kubernetes/cri-api kubernetes/cri-api

  • Stars
    star
    376
  • Rank 113,810 (Top 3 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 5 years ago
  • Updated 4 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
kubernetes/cri-api
github

kubernetes

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Container Runtime Interface (CRI) – a plugin interface which enables kubelet to use a wide variety of container runtimes.

Purpose

This repository contains the definitions for the Container Runtime Interface (CRI). CRI is a plugin interface which enables kubelet to use a wide variety of container runtimes, without the need to recompile. CRI consists of a protocol buffers and gRPC API. Read more about CRI API at kubernetes docs.

The repository kubernetes/cri-api is a mirror of https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/cri-api. Please do not file issues or submit PRs against the kubernetes/cri-api repository as it is readonly, all development is done in kubernetes/kubernetes.

The CRI API is defined in kubernetes/kubernetes repository and is only intended to be used for kubelet to container runtime interactions, or for node-level troubleshooting using a tool such as crictl. It is not a common purpose container runtime API for general use, and is intended to be Kubernetes-centric. We try to avoid it, but there may be logic within a container runtime that optimizes for the order or specific parameters of call(s) that the kubelet makes.

Version skew policy

On a single Node there may be installed multiple components implementing different versions of CRI API.

For example, on a single node there might be:

  • Kubelet may call into Container Runtime (e.g. containerd) and Image Service Proxy (e.g. stargz-snapshotter). Container Runtime may be versioned with the OS Image, Kubelet is installed by system administrator and Image Service proxy is versioned by the third party vendor.
  • Image Service Proxy calls into Container Runtime.
  • CRI tools (e.g. crictl) may be installed by end user to troubleshoot, same as a third party daemonsets. All of them are used to call into the Container Runtime to collect container information.

So on a single node it may happen that Container Runtime is serving a newer version'd kubelet and older versioned crictl. This is a supported scenario within the version skew policy.

Version Skew Policy for CRI API

CRI API has two versions:

  • Major semantic version (known versions are v1alpha2 (removed in 1.26), v1).
  • Kubernetes version (for example: @1.23). Note, the cri-api Golang library is versioned as 0.23 as it doesn't guarantee Go types backward compatibility.

Major semantic version (e.g. v1) is used to introduce breaking changes and major new features that are incompatible with the current API.

Kubernetes version is used to indicate a specific feature set implemented on top of the major semantic version. All changes made without the change of a major semantic version API must be backward and forward compatible.

  • Kubelet must work with the older Container Runtime if it implements the same semantic version of CRI API (e.g. v1) of up to three Kubernetes minor versions back. New features implemented in CRI API must be gracefully degraded. For example, Kubelet of version 1.26 must work with Container Runtime implementing k8s.io/[email protected]+.
  • Kubelet must work with Container Runtime if it implements the same semantic version of CRI API (e.g. v1) of up to three minor versions up. New features implemented in CRI API must not change behavior of old method calls and response values. For example, Kubelet of version 1.22 must work with Container Runtime implementing k8s.io/[email protected].

Versioning

This library contains go classes generated from the CRI API protocol buffers and gRPC API.

The library versioned as 0.XX as Kubernetes doesn't provide any guarantees on backward compatibility of Go wrappers between versions. However CRI API itself (protocol buffers and gRPC API) is marked as stable v1 version and it is backward compatible between versions.

Versions like v0.<minor>.<patch> (e.g. v0.25.5) are considered stable. It is discouraged to introduce CRI API changes in patch releases and recommended to use versions like v0.<minor>.0.

All alpha and beta versions (e.g. k8s.io/[email protected]) should be backward and forward compatible.

Feature development

Some features development requires changes in CRI API and corresponding changes in Container Runtime. Coordinating between Kubernetes branches and release versions and Container Runtime versions is not always trivial.

The recommended feature development flow is following:

  • Review proposed CRI API changes during the KEP review stage. Some field names and types may not be spelled out exactly at this stage.
  • Locally implement a prototype that implement changes in both - Kubernetes and Container Runtime.
  • Submit a Pull Request for Kubernetes implementing CRI API changes alongside the feature code. Feature must be developed to degrade gracefully when used with older Container Runtime according to the Version Skew policy.
  • Once PR is merged, wait for the next Kubernetes release tag being produced. Find the corresponding CRI API tag (e.g. k8s.io/[email protected]).
  • This tag can be used to implement the feature in Container Runtime. It is recommended to switch to the stable tag like (k8s.io/[email protected]) once available.

