What Does CRI-O Graduation Mean For Users | Interview With Peter Hunt The Cloud Native Computing Foundation (CNCF) recently announced the graduation of CRI-O, the Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. In this episode of TFiR: Newsroom, Peter Hunt, CRI-O maintainer and Senior Software Engineer at Red Hat, talks about the project, from its roots in Red Hat to its graduation from CNCF, and where it’s headed now.
Transcript
And today we have with us Peter Hunt, maintainer of the Cryo project. Peter State to have you on the show. Hello. Yes, thank you for having me. Yeah. And as we all know, CNCF has announced the graduation of the Cryo project after a long, you know, it's I think the project was created back in 2016. It was contributed to CNBC in 2019. We'll talk about that. But what I want to talk about is first of all congratulations and 2nd is that can you talk about the idea behind prior project? Wire it had created because back in those when Docker container, they were like kind of a dominant player and you know a lot of things were done like OC I was created to overcome some challenges. So talk about just walk us through history because we tend to forget it totally yeah and it's a deep history too. So you know as we all know it all started with Docker in the beginning of 2014 ish. You know when it and you know around the beginning of Kubernetes as well Doctor was built into Kubernetes through the docker Shim and the cubelet spoke directly with. Soccer At the time, Red Hat was also contributing to Docker. Basically, their container strategy saw the promise of Docker and Kubernetes and jumped on it early. That right at the beginning there were some challenges, some like differing opinions in the way that tools should be specialized in the container ecosystem. So. While Docker, you know act comprises a bunch of different projects, the Docker server and the Docker client you know and also has a bunch of different use cases that it's for the. End user who is debugging their containers all the way to, you know, a cluster admin who's you know, deploying containers in production. And Red Hat early on thought that it might be useful to break apart those kinds of use cases and have separate projects for each of them. All the while also a lot of red hats priorities were, you know, in supporting Kubernetes and in supporting, you know, production containers in a way that's secure and reliable as possible. And so Red Hat began a set of projects which don't really have a great umbrella name, but include you begin with Scorpio, which is just for moving images between registries. And then Cryo came next, which kind of took. Some of that work that Scorpio had begun and then also built, you know extended it to being able to run containers in production specifically for Kubernetes. Eventually the Podman and build projects were begun as well that are for running the deploying containers and single nodes or in. Building containers and each of these projects like ultimately fulfill the same scope that Docker does still today. But by breaking them up, they can each specialize and have different configurations by default to sort of specialize to their individual needs. So that was a lot of the motivation for the beginning of the Crowd project. It also conveniently was able to fix a couple of the other, you know, small little knits that the, you know, Red Hat, you know, people, the engineers that began the project had with the way that Docker interacted with the community ecosystem. Version matching was kind of a challenge figuring out which version of the Docker server was compatible with which version of the cubes cubelet client for it. So Cryo kind of fixed that by Virgin matching. So the version of Cryo matches directly with the version of Kubernetes. They have a one to one relationship. Cryo aims to be a secure by default, you know, production system. So it drops capabilities and it disables some things and enable some other things that didn't come out-of-the-box and Docker. So it allowed basically to laser focus on the production Kubernetes use case which you know begin it and has kind of persisted through crowds lifetime. Ohh, I'm kind of. Serious, that Red Hat. You know, you folks do a lot of open source. I mean, your champions, you know, everybody talks about the right story, but a lot of redhead products projects which are like kind of owned and controlled bed head. But this is one of the few projects that Red had contributed to a neutral foundation. What was the idea behind putting Cryo into CF back in, you know, 2018-2019? This was actually right at the beginning of my involvement with the project. Basically the CNTF obviously has an umbrella organization, you know matched sort of our target audience pretty well. So at the time, Container D was just about to become a graduated project who wander these have been a graduated project for a little bit. The notion of the tears in the CNCF, I kind of just been created and you know, I think a big value proposition that the CNCF posed to the crowd community is more visibility. And we've definitely gotten that through, you know, appearances in cube cons and you know some of their marketing efforts. So I think. You know being posed as you know I wouldn't like as an alternative to the industry standard, you know Docker and then you know buy association container did kind of have been historically considered to be the industry standard for the you know container runtimes across the board including in Kubernetes. And I think as a team as a our team you know wanted to you know make a claim of our stability and also you know of our viability. To the space and I think the CNCF kind of posed as a Ave. for us to make that claim for everyone to hear and I believe that that has been the case. What does graduation really mean for projects like Trio which are being used? Just talk about the importance, significance of graduation, not just for the project, the whole ecosystem, folks who are leveraging it, the maintainer community folks like you and of course the the the organization like. Since you Yeah. I mean, I think graduation I it it definitely it's like a. It's definitely not a symbolic gesture. There's a lot of work that goes into it, but I think at a certain point, projects. Like uh, there's so many steps to the graduation project process that projects end up kind of proving their viability naturally through the process and then in their stability. So I I really think that cryo has been like graduation worthy for a long time. But because of all of the steps