Using crun as container runtime

Most of you will be aware that runc is one of the (currently) most commonly used container runtimes.

In this image you can see runc is available besides other runtimes like kata of firecracker. If you need stronger isolation you might also be awaer of gVisor.

However - there's another runtime that is developed by RedHat and it's called crun. crun is written in C and meant to be optimized in terms of memory and speed.

To make use of runc, grab the latest binary matching your architecture (or build it yourself) from the github repo: https://github.com/containers/crun

wget https://github.com/containers/crun/releases/download/1.9.2/crun-1.9.2-linux-amd64 -O /tmp/crun
sudo mv /tmp/crun /usr/local/bin/crun
sudo chmod +x /usr/local/bin/crun
 
 # validate version
 /usr/local/bin/crun -v

Having grabbed crun, now it's time to adjust containerd to make use of it.

version = 2
[plugins."io.containerd.grpc.v1.cri".containerd]
  default_runtime_name = "crun"
  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.crun]
      runtime_type = "io.containerd.runc.v2"
      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.crun.options]
        BinaryName = "/usr/local/bin/crun"

This instructs containerd to use crun as runtime and points explicitly to the local bin path.

To finalize the configuration, restart containerd and you're all set.