NRI: Extending Containerd And CRI-O With Common Plugins

The presentation discusses the use of NRI plugins in container and cryo configuration to simplify manual steps and reduce the chances of failure. The plugins provide a mechanism for unsolicited customizations and real-world examples of plugins are provided.

• NRI plugins can simplify manual steps and reduce the chances of failure in container and cryo configuration
• Plugins provide a mechanism for unsolicited customizations
• Real-world examples of plugins are provided, including annotation-based device injection, CDI device injection, and OCI hook injection

One example of a real-world plugin is the annotation-based device injection, which reads an annotation with a random key and interprets the value as a description of a device's parameters to be injected into the container. Another example is the OCI hook injection, which is taken from the cryo implementation and turned into an NRI plugin. This plugin works identically to how cryo would handle schema-based OCI hook injection for a container.

The Node Resource Interface (NRI) was started as a subproject of containerd to provide OCI hook-like extensions as plugins which can perform extra actions outside the scope of CRI. This idea has since evolved into providing a common infrastructure for plugging extensions into CRI runtimes. Our proposed revision, which hopefully gets merged by the time of this presentation, turns NRI into a common runtime agnostic extension interface for plugging custom container adjustment logic into runtimes. It defines NRI using a formal protobuf protocol description and implements it as a set of ttRPC services. This improves the efficiency of plugin-runtime communication and enables straightforward implementation of stateful plugins. Our additions also expand the original scope of NRI, by allowing plugins to hook into virtually any of the pod and container life-cycle events and adjust a carefully chosen subset of container parameters. Integration to both containerd and CRI-O is available as experimental features. In this talk we'll take a closer look at how NRI and the plugins fit into runtimes, then cover some common and novel use cases, and example plugins for OCI hook injection and custom resource assignment.