Change history

Here is the change history of the Container Runtime Interface protocol:

v1.20

git diff v1.19.0 v1.20.0 -- staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto

v1.21

git diff v1.20.0 v1.21.0 -- staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto

No changes

v1.22

git diff v1.21.0 v1.22.0 -- staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto

  • Windows host process support

    • PodSandboxConfig has windows field of type WindowsPodSandboxConfig
    • New type WindowsPodSandboxConfig introduced
    • New type WindowsSandboxSecurityContext introduced
    • The type WindowsContainerSecurityContext has a new host_process boolean field

  • Feature: add unified on CRI to support cgroup v2

  • The type LinuxContainerResources has a new field unified which is a map of strings

  • Alpha node swap support

    • The type LinuxContainerResources has a new memory_swap_limit_in_bytes int64 field

v1.23

git diff v1.22.0 v1.23.0 -- staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto

v1.24

git diff v1.23.0 v1.24.0 -- staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto

v1.25

git diff v1.24.0 v1.25.0 -- staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto

v1.26

git diff v1.25.0 v1.26.0 -- staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto

v1.27

git diff v1.26.0 v1.27.0 -- staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto

v1.28

git diff v1.27.0 v1.28.0 -- staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto

Community, discussion, contribution, and support

Learn how to engage with the Kubernetes community on the community page.

You can reach the maintainers of this repository at:

Code of Conduct

Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.

Contibution Guidelines

See CONTRIBUTING.md for more information. Please note that kubernetes/cri-api is a readonly mirror repository, all development is done at kubernetes/kubernetes.

More Repositories

1

kubernetes

Production-Grade Container Scheduling and Management
Go
109,583
star
2

minikube

Run Kubernetes locally
Go
29,215
star
3

ingress-nginx

Ingress-NGINX Controller for Kubernetes
Go
17,204
star
4

kops

Kubernetes Operations (kOps) - Production Grade k8s Installation, Upgrades and Management
Go
15,806
star
5

dashboard

General-purpose web UI for Kubernetes clusters
Go
14,250
star
6

community

Kubernetes community content
Jupyter Notebook
11,899
star
7

kompose

Convert Compose to Kubernetes
Go
9,453
star
8

client-go

Go client for Kubernetes.
Go
8,908
star
9

autoscaler

Autoscaling components for Kubernetes
Go
8,043
star
10

examples

Kubernetes application example tutorials
Shell
6,148
star
11

kube-state-metrics

Add-on agent to generate and expose cluster-level metrics.
Go
5,313
star
12

website

Kubernetes website and documentation repo:
HTML
4,437
star
13

test-infra

Test infrastructure for the Kubernetes project.
Go
3,817
star
14

kubeadm

Aggregator for issues filed against kubeadm
Go
3,728
star
15

enhancements

Enhancements tracking repo for Kubernetes
Go
3,380
star
16

sample-controller

Repository for sample controller. Complements sample-apiserver
Go
3,129
star
17

node-problem-detector

This is a place for various problem detectors running on the Kubernetes nodes.
Go
2,892
star
18

kubectl

Issue tracker and mirror of kubectl code
Go
2,811
star
19

git-sync

A sidecar app which clones a git repo and keeps it in sync with the upstream.
Shell
2,209
star
20

code-generator

Generators for kube-like API types
Go
1,692
star
21

ingress-gce

Ingress controller for Google Cloud
Go
1,269
star
22

dns

Kubernetes DNS service
Go
911
star
23

perf-tests

Performance tests and benchmarks
Go
883
star
24

apimachinery

Go
817
star
25

k8s.io

Code and configuration to manage Kubernetes project infrastructure, including various *.k8s.io sites
HCL
701
star
26

api

The canonical location of the Kubernetes API definition.
Go
647
star
27

apiserver

Library for writing a Kubernetes-style API server.
Go
644
star
28

cloud-provider-openstack

Go
612
star
29

gengo

gengo library for code generation.
Go
548
star
30

sig-release

Repo for SIG release
Shell
534
star
31

sample-apiserver

Reference implementation of an apiserver for a custom Kubernetes API.
Go
527
star
32

