On October 7, 2020, the contents of this repo were merged into the
For example, the source code previously stored under
was moved to
Pull requests are no longer accepted in the master branch of this repo.
Bug-fix PRs for
release/1.4 branches are still accepted in this repo.
However, the master branch for
containerd/cri integration work is now located in the
and as such new commits should be merged there.
This repo will be archived after the EOL of containerd 1.4.
cri is a native plugin of containerd 1.1 and above. It is built into containerd and enabled by default.
cri is in GA:
- It is feature complete.
- It (the GA version) works with Kubernetes 1.10 and above.
- It has passed all CRI validation tests.
- It has passed all node e2e tests.
- It has passed all e2e tests.
See test dashboard
|CRI-Containerd Version||Containerd Version||Kubernetes Version||CRI Version|
Note: The support table above specifies the Kubernetes Version that was supported at time of release of the containerd - cri integration.
The following is the current support table for containerd CRI integration taking into account that Kubernetes only supports n-3 minor release versions.
|Containerd Version||Kubernetes Version||CRI Version|
For a production quality cluster on GCE brought up with
kube-up.sh refer here.
For a multi node cluster installer and bring up steps using ansible and kubeadm refer here.
For non ansible users, you can download the
cri-containerd release tarball and deploy
kubernetes cluster using kubeadm as described here.
The current release of the
cri plugin has the following dependencies:
See versions of these dependencies
cri is tested with.
As containerd and runc move to their respective general availability releases,
we will do our best to rebase/retest
cri with these releases on a
weekly/monthly basis. Similarly, given that
cri uses the Open
Container Initiative (OCI) image
and runtime specifications, we
will also do our best to update
cri to the latest releases of these
specifications as appropriate.
- Install development libraries:
- libseccomp development library. Required by
criand runc seccomp support.
libseccomp-dev(Ubuntu, Debian) /
libseccomp-devel(Fedora, CentOS, RHEL). On releases of Ubuntu <=Trusty and Debian <=jessie a backport version of
libseccomp-devis required. See travis.yml for an example on trusty.
- btrfs development library. Required by containerd btrfs support.
btrfs-tools(Ubuntu, Debian) /
btrfs-progs-devel(Fedora, CentOS, RHEL)
pkg-config(required for linking with
- Install and setup a Go 1.15.14 development environment.
- Make a local clone of this repository.
- Install binary dependencies by running the following command from your cloned
# Note: install.deps installs the above mentioned runc, containerd, and CNI # binary dependencies. install.deps is only provided for general use and ease of # testing. To customize `runc` and `containerd` build tags and/or to configure # `cni`, please follow instructions in their documents. make install.deps
To build and install a version of containerd with the
cri plugin, enter the
following commands from your
cri project directory:
make sudo make install
NOTE: The version of containerd built and installed from the
Makefile is only for
testing purposes. The version tag carries the suffix "-TEST".
cri supports optional build tags for compiling support of various features.
To add build tags to the make option the
BUILD_TAGS variable must be set.
make BUILD_TAGS='seccomp apparmor selinux'
|seccomp||syscall filtering||libseccomp development library|
|selinux||selinux process and mount labeling|
|apparmor||apparmor profile support|
A Kubernetes incubator project called cri-tools
includes programs for exercising CRI implementations such as the
More importantly, cri-tools includes the program
critest which is used for running
CRI Validation Testing.
Run the CRI Validation test to validate your installation of
cri built in:
If you already have a working development environment for supported Kubernetes
version, you can try
cri in a local cluster:
- Start the version of
criplugin that you built and installed above as root in a first terminal:
- From the Kubernetes project directory startup a local cluster using
CONTAINER_RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT='unix:///run/containerd/containerd.sock' ./hack/local-up-cluster.sh
See here for information about test.
See here for information about using
crictl to debug
pods, containers, and images.
See here for additional documentation.
For async communication and long running discussions please use issues and pull requests on this github repo. This will be the best place to discuss design and implementation.
For sync communication we have a community slack with a #containerd channel that everyone is welcome to join and chat about development.
Slack: Catch us in the #containerd and #containerd-dev channels on dockercommunity.slack.com. Click here for an invite to docker community slack.
As this project is tightly coupled to CRI and CRI-Tools and they are Kubernetes
projects, some of our project communications take place in the Kubernetes' SIG:
For more information about
CRI, and the
- sig-node community site
#sig-nodechannel in Kubernetes (kubernetes.slack.com)
- Mailing List: https://groups.google.com/forum/#!forum/kubernetes-sig-node
If you are reporting a security issue, please reach out discreetly at firstname.lastname@example.org.
The containerd codebase is released under the Apache 2.0 license. The README.md file, and files in the "docs" folder are licensed under the Creative Commons Attribution 4.0 International License under the terms and conditions set forth in the file "LICENSE.docs". You may obtain a duplicate copy of the same license, titled CC-BY-4.0, at http://creativecommons.org/licenses/by/4.0/.
cri is a containerd sub-project. This project was originally established in April of 2017 in the Kubernetes Incubator program. After reaching the Beta stage, In January of 2018, the project was merged into containerd. As a containerd sub-project, you will find the:
information in our