How to Install CRI-O Container Runtime on Ubuntu 22.04

CRI-O is a lightweight container runtime alternative to Docker for Kubernetes. It's an implementation of Kubernetes CRI (Container Runtime Interface) and compliance with OCI runtime (Open Container initiative). CRI-O allows Kubernetes to execute containers directly without any additional tools or adjustments to the code.

CRI-O supports multiple image formats, including Docker image format. Also provides functionality for managing container images such as managing image layer, overlay filesystems, managing container process lifecycle, monitoring and logging for containers, and also provides resource isolation.

This tutorial will guide you through the installation of the CRI-O Container Runtime on the Ubuntu 22.04 server. This also includes how to set up the CNI plugin with CRI-O and the basic usage of "cri-tools" for managing Pods and containers.


Before starting, you must have the following requirements:

  • An Ubuntu 22.04 server - This guide uses the Ubuntu Server with hostname "server-ubuntu" and the server IP address "".
  • A non-root user with root/administrator privileges.

Installing CRI-O Container Runtime

CRI-O can be installed in different ways, installing via APT command or building and installing CRI-O from the source. in this example, you will install the CRI-O Container Runtime through the third-party repository.

Before you start the installation, run the following command to set up the environment variable "$OS" and "$CRIO_VERSION". For this example, we will install the CRI-O v1.24.0 for Ubuntu 22.04.

export OS=xUbuntu_22.04
export CRIO_VERSION=1.24

Now run the following command to add the CRI-O repository for Ubuntu 22.04 server.

echo "deb$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
echo "deb$CRIO_VERSION/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$CRIO_VERSION.list

Add the GPG key for the CRI-O repository using the below command.

curl -L$CRIO_VERSION/$OS/Release.key | sudo apt-key add -
curl -L$OS/Release.key | sudo apt-key add -

add cri-o repository and key

Now update your Ubuntu repository and refresh the package index. You should see the CRI-O repository is added to your package index list.

sudo apt update

update repository

After that, check the CRI-O package version using the below command. As you can see, you will install the latest version of the CRI-O package v1.24.

sudo apt info cri-o

info cri-o package

Now install the CRI-O container runtime using the apt command below. Input Y to confirm the installation and press ENTER to continue, and the installation will begin.

sudo apt install cri-o cri-o-runc

install cri-o

After installation is finished, start the CRI-O service and enable it using the "systemctl" command below.

sudo systemctl start crio
sudo systemctl enable crio

Lastly, check and verify the CRI-O service using the below command. You should see the CRI-O service is enabled and will automatically run at system boot. And the current status of the CRI-O service is running.

sudo systemctl status crio

start enable crio service

Installing CNI (Container Network Interface) Plugin

The CNI (Container Network Interface) is required for the CRI-O container runtime. The CNI plugin allows you to set up networking on the container and Pods. You will install the CNI plugin from the official ubuntu repository and set it up with the CRI-O container runtime.

The package "containernetworking-plugins" is mostly available on Linux distribution. To install it, run the apt command below, and the installation will begin.

sudo apt install containernetworking-plugins

installing containernetworking-plugin

After installation is finished, edit the CRI-O configuration file "/etc/crio/crio.conf" using the following command.

sudo nano /etc/crio/crio.conf

On the "[]" section, uncomment the "network_dir" and "plugin_dirs" option. Also, be sure to add the CNI plugin directory "/usr/lib/cni/" to the "plugin_dirs" option.

# The table containers settings pertaining to the management of
# CNI plugins.

# The default CNI network name to be selected. If not set or "", then
# CRI-O will pick-up the first one found in network_dir.
# cni_default_network = ""

# Path to the directory where CNI configuration files are located.
network_dir = "/etc/cni/net.d/"

# Paths to directories where CNI plugin binaries are located.
plugin_dirs = [

When you are finished, save and close the file.

Next, remove the default bridge CNI confgiuration "/etc/cni/net.d/100-crio-bridge.conf". Then, download the new bridge CNI configuration to "/etc/cni/net.d/11-crio-ipv4-bridge.conf".

