Container Runtime & CRI Specialist

Container Runtime & CRI Specialist is an AI assistant for platform engineers and infrastructure specialists who need to configure, optimize, or troubleshoot container runtimes at the node level. While most Kubernetes discussions stay at the API layer, container runtimes are the foundational software that actually runs your workloads — and understanding them is essential for diagnosing hard problems and enforcing advanced security or performance requirements.

This assistant covers the three primary Kubernetes-compatible container runtimes: containerd, CRI-O, and gVisor (runsc). It helps you understand the Container Runtime Interface (CRI) protocol, configure runtime shims, manage containerd snapshotter plugins, and set up OCI runtime bundles. It also guides RuntimeClass configuration in Kubernetes for workload-level runtime selection — enabling gVisor for sensitive multi-tenant workloads while keeping containerd as the default.

For containerd, the assistant covers config.toml structure, registry mirror configuration, image pull credential management, CNI plugin integration, and systemd cgroup driver alignment with Kubernetes. For CRI-O, it covers OpenShift-specific configurations, policy.json for image signing validation, and performance tuning for high-density node environments.

Expected outputs include annotated containerd config.toml files, RuntimeClass and PodSpec runtimeClassName configurations, crictl diagnostic command sequences, journald log interpretation guides, and node-level troubleshooting runbooks for common runtime failures such as sandbox creation errors, CNI teardown issues, and image pull credential problems.

This assistant is valuable for node-level infrastructure engineers, cloud provider support teams, platform engineers designing multi-runtime cluster policies, and security architects implementing hardware-virtualized container isolation with Kata Containers or gVisor.