{"id":1459,"date":"2024-07-15T01:47:40","date_gmt":"2024-07-14T22:47:40","guid":{"rendered":"https:\/\/computingforgeeks.com\/?p=1459"},"modified":"2024-07-15T01:47:46","modified_gmt":"2024-07-14T22:47:46","slug":"install-cri-o-container-runtime-on-debian-linux","status":"publish","type":"post","link":"https:\/\/computingforgeeks.com\/install-cri-o-container-runtime-on-debian-linux\/","title":{"rendered":"Install CRI-O Container Runtime on Debian 12\/11\/10"},"content":{"rendered":"\n

In the year 2017, the Kubernetes project introduced to the public its Container Runtime Interface<\/a> (CRI). CRI is a plugin interface designed to give kubelet (an agent used to start containers and create pods in Kubernetes cluster) the ability to use different OCI-compliant container runtimes, without modifications on Kubernetes code. The CRI-O<\/a> project, build from the work of Kubernetes CRI, is a lightweight runtime for Kubernetes.<\/p>\n\n\n\n

This short guide has only one intention, to enable you install and use CRI-O Container Runtime on Debian. With CRI-O, you can run containers directly from Kubernetes without a need for any tooling. Provided the container is OCI-compliant, CRI-O will be able to run it. The introduction of CRI significantly reduced the maintenance overhead for the upstream Kubernetes community and all the vendors building solutions on top of the Kubernetes orchestration platform.<\/p>\n\n\n\n

Here is an overview picture on how CRI-O works in Kubernetes ecosystem.<\/p>\n\n\n\n

\"\"
Image source: redhat<\/a><\/figcaption><\/figure>\n\n\n\n

Install CRI-O Container Runtime on Debian<\/h2>\n\n\n\n

Follow the steps provided in this guide to have a working setup of <\/meta>CRI-O Container Runtime on Debian Linux.<\/p>\n\n\n\n

Step 1: Update Debian System<\/h3>\n\n\n\n

We always start our installations by updating and upgrading the system.<\/p>\n\n\n\n

