Kubernetes container runtime cri-o has made the jump to version 1.21, which sees the project used in platforms such as OpenShift gain a couple of stability enhancements as well as support for workloads-based container spec customisation.
The latter has been added to offer users a way of defining workloads with specific resource requirements containers can then opt-into by using a corresponding annotation. Said workloads can be set in the config file and need a name, activation_annotation, annotation_prefix, and information on the resources it supports mutating.
There’s currently only support for configuring cpu shares and subsets, so options are slightly limited. However, finding customisations made has become slightly easier since crio config now only displays fields different from the default setup.
Teams that want to make sure their infrastructure containers will run on specific CPUs only have the option of setting new flag infra-ctr-cpuset, starting in cri-o 1.21. The addition is meant to prevent latency-sensitive workloads from running into problems, since cri-o normally uses all online CPUs to run infra containers, which can cause context switches and therefore spikes in latency.
Monitoring has also progressed a bit, since v1.21 comes fitted with new metrics container_runtime_crio_containers_oom_total and container_runtime_crio_containers_oom, which should help with getting a better grasp of the number of containers running into out of memory states.
Cri-o’s command line interface has learned the new option –registries-conf-dir to let teams replace the default user or system paths registries.conf.d(5) uses with a custom directory path. There’s now also an option to override cgroup v2 unified configuration with the io.kubernetes.cri-o.UnifiedCgroup.$CTR_NAME annotation.
Other useful changes ensure port-forwarding also works for IPv6 only pods, that cri-o can handle seccomp security profiles, and the addition of ways to configure and use short-name aliases. Details on bug fixes that made it into the release can be found in the project’s release notes.