CRI-O: Secure, Performant, and Boring as Ever!


Authors:   Urvashi Mohnani, Peter Hunt, Mrunal Patel


Anyone who has followed CRI-O, the OCI compliant implementation of the Kubernetes Container Runtime Interface (CRI), knows that it aims to be secure, performant, and over-all boring. Implemented as exactly the CRI implementation Kubernetes needs, and nothing more, allows it to be optimized, secured, and version-locked for Kubernetes. In this talk, Sascha Grunert, Mrunal Patel, Urvashi Mohnani, and Peter Hunt will give an overview of CRI-O, as well as discuss some recent improvements that highlight these three key aspects of CRI-O. The talk will cover the ease with which it transitioned between CRI versions, optimizations in container exec probes with conmon-rs, security improvements regarding SELinux relabelling for container volumes, and general security enhancements by running seccomp by default. People who join us, whether seasoned end-users or budding community members, should learn what CRI-O has to offer as the container manager that loves Kubernetes the most.Click here to view captioning/translation in the MeetingPlay platform!


Post a comment

Related work

Authors: Urvashi Mohnani, Peter Hunt, Mrunal Patel

Authors: Urvashi Mohnani, Peter Hunt, Mrunal Patel, Sascha Grunert

Authors: Urvashi Mohnani, Peter Hunt, Mrunal Patel