提供: ArchWiki
2021年5月18日 (火) 13:49時点におけるKusanaginoturugi (トーク | 投稿記録)による版 (英語版より転載)
(差分) ← 古い版 | 最新版 (差分) | 新しい版 → (差分)
ナビゲーションに移動 検索に移動

CRI-O is an OCI-based implementation of the Kubernetes Container Runtime Interface.

As such it is one of the container runtimes that can be used with a node of a Kubernetes cluster.


Install the cri-o package.

The package will set the system up to load the overlay and br_netfilter modules and set the following sysctl options:

 net.bridge.bridge-nf-call-iptables = 1
 net.bridge.bridge-nf-call-ip6tables = 1
 net.ipv4.ip_forward = 1

To use CRI-O without a reboot make sure to load the modules and configure the sysctl values accordingly.


CRI-O is configured via /etc/crio/crio.conf or via drop-in configuration files in /etc/crio/crio.conf.d/.


CRI-O can make use of container networking as provided by cni-plugins.

Copy one of the examples from /usr/share/doc/cri-o/examples/cni/ to /etc/cni/net.d and modify it as needed.

警告: The cri-o package installs the 10-crio-bridge.conf and 99-loopback.conf examples to /etc/cni/net.d by default (as 100-crio-bridge.conf and 199-crio-loopback.conf respectively). This may conflict with Kubernetes cluster network fabrics (weave, flannel, calico, etc) and require manual deletion to resolve this (e.g. #2411 #2885).


By default CRI-O makes use of the overlay driver as its storage_driver for the container storage in /var/lib/containers/storage/. However, it can also be configured to use btrfs or ZFS natively by changing the driver in /etc/containers/storage:

 sed -i 's/driver = ""/driver = "btrfs"/' /etc/containers/storage.conf


Start and enable the crio.service systemd unit.


Use crio-status like this:

 # crio-status info
 cgroup driver: systemd
 storage driver: vfs
 storage root: /var/lib/containers/storage
 default GID mappings (format <container>:<host>:<size>):
 default UID mappings (format <container>:<host>:<size>):


 # crio-status config

Now Install the crictl package, and see e.g. or, or simply:

 source <(crictl completion bash)
 crictl pull
 crictl pull
 crictl images
 curl -O
 curl -O
 crictl run container-config.yaml podsandbox-config.yaml
 crictl logs $(crictl ps --last 1 --output yaml | yq -r .containers[0].id)
 crictl exec -it $(crictl ps --last 1 --output yaml | yq -r .containers[0].id) /bin/sh
 crictl rm -af
 crictl rmp -af

Note how Docker Hub is not hard-coded, so specify container registry explicitly. (See also

See also