How OpenKruise Extends Kubernetes Container Runtime Operations
This article explains how OpenKruise, a CNCF sandbox project, overcomes native Kubernetes container‑runtime limitations by integrating with Kubelet and CRI, offering features such as in‑place upgrades, container restarts, image pre‑heating, and a modular architecture that enhances workload management and runtime control.
Background
Kubernetes originally exposed only basic Pod CRUD operations. Before the Container Runtime Interface (CRI) was introduced in v1.5, Kubelet was tightly coupled with Docker, making advanced runtime actions such as image pull, container restart, or in‑place upgrade difficult to implement as extensions.
OpenKruise Overview
OpenKruise is a CNCF sandbox project that extends Kubernetes via Custom Resource Definitions (CRDs). It adds workload‑level capabilities (gray release, traffic control, in‑place upgrade) and provides direct interactions with the container runtime without modifying Kubelet.
Architecture
OpenKruise consists of a central kruise‑manager (controllers and webhooks) and a node‑side kruise‑daemon . The manager watches CRDs and coordinates actions, while the daemon talks to the CRI runtime on each node, keeping the Kubelet unchanged.
Extended Runtime Operations
In‑place Upgrade
The upgrade works by having Kubelet compute a hash for each container. When the image changes, kruise‑daemon replaces only the container image while preserving the Pod UID, IP, and other containers, thus avoiding pod recreation.
Reduces scheduling, IP allocation, and volume mount latency.
Reuses most image layers.
Other containers in the same Pod continue running.
Container Restart
OpenKruise introduces the ContainerRecreateRequest CRD, allowing a graceful restart of specific containers without deleting the whole Pod. The request is validated by webhooks and executed by kruise‑daemon using CRI preStop and stop hooks.
apiVersion: apps.kruise.io/v1alpha1
kind: ContainerRecreateRequest
metadata:
namespace: pod-namespace
name: example-restart
spec:
podName: my-pod
containers:
- name: app
strategy: {}
activeDeadlineSeconds: 300
ttlSecondsAfterFinished: 1800
status:
containerRecreateStates:
- name: app
phase: SucceededImage Pre‑heat
The ImagePullJob CRD lets users declare images to be pulled on selected nodes (or Pods) ahead of time, dramatically reducing pod‑scale‑up latency.
apiVersion: apps.kruise.io/v1alpha1
kind: ImagePullJob
metadata:
name: nginx-preheat
spec:
image: nginx:latest
parallelism: 10
selector: {}
podSelector: {}
completionPolicy: {}Roadmap and References
OpenKruise released its first stable version v1.0 in December 2021. The project’s source code is hosted at https://github.com/openkruise/kruise. Future plans include CNCF incubation and further enhancements to container‑runtime operations.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Alibaba Cloud Native
We publish cloud-native tech news, curate in-depth content, host regular events and live streams, and share Alibaba product and user case studies. Join us to explore and share the cloud-native insights you need.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.