Cri-o genesis: Project bumps version up to 1.21, adds more customisation to the mix

By Julia Schmidt
-
Cri-o genesis: Project bumps version up to 1.21, adds more customisation to the mix

Kubernetes container runtime cri-o has made the jump to version 1.21, which sees the project used in platforms such as OpenShift gain a couple of stability enhancements as well as support for workloads-based container spec customisation. 

The latter has been added to offer users a way of defining workloads with specific resource requirements containers can then opt-into by using a corresponding annotation. Said workloads can be set in the config file and need a name, activation_annotation, annotation_prefix, and information on the resources it supports mutating. 

There’s currently only support for configuring cpu shares and subsets, so options are slightly limited. However, finding customisations made has become slightly easier since crio config now only displays fields different from the default setup.

Teams that want to make sure their infrastructure containers will run on specific CPUs only have the option of setting new flag infra-ctr-cpuset, starting in cri-o 1.21. The addition is meant to prevent latency-sensitive workloads from running into problems, since cri-o normally uses all online CPUs to run infra containers, which can cause context switches and therefore spikes in latency.

Monitoring has also progressed a bit, since v1.21 comes fitted with new metrics container_runtime_crio_containers_oom_total and container_runtime_crio_containers_oom, which should help with getting a better grasp of the number of containers running into out of memory states.

Cri-o’s command line interface has learned the new option –registries-conf-dir to let teams replace the default user or system paths registries.conf.d(5) uses with a custom directory path. There’s now also an option to override cgroup v2 unified configuration with the io.kubernetes.cri-o.UnifiedCgroup.$CTR_NAME annotation.

Other useful changes ensure port-forwarding also works for IPv6 only pods, that cri-o can handle seccomp security profiles, and the addition of ways to configure and use short-name aliases. Details on bug fixes that made it into the release can be found in the project’s release notes.

Podman 5.0 released with native Mac hypervisor support, new features and breaking changes
Fermyon promises over 5000 WebAssembly applications on one Kubernetes node via new platform
From Docker to Dagger: Solomon Hykes on modernisation of the DevOps pipeline
Kubecost 2.0 released as reports show persistent Kubernetes over-provisioning
Docker introduces Build Cloud for accelerated local development
Virtual Kubernetes lands on the Fly.io platform but there are compromises
Docker buys AtomicJar to integrate container-based test automation
Interview: Not much on Kubernetes at AWS re:Invent? More than it seemed, VP tells us
Ubuntu chiselled containers arrive for .NET – smaller, more secure, but beware 'sharp edges'
Microsoft releases .NET 8 with preview of Aspire cloud-ready stack to 'simplify cloud app complexity...
Docker introduces 'seems like magic' container debug tool and cloud-driven build service
Fermyon previews new spin on Serverless AI via Wasm