Openshift , CRI‐o , Crun and runc - unix1998/technical_notes GitHub Wiki

In OpenShift, the default container runtime interface (CRI) is CRI-O. CRI-O is a lightweight container runtime specifically designed for Kubernetes, providing a reliable and efficient way to run containerized applications.

"runc" and "crun" are both low-level container runtimes that can be used by CRI-O:

  1. runc: This is the default low-level container runtime used by CRI-O. It is a lightweight and portable runtime for running containers, which adheres to the Open Container Initiative (OCI) standards. runc provides the fundamental container runtime functionalities, such as creating, starting, and managing the container lifecycle.

  2. crun: This is an alternative low-level container runtime that is designed to be fast and lightweight. It is written in C and aims to offer better performance and lower resource consumption compared to runc. crun is also compatible with OCI standards and can be used as a drop-in replacement for runc in CRI-O.

In essence, while CRI-O acts as the interface between Kubernetes and the container runtime, runc and crun are the actual executables that handle the low-level operations of running containers. Users can choose to use crun instead of runc with CRI-O for potential performance improvements.

Here's a breakdown of the relationship between these components:

  1. OpenShift: A Kubernetes-based platform for container orchestration, which uses various underlying components to manage and run containerized applications.

  2. CRI-O: The default Container Runtime Interface (CRI) implementation in OpenShift. It provides an interface for Kubernetes to interact with container runtimes. CRI-O is responsible for pulling container images, managing container lifecycle, and interfacing with the container runtime.

  3. runc / crun: These are low-level container runtimes used by CRI-O. They are responsible for the actual execution of containers. CRI-O uses these runtimes to handle the low-level operations required to create, start, and manage containers.

So, the hierarchy looks like this:

  • OpenShift
    • Uses CRI-O as the container runtime interface.
      • CRI-O can use runc (default) or crun (alternative) to execute containers.

This means CRI-O acts as an intermediary between Kubernetes (used by OpenShift) and the container runtimes (runc or crun).