Goglides Dev 🌱


Posted on • Originally published at kubernetes.io on

Blog: CRI-O is moving towards pkgs.k8s.io

Author: Sascha Grunert

The Kubernetes community recently announcedthat their legacy package repositories are frozen, and now they moved tointroduced community-owned package repositories powered by theOpenBuildService (OBS). CRI-O has a long history of utilizingOBS for their package builds, but all of the packaging efforts have been done manually so far.

The CRI-O community absolutely loves Kubernetes, which means that they're delighted to announce that:

All future CRI-O packages will be shipped as part of the officially supported Kubernetes infrastructure hosted on pkgs.k8s.io!

There will be a deprecation phase for the existing packages, which is currently being discussed in the CRI-O community. The new infrastructure will only support releases of CRI-O >= v1.28.2 as well as release branches newer than release-1.28.

How to use the new packages

In the same way as the Kubernetes community, CRI-O provides deb and rpmpackages as part of a dedicated subproject in OBS, calledisv:kubernetes:addons:cri-o. This project acts as an umbrella and provides stable (for CRI-O tags) as well asprerelease (for CRI-O release-1.y and main branches) package builds.

Stable Releases:


There are no stable releases available in the v1.29 repository yet, because v1.29.0 will be released in December. The CRI-O community will also not support release branches older than release-1.28, because there have been CI requirements merged into main which could be only backported to release-1.28with appropriate efforts.

For example, If an end-user would like to install the latest available version of the CRI-O main branch, then they can add the repository in the same way as they do for Kubernetes.

rpm Based Distributions

For rpm based distributions, you can run the following commands as a root user to install CRI-O together with Kubernetes:

Add the Kubernetes repo

cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo

Enter fullscreen mode Exit fullscreen mode

Add the CRI-O repo

cat <<EOF | tee /etc/yum.repos.d/cri-o.repo

Enter fullscreen mode Exit fullscreen mode

Install official package dependencies

dnf install -y \
 conntrack \
 container-selinux \
 ebtables \
 ethtool \
 iptables \

Enter fullscreen mode Exit fullscreen mode

Install the packages from the added repos

dnf install -y --repo cri-o --repo kubernetes \
 cri-o \
 kubeadm \
 kubectl \

Enter fullscreen mode Exit fullscreen mode

deb Based Distributions

For deb based distributions, you can run the following commands as a rootuser:

Install dependencies for adding the repositories

apt-get update
apt-get install -y software-properties-common curl

Enter fullscreen mode Exit fullscreen mode

Add the Kubernetes repository

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key |
 gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /" |
 tee /etc/apt/sources.list.d/kubernetes.list

Enter fullscreen mode Exit fullscreen mode

Add the CRI-O repository

curl -fsSL https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/Release.key |
 gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/ /" |
 tee /etc/apt/sources.list.d/cri-o.list

Enter fullscreen mode Exit fullscreen mode

Install the packages

apt-get update
apt-get install -y cri-o kubelet kubeadm kubectl

Enter fullscreen mode Exit fullscreen mode

Start CRI-O

systemctl start crio.service

Enter fullscreen mode Exit fullscreen mode

The Project's prerelease:/main prefix at the CRI-O's package path, can be replaced withstable:/v1.28, stable:/v1.29, prerelease:/v1.28 or prerelease:/v1.29if another stream package is used.

Bootstrapping a cluster using kubeadmcan be done by running kubeadm init command, which automatically detects that CRI-O is running in the background. There are also Vagrantfile examples available for Fedora 38as well as Ubuntu 22.04for testing the packages together with kubeadm.

How it works under the hood

Everything related to these packages lives in the newCRI-O packaging repository. It contains a daily reconciliationGitHub action workflow, for all supported release branches as well as tags of CRI-O. A test pipelinein the OBS workflow ensures that the packages can be correctly installed and used before being published. All of the staging and publishing of the packages is done with the help of the Kubernetes Release Toolbox (krel), which is also used for the official Kubernetes deb and rpm packages.

The package build inputs will undergo daily reconciliation and will be supplied by CRI-O's static binary bundles. These bundles are built and signed for each commit in the CRI-O CI, and contain everything CRI-O requires to run on a certain architecture. The static builds are reproducible, powered by nixpkgsand available only for x86_64, aarch64 and ppc64le architecture.

The CRI-O maintainers will be happy to listen to any feedback or suggestions on the new packaging efforts! Thank you for reading this blog post, feel free to reach out to the maintainers via the Kubernetes Slack channel #crioor create an issue in the packaging repository.

Top comments (0)