Launch FAQ: Which container runtimes are available on Fedora CoreOS?

Fedora CoreOS includes the Docker, podman, and CRI-O container runtimes by default. Based on community engagement and support this list could change over time.

Is podman replacing rkt? Rkt has been really useful as a systemd spawned stable container runtime vs docker. I believe a lot of kubelet installation procedures use kubelet-wrapper. i.e. poseidon/typhoon.

I do not know if podman replace rkt (cause I think the internals are not the same, the method are not the same), but podman can be used to integrate with systemd service like rkt do, and seems ore pleasant to use for that than docker.

When this has been discussed before, we’ve recommended that users that are interested in rkt to evaluate the capabilities of podman and file issues upstream about anything they see missing.

We can’t guarantee that podman will replace all of the functionality that rkt had, but perhaps there can be incremental progress in that area.

1 Like

Is podman available in a distro-independent binary format?

I don’t see any binary releases on their GitHub repo, but their build instructions are pretty good -

The dependencies looked a bit daunting - I suppose there’s a container for that via source-to-image but I like binary releases better.

Containers to the rescue!

I’m usually doing one-off builds of podman etc, so I’ll just fire up a container with all the dependencies installed and bind mount a directory from the host into the container. When the build is done, I can copy the binary to anywhere on the host I would like.

Is where CRI-O in Fedora CoreOS?
I setup fedora-coreos-31.20200113.3.1 and can’t find CRI-O

[root@localhost ~]# cat /etc/redhat-release
Fedora release 31 (Thirty One)
[root@localhost ~]# which crio
/usr/bin/which: no crio in (/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin)
[root@localhost ~]# which cri-o
/usr/bin/which: no cri-o in (/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin)
[root@localhost ~]# systemctl |grep cri
[root@localhost ~]#

See here:

systemctl only lists active services by default, which is why your grep couldn’t find anything.

Thx! but no.
[root@localhost ~]# ls /usr/libexec/crio/
[root@localhost ~]# systemctl enable crio
Failed to enable unit: Unit file crio.service does not exist.
[root@localhost ~]# whereis crio
crio: /usr/libexec/crio
[root@localhost ~]# ls -ld /usr/libexec/crio
drwxr-xr-x. 2 root root 20 Jan 1 1970 /usr/libexec/crio
[root@localhost ~]# which crictl
/usr/bin/which: no crictl in (/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin)
[root@localhost ~]# find / -name crio
find: File system loop detected; ‘/sysroot/ostree/deploy/fedora-coreos/deploy/f480038412cba26ab010d2cd5a09ddec736204a6e9faa8370edaa943cf33c932.0’ is part of the same file system loop as ‘/’.
[root@localhost ~]# find / -name cri-o
find: File system loop detected; ‘/sysroot/ostree/deploy/fedora-coreos/deploy/f480038412cba26ab010d2cd5a09ddec736204a6e9faa8370edaa943cf33c932.0’ is part of the same file system loop as ‘/’.
[root@localhost ~]#

Yeah, the FAQ here I think was written in a time of active discussion, we ended up not including cri-o by default. (It is used for e.g. OKD which uses FCOS though!)

I love cri-o in kubernetes.
and would like to get cri-o in FCOS on bare metal.
I can setup kubernetes cluster in FCOS by puppet (run kubelet as docker/podman container, via systemd unit file), and would like to use cri-o for kubernetes.

Hi, I recall that you need to make a config change in order to use Cgroups V1 to run docker in Fedora 31 - is that not an issue in CoreOS?

@sbvitok The version of cri-o has to match the version of Kubernetes, and we don’t know what version of Kubernetes you’re running on your cluster. We don’t have a great solution for that problem right now.

@piagetblix Correct. Fedora CoreOS still uses cgroups v1 for now.