The new bridge CNI configuration will enable only IPv4 for Pods and containers.

rm -f /etc/cni/net.d/100-crio-bridge.conf
sudo curl -fsSLo /etc/cni/net.d/11-crio-ipv4-bridge.conf

configure container networking plugin

Now restart the CRI-O service to apply new changes to the CNI plugin settings.

sudo systemctl restart crio

Lastly, check and verify again the CRI-O service using the below command. You should see CRI-O service is running with the new bridge CNI configuration.

sudo systemctl status crio

check crio service

Installing CRI-Tools Package

You have finished the installation of the CRI-O container runtime and now it's running with the correct CNI plugin. Now you will install the "cri-tools" package which includes the command-line utility "crictl" that can be used to interact with the CRI-O container runtime.

The "cri-tools" can be used with multiple container runtimes such as containerd, dockershim, CRI-O, and cri-dockerd.

Run the apt command below to install the "cri-tools" package. The installation will automatically begin.

sudo apt install cri-tools

install cri-tools

After the installation is finished, run the "crictl" command below to check the current runtime version. you will see the current container runtime you are using is a CRI-O v1.24.

crictl version

Next, run the following "crictl" command below to check the status of the current Container Runtime and the CNI Network Plugin. You should see the CRI-O Container Runtime is "RuntimeReady" and the CNI Plugin is "NetworkReady".

crictl info

crictl check info

The crictl command provides an auto-completion for your shell, which can be generated manually. Run the following crictl command below to generate the command-completion for the Bash shell to the "/etc/bash_completion.d/crictl". Then, reload your current Bash session by sourcing the ~/.bashrc config file.

crictl completion > /etc/bash_completion.d/crictl
source ~/.bashrc

Now run the "crictl" command and press TAB to see all available command completion.

crictl TAB

setup crictl completiobn

Creating Pod and Container using crictl

Now that cri-tools is installed on your system, it's time for creating a Pod sandbox and container using the "crictl" command. In this example, we will create a Pod for the Nginx container.

Create a new directory "~/demo" using the below command.

mkdir ~/demo/

Now run the below command to create a new JSON configuration file and define the Pod sandbox for the container.

cat <<EOF | tee ~/demo/sandbox_nginx.json
    "metadata": {
        "name": "nginx-sandbox",
        "namespace": "default",
        "attempt": 1,
        "uid": "hdishd83djaidwnduwk28bcsb"
    "linux": {
    "log_directory": "/tmp"

Run the Pod sandbox using the following "crictl" command below. And you should see the random string of your Pod.

sudo crictl runp ~/demo/sandbox_nginx.json

Check and verify running Pods using the below command. You should see the Pod sandbox "nginx-sandbox" with the Pod id "7b0618800e251" in the state "Ready".

sudo crictl pods

create pod sandbox

To check the details of Pod, run the "crictl" command below, and be sure to change the Pod id. In this example, the "nginx_sandbox" pod has an IP address "".

sudo crictl inspectp --output table 7b0618800e251

pod sandbox details

Now that the Pod sandbox is ready, it's time to create the Nginx container. But first, you will download the Nginx image.

Run the following crictl command below to download the Nginx image. Then, check and verify the list of available images.

sudo crictl pull nginx
sudo crictl images

crictl download image

Now run the following command to create a new JSON file for defining the Nginx container.

cat <<EOF | tee ~/demo/container_nginx.json
  "metadata": {
      "name": "nginx"
      "image": "nginx"
  "linux": {

Create a new container to the Pod sandbox "7b0618800e251" using the crictl command below. You should see the random string of your new Nginx container id.

sudo crictl create 7b0618800e251 ~/demo/container_nginx.json ~/demo/sandbox_nginx.json

Start the Nginx container using the below command, and be sure to change the container id.

sudo crictl start 1100498979ee5d3a9cbdb7b8b8f18529a01298f2bb57f7fcd01f54dd5a0f8746

After that, check and verify the running container using the below command. You should see the Nginx container is "Running" inside the Pod "7b0618800e251".

sudo crictl ps

add container to pod

Lastly, you can access the Nginx container via the IP address of the Pod sandbox "nginx_sandbox". Run the curl command to the "nginx_sandbox" IP address "", and you will see the default index.html page of your Nginx container.


acccess nginx pod


You have now finished the installation and configuration of the CRI-O Container Runtime with CNI Plugin on an Ubuntu 22.04 server. You can now use it as the container runtime for the Kubernetes cluster. You have also learned the basic usage of the "crictl" command for creating Pods and containers using the CRI-O Container Runtime.

Share this page:

0 Comment(s)