that are involved, you know, CNCF wants to be very rigorous about who they consider to be a graduated project and because of that you know the their standards are very high for, you know, the number. Like the the sort of all the documentation needs that are needed and the security audit, like all of these things required a lot of work to kind of corral a bunch of people. Or like the whole process of graduation from start to beginning kind of took us like a year about finding someone the CNCF to take us on and you know going through the due diligence process. So it. I would say for a project that has reached a certain level of stability, like I think projects know when they're ready and then it's, you know, just a process of working through all of the pieces. You know, a lot of our time was spent looking for a security audit that was kind of a challenge that we met along the way. And ultimately you know through CNCF and Austin, if they were able to find us some two companies to help us out with that and that was a huge help and that took us, you know, really most of the rest of the way and then all of it. You know all the rest of it kind of was just finishing up the documentation and then letting the process marinate and the CNTF TOC, technically technical oversight committee kind of worked through the process. Can you talk about what kind of stories? Of course, I would not ask you to name any specific player because you know they're all important are leveraging prior today. We have. So there's a healthy mix of end users and you know cloud providers so or you know platform providers. So I would say Open Redhead Openshift is probably the one of the larger end users of Cryo, but that's just because it's a platform that provides it as the container runtime by default and really you know the only one that's supported on Linux nodes, so. But the other, I mean, there's a number of companies that are listed in our adopters files and users, you know, big players like. If I can name them, I think publicly, but like you know the Reddit and lift and. Adobe, your players like that who have see the value proposition in having a container runtime interface implementation that's built strictly for Kubernetes and have benefited from kind of adopting that And then cloud providers, you know IBM and Oracle both provide Cryo as an option or as the default runtime in their cloud environments as well. So we have kind of a mix of end users. Rubbed opted into it. And then you know. Platforms that have provided it of course. The project was created by Red Hat then contributed to CNCF. Can you talk about what kind of community is there, how diverse is that community around cryo project? I will be honest the a large portion of the contributors are Red Hat and that's by nature of kind of Red Hat's investment in the project, sort of like it's strategic alignment around it and its sibling projects that I mentioned earlier. That that's not like a choice of the crowd community. I mean like I personally and then by extension the crowd community, like we have worked, you know, towards trying to increase people's involvement in it. You know, asking people and issues to help out if they want to. Or you know, pushing for other companies. You know, for in the for the first handful of years there were a number of other companies that were contributing to it. And then you know, some people, you know, just moved away or changed priorities. And stuff. There Sousa had a for a long time a lot of investment in the Cryo project and then you know just project priorities changed and now Intel is probably our largest other contributor and partner in sort of the process of supporting the Cryo. But you know that said like none of this is the desire. Like I would love it if we had a more diverse you know, maintainer community. I think the CNCF and Kubernetes ecosystems are kind of hitting a maintainer sort of shortage right now. Like I think a big story recently has been ECD kind of just like needing more contributors than like you know companies are able to provide. And so luckily the crowd community isn't at that position. We're still have pretty good investment from enough people to keep the community going. But you know, we definitely are always looking for more help and I'd be I personally happy to help anyone start up in the community. If you have interest in it, especially if you want you know to use it in house or sell it to someone you know, I'm happy to help guide that process. So one of the things that are in your pipeline, I'm not asking about the exact pipeline. What exact road map? But what are the things that you folks are working on that hey, these are the things that we are working on going forward. I mean our main priority has basically been the same since day one. Like we are looking to be a container runtime, you know, interface implementation that matches exactly to the Kubernetes CRI spec. So a lot of our priorities end up, you know, working in sig node along with the container D community to define what the CRI is and means and does and. You know, conforming to that, that's like our main priority. Outside of that, you know we have a couple of initiatives. You know, there are some features that like you know are slightly outside of the Kubernetes world, but obviously still relevant. You know, SIG store integration is very hot, one that we're kind of working hard on right now. We have, you know there's the container monitor Conman which we're rewriting in Rust from C and that's kind of an exciting project that we're working on sort of. And then just general stability and you know bug fixes and you know we're just want to be the most, the most performant and reliable container runtime for Kubernetes. And so we're steadfast on that goal. Peter, thank you so much for taking time out today. And of course first of all, thanks for sharing the whole history, the original of the project and also how it's being used today. Thanks for all those insights and I would love to chat with you again when the new updates the project. Thank you. Absolutely, yes. Thank you so much for having me and also for all everyone for watching and thank you for using Cryo. You know, I as a maintainer can, I think I can speak on behalf of the maintainer community. We're very thankful for all of the support and we're very thankful for graduation. So you know we're excited. The future is bright in the container and Kubernetes ecosystems and I'm only looking forward for more innovation and more work altogether. So thank you very much.To view or add a comment, sign in