metrics

Kubernetes metrics-related API types and clients
Go
489
star
33

release

Release infrastructure for Kubernetes and related components
Go
484
star
34

design-proposals-archive

Archive of Kubernetes Design Proposals
Makefile
478
star
35

registry.k8s.io

This project is the repo for registry.k8s.io, the production OCI registry service for Kubernetes' container image artifacts
Go
385
star
36

cloud-provider-aws

Cloud provider for AWS
Go
382
star
37

cloud-provider-alibaba-cloud

CloudProvider for Alibaba Cloud
Go
358
star
38

utils

Non-Kubernetes-specific utility libraries which are consumed by multiple projects.
Go
326
star
39

kube-openapi

Kubernetes OpenAPI spec generation & serving
Go
315
star
40

kubelet

kubelet component configs
Go
307
star
41

sample-cli-plugin

Sample kubectl plugin
Go
285
star
42

cli-runtime

Set of helpers for creating kubectl commands and plugins.
Go
282
star
43

kube-aggregator

Aggregator for Kubernetes-style API servers: dynamic registration, discovery summarization, secure proxy
Go
249
star
44

cloud-provider

cloud-provider defines the shared interfaces which Kubernetes cloud providers implement. These interfaces allow various controllers to integrate with any cloud provider in a pluggable fashion. Also serves as an issue tracker for SIG Cloud Provider.
Go
243
star
45

org

Meta configuration for Kubernetes Github Org
Go
242
star
46

cloud-provider-vsphere

Kubernetes Cloud Provider for vSphere https://cloud-provider-vsphere.sigs.k8s.io
Go
238
star
47

apiextensions-apiserver

API server for API extensions like CustomResourceDefinitions
Go
231
star
48

kubernetes-template-project

A template for starting new projects on the github.com/kubernetes organization
188
star
49

kube-proxy

kube-proxy component configs
Go
178
star
50

sig-security

Process documentation, non-code deliverables, and miscellaneous artifacts of Kubernetes SIG Security
Python
166
star
51

committee-security-response

Kubernetes Security Process and Security Committee docs
Python
163
star
52

kube-scheduler

kube-scheduler component configs
Go
162
star
53

cloud-provider-gcp

cloud-provider-gcp contains several projects used to run Kubernetes in Google Cloud
Go
115
star
54

component-base

Shared code for kubernetes core components
Go
106
star
55

repo-infra

Kubernetes repository infrastucture tools
Starlark
97
star
56

pod-security-admission

Kubernetes Pod Security Standards implementation - https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/2579-psp-replacement/README.md
Go
97
star
57

kube-controller-manager

kube-controller-manager component configs
Go
88
star
58

steering

The Kubernetes Steering Committee
83
star
59

publishing-bot

Code behind the robot to publish from staging to real repositories.
Go
82
star
60

controller-manager

This repo is intended to contain common public library code for kube-controller-manager, cloud-controller-manager as well as any other controller managers which people build.
Go
68
star
61

contributor-site

Code for kubernetes.dev
HTML
66
star
62

mount-utils

Package mount defines an interface to mounting filesystems.
Go
56
star
63

legacy-cloud-providers

This repository hosts the legacy in-tree cloud providers. Out-of-tree cloud providers can consume packages in this repo to support legacy implementations of their Kubernetes cloud provider.
Go
51
star
64

system-validators

A set of system-oriented validators for kubeadm preflight checks.
Go
34
star
65

cluster-bootstrap

Go
31
star
66

dynamic-resource-allocation

Go
23
star
67

cloud-provider-sample

Sample of how to build a cloud provider repo. This will build a Kubernetes image which deploys on bare metal. It uses the fake cloud provider. It consumes the K8s/K8s build artifact and adds to it the Cloud Controller Manager and CSI Daemon Set.
21
star
68

kms

Kubernetes KMS implementation
Go
18
star
69

node-api

Go
14
star
70

component-helpers

High-level helpers for Kubernetes components
Go
13
star
71

csi-translation-lib

Staging repo for CSI Migration/Translation libraries
Go
12
star
72

cel-admission-webhook

Go
11
star
73

endpointslice

Go
6
star
74

sig-testing

Home for SIG Testing discussion and documents.
6
star
75

cri-client

Container Runtime Interface client implementation
Go
3
star
76

.github

Default files for all repos in the Kubernetes GitHub org
1
star