在Kubrnetes的最底层是容器运行时(Container Runtime),他们负责启动、暂停容器。最有名的容器运行时就是Docker了,后面又支持rkt。在kubernetes 1.5版本,kubernetes引入了CRI,即Container Runtime Interface。
1. 什么是容器运行时,为什么Kubrenes需要它?
每一种容器运行时,都有自己的有点,kubernetes的许多用户都要求kubernetes引入新的运行时。因为在kubernetes 1.5中引入了CRI。有了CRI,kubrentes不需要重新编译,就可以支持多种容器运行时。CRI本质上只是一种抽象的软件协议,它定义了kubrentes与容器运行时之间的接口。
2. CRI框架
CRI规定了kubelet与容器运行时之间的接口,kubelet通过unix套接字与容器运行时进行通信,为了高性能,通信必须使用grpc协议。因此kubelet是作为客户端,而CRI则作为服务器端接受请求。CRI包括了CRI shim和容器运行时,CRI shim就是接受请求的服务器端,cri shim接受到请求后,再去调用容器运行时创建容器。如下图所示
grpc使用protocol buffers进行序列化。CRI主要规定了两类接口,即ImageService和RuntimeService,ImageService提供Pull、查看、删除镜像的RPC接口。而RuntimeSerivce主要包括容器和Pod生命周期管理的RPC接口
type ImageManagerService interface {
// ListImages lists the existing images.
ListImages(filter *runtimeapi.ImageFilter) ([]*runtimeapi.Image, error)
// ImageStatus returns the status of the image.
ImageStatus(image *runtimeapi.ImageSpec) (*runtimeapi.Image, error)
// PullImage pulls an image with the authentication config.
PullImage(image *runtimeapi.ImageSpec, auth *runtimeapi.AuthConfig) (string, error)
// RemoveImage removes the image.
RemoveImage(image *runtimeapi.ImageSpec) error
// ImageFsInfo returns information of the filesystem that is used to store images.
ImageFsInfo(req *runtimeapi.ImageFsInfoRequest) (*runtimeapi.ImageFsInfoResponse, error)
type RuntimeService interface {
// UpdateRuntimeConfig updates runtime configuration if specified
UpdateRuntimeConfig(runtimeConfig *runtimeapi.RuntimeConfig) error
// Status returns the status of the runtime.
Status() (*runtimeapi.RuntimeStatus, error)
type RuntimeVersioner interface {
// Version returns the runtime name, runtime version and runtime API version
Version(apiVersion string) (*runtimeapi.VersionResponse, error)
type ContainerManager interface {
// CreateContainer creates a new container in specified PodSandbox.
CreateContainer(podSandboxID string, config *runtimeapi.ContainerConfig, sandboxConfig *runtimeapi.PodSandboxConfig) (string, error)
// StartContainer starts the container.
StartContainer(containerID string) error
// StopContainer stops a running container with a grace period (i.e., timeout).
StopContainer(containerID string, timeout int64) error
// RemoveContainer removes the container.
RemoveContainer(containerID string) error
// ListContainers lists all containers by filters.
ListContainers(filter *runtimeapi.ContainerFilter) ([]*runtimeapi.Container, error)
// ContainerStatus returns the status of the container.
ContainerStatus(containerID string) (*runtimeapi.ContainerStatus, error)
// ExecSync executes a command in the container, and returns the stdout output.
// If command exits with a non-zero exit code, an error is returned.
ExecSync(containerID string, cmd []string, timeout time.Duration) (stdout []byte, stderr []byte, err error)
// Exec prepares a streaming endpoint to execute a command in the container, and returns the address.
Exec(*runtimeapi.ExecRequest) (*runtimeapi.ExecResponse, error)
// Attach prepares a streaming endpoint to attach to a running container, and returns the address.
Attach(req *runtimeapi.AttachRequest) (*runtimeapi.AttachResponse, error)
type PodSandboxManager interface {
// RunPodSandbox creates and starts a pod-level sandbox. Runtimes should ensure
// the sandbox is in ready state.
RunPodSandbox(config *runtimeapi.PodSandboxConfig) (string, error)
// StopPodSandbox stops the sandbox. If there are any running containers in the
// sandbox, they should be force terminated.
StopPodSandbox(podSandboxID string) error
// RemovePodSandbox removes the sandbox. If there are running containers in the
// sandbox, they should be forcibly removed.
RemovePodSandbox(podSandboxID string) error
// PodSandboxStatus returns the Status of the PodSandbox.
PodSandboxStatus(podSandboxID string) (*runtimeapi.PodSandboxStatus, error)
// ListPodSandbox returns a list of Sandbox.
ListPodSandbox(filter *runtimeapi.PodSandboxFilter) ([]*runtimeapi.PodSandbox, error)
// PortForward prepares a streaming endpoint to forward ports from a PodSandbox, and returns the address.
PortForward(*runtimeapi.PortForwardRequest) (*runtimeapi.PortForwardResponse, error)
type ContainerStatsManager interface {
// ContainerStats returns stats of the container. If the container does not
// exist, the call returns an error.
ContainerStats(req *runtimeapi.ContainerStatsRequest) (*runtimeapi.ContainerStatsResponse, error)
// ListContainerStats returns stats of all running containers.
ListContainerStats(req *runtimeapi.ListContainerStatsRequest) (*runtimeapi.ListContainerStatsResponse, error)
3. 现有的CRI
- cri-o:OCI运行时
- rktlet:rkt容器运行时
- frakti:基于hypervisor的容器运行时
4. 如何开启
以上就是追寻小鸭子为你收集整理的kubernetes CRI接口的全部内容,希望文章能够帮你解决kubernetes CRI接口所遇到的程序开发问题。
发表评论 取消回复