runtime-interface.md Normal file
View File

@ -0,0 +1,22 @@
---
title: Container Runtime Interface
id: container-runtime-interface
date: 2021-11-24
full_link: /docs/concepts/architecture/cri
short_description: >
The main protocol for the communication between the kubelet and Container Runtime.
aka:
tags:
- cri
---
The main protocol for the communication between the kubelet and Container Runtime.
<!--more-->
The Kubernetes Container Runtime Interface (CRI) defines the main
[gRPC](https://grpc.io) protocol for the communication between the
[cluster components](/docs/concepts/overview/components/#node-components)
{{< glossary_tooltip text="kubelet" term_id="kubelet" >}} and
{{< glossary_tooltip text="container runtime" term_id="container-runtime" >}}.