sudo apt update && sudo apt -y upgrade<\/code><\/pre>\n\n\n\n
If the upgrade completes without errors, reboot the system before adding CRI-O APT repository to the system.<\/p>\n\n\n\n
sudo reboot<\/code><\/pre>\n\n\n\n
Step 2: Add CRI-O repository<\/h3>\n\n\n\n
Since the scope for CRI-O is to work with Kubernetes in management and running OCI containers, it is recommended to install the version of CRI-O matching your Kubernetes release. The project provides some user-facing tools for troubleshooting containers on Kubernetes.<\/p>\n\n\n\n
Check Kubernetes version<\/a>\u00a0and change version.<\/a><\/p>\n\n\n\n
KUBERNETES_VERSION=v1.30\nCRIO_VERSION=v1.30<\/code><\/pre>\n\n\n\n
Adding CRI-O repository on Debian:<\/p>\n\n\n\n
echo \"deb [signed-by=\/etc\/apt\/keyrings\/cri-o-apt-keyring.gpg] https:\/\/pkgs.k8s.io\/addons:\/cri-o:\/stable:\/$CRIO_VERSION\/deb\/ \/\" |\n    tee \/etc\/apt\/sources.list.d\/cri-o.list<\/code><\/pre>\n\n\n\n
Import GPG key used in packages signing after repository has been added to the system.<\/p>\n\n\n\n
curl -fsSL https:\/\/pkgs.k8s.io\/addons:\/cri-o:\/stable:\/$CRIO_VERSION\/deb\/Release.key |\n    gpg --dearmor -o \/etc\/apt\/keyrings\/cri-o-apt-keyring.gpg<\/code><\/pre>\n\n\n\n
Test if repo is working <\/p>\n\n\n\n
sudo apt update<\/code><\/pre>\n\n\n\n
Step 3: Install CRI-O on <\/meta>Debian<\/h3>\n\n\n\n
Install <\/meta>CRI-O on <\/meta>Debian using the commands below:<\/p>\n\n\n\n
sudo apt install cri-o<\/code><\/pre>\n\n\n\n
Accept installation prompt with y <\/strong>key.<\/p>\n\n\n\n
Confirm version installed:<\/p>\n\n\n\n
$ apt show cri-o<\/mark>\nPackage: cri-o\nVersion: 1.30.3-1.1\nPriority: optional\nSection: admin\nMaintainer: Kubernetes Authors <dev@kubernetes.io>\nInstalled-Size: 73.9 MB\nPre-Depends: systemd\nDepends: systemd-sysv,systemd,iptables\nRecommends: kubernetes-cni\nHomepage: https:\/\/kubernetes.io\nDownload-Size: 19.3 MB\nAPT-Manual-Installed: yes\nAPT-Sources: https:\/\/pkgs.k8s.io\/addons:\/cri-o:\/stable:\/v1.30\/deb  Packages\n..<\/code><\/pre>\n\n\n\n
Now that CRI-O is installed on our Debian system, let’s proceed to start the daemon service.<\/p>\n\n\n\n
sudo systemctl start crio.service<\/code><\/pre>\n\n\n\n
Service has to be enabled for automatic start when the system is rebooted.<\/p>\n\n\n\n
$ sudo systemctl enable crio.service<\/span>\nCreated symlink \/etc\/systemd\/system\/cri-o.service \u2192 \/lib\/systemd\/system\/crio.service.\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/crio.service \u2192 \/lib\/systemd\/system\/crio.service.<\/code><\/pre>\n\n\n\n
Service status checking:<\/p>\n\n\n\n
$ systemctl status crio<\/span>\n\u25cf<\/mark> crio.service - Container Runtime Interface for OCI (CRI-O)\n     Loaded: loaded (\/lib\/systemd\/system\/crio.service; enabled; preset: enabled)\n     Active: active (running)<\/mark> since Thu 2024-07-11 23:25:39 UTC; 8s ago\n       Docs: https:\/\/github.com\/cri-o\/cri-o\n   Main PID: 1628 (crio)\n      Tasks: 8\n     Memory: 14.0M\n        CPU: 195ms\n     CGroup: \/system.slice\/crio.service\n             \u2514\u25001628 \/usr\/bin\/crio\n\nJul 11 23:25:39 deb12 crio[1628]: time=\"2024-07-11 23:25:39.852658644Z\" level=info msg=\"Restore irqbalance config: failed to get current CPU ban list, ignoring\"\nJul 11 23:25:39 deb12 crio[1628]: time=\"2024-07-11 23:25:39.878133563Z\" level=warning msg=\"Error encountered when checking whether cri-o should wipe containers: open \/var\/run\/crio\/version: no such >\nJul 11 23:25:39 deb12 crio[1628]: time=\"2024-07-11 23:25:39.878800355Z\" level=info msg=\"Registered SIGHUP reload watcher\"\nJul 11 23:25:39 deb12 crio[1628]: time=\"2024-07-11 23:25:39.878843428Z\" level=info msg=\"Starting seccomp notifier watcher\"\nJul 11 23:25:39 deb12 crio[1628]: time=\"2024-07-11 23:25:39.878928453Z\" level=info msg=\"Create NRI interface\"\nJul 11 23:25:39 deb12 crio[1628]: time=\"2024-07-11 23:25:39.879168526Z\" level=info msg=\"runtime interface created\"\nJul 11 23:25:39 deb12 crio[1628]: time=\"2024-07-11 23:25:39.879213717Z\" level=info msg=\"Registered domain \\\"k8s.io\\\" with NRI\"\nJul 11 23:25:39 deb12 crio[1628]: time=\"2024-07-11 23:25:39.879235698Z\" level=info msg=\"runtime interface starting up...\"\nJul 11 23:25:39 deb12 crio[1628]: time=\"2024-07-11 23:25:39.879256992Z\" level=info msg=\"starting plugins...\"\nJul 11 23:25:39 deb12 systemd[1]: Started crio.service - Container Runtime Interface for OCI (CRI-O).<\/code><\/pre>\n\n\n\n
Install crictl<\/a>.<\/p>\n\n\n\n
VERSION=$(curl -s https:\/\/api.github.com\/repos\/kubernetes-sigs\/cri-tools\/releases\/latest | grep -oP '\"tag_name\": \"\\K(.*)(?=\")')\ncurl -L https:\/\/github.com\/kubernetes-sigs\/cri-tools\/releases\/download\/$VERSION\/crictl-${VERSION}-linux-amd64.tar.gz --output crictl-${VERSION}-linux-amd64.tar.gz\nsudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C \/usr\/local\/bin\nsudo chmod +x \/usr\/local\/bin\/crictl\nrm -f crictl-$VERSION-linux-amd64.tar.gz<\/code><\/pre>\n\n\n\n
Step 4: Using CRI-O on Debian<\/h3>\n\n\n\n
As stated earlier, CRI-O is intended for use with Kubernetes as container runtime that kubelet speaks to in fulfilling the creation, deletion and general lifecycle management of containers.<\/p>\n\n\n\n
Check existence of crictl<\/em> command:<\/p>\n\n\n\n
$ sudo crictl info<\/span>\n{\n  \"status\": {\n    \"conditions\": [\n      {\n        \"type\": \"RuntimeReady\",\n        \"status\": true,\n        \"reason\": \"\",\n        \"message\": \"\"\n      },\n      {\n        \"type\": \"NetworkReady\",\n        \"status\": false,\n        \"reason\": \"NetworkPluginNotReady\",\n        \"message\": \"Network plugin returns error: no CNI configuration file in \/etc\/cni\/net.d\/. Has your network provider started?\"\n      }\n    ]\n  },\n  \"runtimeHandlers\": [\n    {\n      \"name\": \"runc\",\n      \"features\": {\n        \"recursive_read_only_mounts\": true\n      }\n    },\n    {\n      \"name\": \"crun\",\n      \"features\": {\n        \"recursive_read_only_mounts\": true,\n        \"user_namespaces\": true\n      }\n    },\n    {\n      \"features\": {\n        \"recursive_read_only_mounts\": true,\n        \"user_namespaces\": true\n      }\n    }\n  ],\n  \"config\": {\n    \"sandboxImage\": \"registry.k8s.io\/pause:3.9\"\n  }\n}<\/code><\/pre>\n\n\n\n
We can pull a test image using crictl command:<\/p>\n\n\n\n
$ sudo crictl pull hello-world<\/span>\nImage is up to date for docker.io\/library\/hello-world@sha256:1408fec50309afee38f3535383f5b09419e6dc0925bc69891e79d84cc4cdcec6\n\n$ sudo crictl pull busybox<\/span>\nImage is up to date for docker.io\/library\/busybox@sha256:50e44504ea4f19f141118a8a8868e6c5bb9856efa33f2183f5ccea7ac62aacc9<\/code><\/pre>\n\n\n\n
List available images:<\/p>\n\n\n\n
$ sudo crictl images<\/span>\nIMAGE                           TAG                 IMAGE ID            SIZE\ndocker.io\/library\/busybox       latest              ffe9d497c3241       1.46MB\ndocker.io\/library\/hello-world   latest              feb5d9fea6a5e       19.9kB<\/code><\/pre>\n\n\n\n
Your next task is deployment of Kubernetes on Debian Linux system using CRI-O runtime.<\/p>\n\n\n\n
We have more guides on Kubernetes administration, some are shared in the links below:<\/p>\n\n\n\n