DEVOPSdigest

The Cloud Native Computing Foundation® (CNCF®) announced the graduation of the CRI-O project.

CRI-O provides a secure, performant, and stable Container Runtime Interface (CRI) implementation for the Kubelet to orchestrate Open Container Initiative (OCI) containers in production Kubernetes environments.

CRI-O was born in the Kubernetes incubator in 2016, initially created by Red Hat. It was accepted to CNCF in April 2019. Since then, the project has been adopted by seven new organizations to reach more than ten public adopters, including Digital Science, Lyft, and Reddit. It also runs on tens of thousands of clusters and has released 11 new minor versions, around 100 patch releases, and has had more than 4,000 commits to the main branch. New features from these releases include dropping the pause container, seccomp notify, sigstore signature validation, and many more.

CRI-O is well integrated with the cloud native ecosystem. The project maintainers work closely with the containerd community under the Kubernetes Special Interest Group (SIG) Node to define the CRI spec, a protocol that uses gRPC. CRI-O also utilizes CNI to provision networking resources of the pods and integrates with both Prometheus and OpenTelemetry for reporting metrics and tracing.

"CRI-O has remained focused on creating a simple and lightweight container runtime optimized for Kubernetes only in large-scale production environments," said Chris Aniszczyk, CTO at CNCF. "At the end of the day, it's great to have options and competition in the container runtime space. We look forward to seeing even more achievements and growth from the project team as a graduated project."

Looking forward, CRI-O has plans to improve upstream documentation, automate the release process, increase pod density on nodes, and more. The project is also working to move certain pieces to the Rust language.

To officially graduate from incubating status, the CRI-O updated its governance, implemented a Code of Conduct, added a security list, participated in a security audit by Ada Logics, coordinated by CNCF and OSTIF, gained multiple end users and interviewed those end users, did documentation, encouraged new contributors.