CRI-O(Container Runtime Interface)
CRIO for Kubernetes is what JRE for Java.
1. Kubernetes connects to kubelet to launch a POD.
POD: Pod is single bock for Kubernetes consisting of one or more container, sharing the same IPC, NET and PID namespaces and living in the same cgroup
2. Kubelet forwards the request to CRIO demon via CRI to launch new POD.
3. CRIO uses the container’s image library to pull the image from the container’s registry.
4. downloaded image gets unpacked in container’s root file-system.(Just like we install some OS)
5. after the rootfs is created CRI-O generates the OCI(Open Container interface) specification json-file explaining how to run Container.
6. Each container is maintained by a “conmon” process, it does monitoring,logging and handling PTY for the container.
7. Networking for the pod is setup through use of CNI(Container network interface)
Now What is CNI and why do we need it?
CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.
Application containers on Linux are a rapidly evolving area, and within this area networking is not well addressed as it is highly environment-specific.
After reading the above, the following makes more sense.