CRI-O Follows up on Latest Kubernetes Release

CRI-O v1.22 features automatic certificate availability and eliminates memory flooding

TL;DR

The CRI-O development team, on August 25, 2021, released the update of its container runtime interface, CRI-O version 1.22. This was an expected follow-up to the upgrade of its mother project, Kubernetes.

Container runtime interface v1.22 will not have metrics flooding a user's project memory.
Container runtime interface v1.22 will not have metrics flooding a user's project memory.
Key Facts
  1. 1

    In terms of security, enhancements are pretty minor in v1.22.

  2. 2

    V1.22 automatically generates backup certificates in any case of deficit.

  3. 3

    CRI-O can be executed even without certificates stored on a disk.

  4. 4

    Users can forget about metrics flooding.

Details

Following the release of Kubernetes 1.22, the CRI-O development team updated the container runtime interface(CRI) in RedHat's wing of Kubernetes distribution, OpenShift, to version 1.22.

Minor security changes and enhancements around data and activity logging are perceived as the main focus of this newest upgrade. The team has imbued certificate date validation in CRI-O; a necessary Enterprise for the TLS security endpoints. If the specified certificates and keys are missing, version 1.22 automatically generates self-signed certificates and keys for the secure metrics endpoint, allowing CRI-O launch regardless of certificate status on disks. This would also serve as an automatic reload mechanism for the metrics TLS certificate and key in case of unanticipated changes.

Container runtime interface v1.22 will not have metrics flooding a user's project memory. It has been configured with CLI nodes that disable the collection of specific metrics making data collection far less arduous. Other changes include the container start featuring the container/sandbox ID alongside the related process ID in compliance with the VM runtime path configuration selection. It's also being imbued with more container and pod annotations to indicate values like the default blockio class and a container's RDT class and the inclusion of bug fixes.

Static binary dependencies also saw indiscriminate upgrades, with crun upgrade to version 0.20.1 and runc, having hit the 1.0 mark, moving an inch up to 1.0.1. In terms of deprecation, the internal_wipe option has been removed.


Get similar stories in your inbox weekly, for free

Is this news interesting? Share it with your followers

Latest stories


DevOps: Report on Devil's Practices by DORA

The report is drafted from a report release of the annual research and survey of …

Amazon Elasticsearch Gets a New Version With Name Deprecated

Accompanied by new advancements is Amazon OpenSearch, the same body of code as its predecessor, …

McAfee Partners With IBM Security to Deliver TD Synnex Security Solution

The MVISION platform and Security wing of IBM's partnership endgame are to extend increased protection …

Amazon MSK Connect Launched to Better Apache Kafka UX

Amazon follows up on its 2018 data streaming software, Amazon Managed Streaming for Apache Kafka, …

Cloud: Zone Redundant Storage Released on General Availability

The report is drafted from a press release of the Microsoft Azure team on the …

Security: IBM Traces Two-Thirds of Compromises to Misconfigured APIs

The report is drafted from a sweeping survey of dark web analysis and various X-Force …