Introduction to the Container Runtime Interface (CRI)

In Kubernetes, Pods are introduced to describe a cohesive unit of Service, where multiple cooperating processes are running as containers with shared storage, network, etc. To better manage these Pods, a component called kubelet is running as a daemon on every node. The kubelet plays a crucial role in the Kubernetes system. It is the primary implementer of Pods and the driver of the container execution layer. It is kubelet that makes Pods into a group of running containers. However, kubelet itself doesn’t directly manage the lifecycle of containers. A container engine, also known as a container runtime, is invoked to do low-level container management, such as loading container images from a registry, mounting a volume to a container, assigning network interfaces, and so on.

Some common container runtimes are containerd, CRI-O, and Docker. However, Kubernetes support for Docker via dockershim is marked as deprecated since v1.20 and fully removed in v1.24. As part of the effort to support various container runtimes, the community introduced a plugin interface called CRI (Container Runtime Interface) since v1.5, when Docker and rkt were built-in integrated into the source code of kubelet.