CRI-O

CRI-O is a lightweight container runtime for Kubernetes. Kubespray supports basic functionality for using CRI-O as the default container runtime in a cluster.

  • Kubernetes supports CRI-O on v1.11.1 or later.
  • etcd: configure either kubeadm managed etcd or host deployment

To use the CRI-O container runtime set the following variables:

all/all.yml

  1. download_container: false
  2. skip_downloads: false
  3. etcd_kubeadm_enabled: true

k8s-cluster/k8s-cluster.yml

  1. container_manager: crio

etcd.yml

  1. etcd_deployment_type: host # optionally and mutually exclusive with etcd_kubeadm_enabled

all/crio.yml

Enable docker hub registry mirrors

  1. crio_registries_mirrors:
  2. - prefix: docker.io
  3. insecure: false
  4. blocked: false
  5. location: registry-1.docker.io
  6. mirrors:
  7. - location: 192.168.100.100:5000
  8. insecure: true
  9. - location: mirror.gcr.io
  10. insecure: false

Note about pids_limit

For heavily mult-threaded workloads like databases, the default of 1024 for pids-limit is too low. This parameter controls not just the number of processes but also the amount of threads (since a thread is technically a process with shared memory). See cri-o#1921

In order to increase the default pids_limit for cri-o based deployments you need to set the crio_pids_limit for your k8s-cluster ansible group or per node depending on the use case.

  1. crio_pids_limit: 4096