In this blog post, we will learn how to install CRI-O on RHEL 10 step by step and understand how to run a Pod and container using CRI-O.
CRI-O is a lightweight, OCI-compliant container runtime built exclusively for Kubernetes. It is designed to work natively with Kubernetes and provides only the features required by the Kubernetes Container Runtime Interface (CRI), making it efficient and production-ready.
With Docker no longer being the default runtime for Kubernetes, CRI-O has become a popular and recommended alternative. If you are running Kubernetes on RHEL 10, CRI-O is an excellent choice for a clean, Kubernetes-native container runtime.
Prerequisites
- A Running RHEL 10 System
- Local User with Sudo access
- Active Red Hat subscription (or valid developer subscription)
- Internet connectivity
Note: CRI-O versions must always match the Kubernetes minor version.
Without any further delay, let’s jump into the CRI-O installation steps on RHEL 10.
1 ) Add CRI-O Repository
RHEL does not ship CRI-O by default, so you need to add the upstream repository.
First export the CRIO version variable,
$ CRIO_VERSION=v1.34
Next create the crio.repo file using following command.
cat <<EOF | sudo tee /etc/yum.repos.d/cri-o.repo [cri-o] name=CRI-O baseurl=https://download.opensuse.org/repositories/isv:/cri-o:/stable:/$CRIO_VERSION/rpm/ enabled=1 gpgcheck=1 gpgkey=https://download.opensuse.org/repositories/isv:/cri-o:/stable:/$CRIO_VERSION/rpm/repodata/repomd.xml.key EOF
2) Set SELinux to Permissive Mode
Run the following commands,
$ sudo setenforce 0 $ sudo sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
3) Install CRI-O on RHEL 10
As we have already setup the crio repository, so we are good to install crio installation, run the following dnf command.
$ sudo dnf install cri-o -y
Once installed, start the crio service, run
$ sudo systemctl start crio && sudo systemctl enable crio
Verify the crio service
$ sudo systemctl status crio
4) Install CNI Plugins for CRI-O
In this step, we will install CNI and plugins. These plugins are needed for networking foundation that allow crio to create and manage pod networks.
Run the following set of commands.
$ CNI_VERSION="v1.6.0"
$ ARCH="amd64"
$ curl -LO "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz"
Next create required folder (/opt/cni/bin/) and extract it using tar command.
$ sudo mkdir -p /opt/cni/bin
$ sudo tar -C /opt/cni/bin -xzf cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz
Move crio bridge conflist file using following mv command.
$ sudo mv /etc/cni/net.d/10-crio-bridge.conflist.disabled /etc/cni/net.d/10-crio-bridge.conflist
Restart the ciro service to make above changes into the effect.
$ sudo systemctl restart crio
5) Install CRI-O tools
Additionally, you must install the cri-tools package, which provides the crictl command-line utility. The crictl tool is essential for inspecting, managing, and troubleshooting pods and containers when working with CRI-O.
For a smooth and error-free setup, always ensure that the crictl version matches your CRI-O version, as version mismatches can lead to unexpected behavior and compatibility issues.
Execute the following set of commands:
$ export VERSION="v1.34.0" $ wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz $ sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin $ sudo cp /usr/local/bin/crictl /usr/bin/
Verify the crictl version
$ sudo crictl --runtime-endpoint unix:///var/run/crio/crio.sock version $ crictl --version
Also verify the output of crictl info command output, Runtime and Network should be in Ready State.
$ sudo crictl info | tail -20
On RHEL 10, CRI-O sandbox creation can fail due to systemd eBPF device filtering. The fix is to disable enable_devices in /etc/crio/crio.conf.d/.
$ sudo vi /etc/crio/crio.conf.d/99-disable-ebpf.conf [crio.runtime] enable_devices = false
save and close the file.
After that restart crio service
$ sudo systemctl restart crio
6) Test CRIO Installation
In order to test CRIO installation, we will spin up nginx pod. Create the pod configuration file with following content
$ vi nginx-pod.json
{
"metadata": {
"name": "nginx-pod",
"namespace": "default",
"attempt": 1,
"uid": "nginx-pod-uid"
},
"linux": {}
}
Create the pod sandbox:
$ POD_ID=$(sudo crictl runp nginx-pod.json)
Check Pod status, run
$ sudo crictl pods
Next, create the container config file:
$ vi nginx-container.json
Add following
{
"metadata": {
"name": "nginx"
},
"image": {
"image": "docker.io/library/nginx:latest"
},
"log_path": "nginx.log",
"linux": {
"security_context": {
"privileged": false
}
},
"port_mappings": [
{
"container_port": 80,
"protocol": "TCP"
}
]
}
Save and close the file.
Now, create the container inside the pod, run
$ CONTAINER_ID=$(sudo crictl create --with-pull $POD_ID nginx-container.json nginx-pod.json)
Next, start the container, run
$ sudo crictl start $CONTAINER_ID
Verify the container status
$ sudo crictl ps
Output above confirms that nginx container started successfully inside the pod.
View the container logs, run
$ sudo crictl logs $CONTAINER_ID
Get the pod IP address and try to access application, run the following command
$ sudo crictl inspectp --output table 21a38e73e0f7f | head
Now, run curl command.
$ curl -I 10.85.0.2
Great, output above confirms that we can reach nginx based application.
To clean up the Pod and container, run following commands.
$ sudo crictl stop $CONTAINER_ID $ sudo crictl rm $CONTAINER_ID $ sudo crictl stopp $POD_ID $ sudo crictl rmp $POD_ID
That’s all from this post, I hope you have found it informative and useful, feel free to post your feedback and comments in the below comments section.
Source link