Kubernetes 容器运行时接口 CRI( 二 ) _Kubernetes

下载 sandobx 容器镜像
初始化容器元数据
初始化 pod 网络命名空间，详细内容可参考之前的文章源码解析：从 kubelet、容器运行时看 CNI 的使用[22]
更新容器元数据
写入文件系统

参考源码

pkg/cri/server/sandbox_run.go#L61[23]
services/tasks/local.go#L156[24]

总结CRI 提供了一种标准化的接口，用于与底层容器运行时进行交互。这对与发展和状大 Kubernetes 生态系统非常重要：

Kubernetes 控制平面与容器管理的具体实现解耦，可以独立升级或者切换容器运行时，方便扩展和优化。
Kubernetes 作为一个跨云、跨平台和多环境的容器编排系统，在不同的环境和场景下使用不同的容器平台。CRI 的出现，保证平台的多样性和灵活性。

参考资料[1] 很久之前挖下的坑: https://atbug.com/how-kubelete-container-runtime-work-with-cni/#创建-pod
[2] containerd: https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd
[3] CRI-O: https://kubernetes.io/docs/setup/production-environment/container-runtimes/#cri-o
[4] Docker Engine: https://kubernetes.io/docs/setup/production-environment/container-runtimes/#docker
[5] Mirantis Container Runtime: https://kubernetes.io/docs/setup/production-environment/container-runtimes/#mcr
[6] Kubernets 1.5: https://kubernetes.io/blog/2016/12/container-runtime-interface-cri-in-kubernetes/
[7] 正式移除了 Dockershim: https://kubernetes.io/blog/2022/05/03/dockershim-historical-context/
[8] kubelet 源码分析: https://mp.weixin.qq.com/s/O7k3MlgyonNtOUxNPrN8lg
[9] 容器运行时: https://kubernetes.io/docs/setup/production-environment/container-runtimes/
[10] kubeGenericRuntimeManager#SyncPod(): https://Github.com/kubernetes/kubernetes/blob/023d6fb8f4a7d130bf5c8e725ca310df9e663cd0/pkg/kubelet/kuberuntime/kuberuntime_manager.go#L711
[11] 初始化 CRI 客户端: https://github.com/kubernetes/kubernetes/blob/14fcab83adf319b8ef8e82e1054412309c46f535/pkg/kubelet/kubelet.go#L285
[12] pkg/kubelet/kuberuntime/kuberuntime_sandbox.go#L39: https://github.com/kubernetes/kubernetes/blob/ea929715339da4553589df61c8638bac3bcae618/pkg/kubelet/kuberuntime/kuberuntime_sandbox.go#L39
[13] pkg/kubelet/kuberuntime/kuberuntime_container.go#L176: https://github.com/kubernetes/kubernetes/blob/3946d99904fe37ea04b231a8d101085b9b80b221/pkg/kubelet/kuberuntime/kuberuntime_container.go#L176
[14] pkg/kubelet/images/image_manager.go#L89: https://github.com/kubernetes/kubernetes/blob/de37b9d293613aac194cf522561d19ee1829e87b/pkg/kubelet/images/image_manager.go#L89
[15] criService: https://github.com/containerd/containerd/blob/1764ea9a2815ddbd0cde777b557f97171b84cd02/pkg/cri/server/service.go#L77
[16] RuntimeService: https://github.com/kubernetes/cri-api/blob/master/pkg/apis/runtime/v1/api.proto#L34
[17] ImageService : https://github.com/kubernetes/cri-api/blob/master/pkg/apis/runtime/v1/api.proto#L128
[18] instrumentedService: https://github.com/containerd/containerd/blob/d3c7e31c8a8f7dc3f0ef0d189fda5a7caca42ce2/pkg/cri/server/instrumented_service.go#L32
[19] RuntimeServiceServer: https://github.com/kubernetes/cri-api/blob/v0.25.0/pkg/apis/runtime/v1/api.pb.go#L9301
[20] ImageServiceServer: https://github.com/kubernetes/cri-api/blob/v0.25.0/pkg/apis/runtime/v1/api.pb.go#L10131C9-L10131C9
[21] UDS（Unix domain socket）: https://en.wikipedia.org/wiki/Unix_domain_socket
[22] 源码解析：从 kubelet、容器运行时看 CNI 的使用: https://atbug.com/how-kubelete-container-runtime-work-with-cni/#创建-sandbox-容器
[23] pkg/cri/server/sandbox_run.go#L61: https://github.com/containerd/containerd/blob/f2376e659ffa55e4ff2578baf4e4c7aab54042e4/pkg/cri/server/sandbox_run.go#L61
[24] services/tasks/local.go#L156: https://github.com/containerd/containerd/blob/bbe46b8c43fc2febe316775bc2d4b9d697bbf05c/services/tasks/local.go#L156

【Kubernetes 容器运行时接口 CRI】