In Kubernetes, the actual act ofrunning containerson a node is performed by thecontainer runtime. The kubelet instructs the runtime via CRI, and the runtime pulls images, creates containers, and manages their lifecycle. Among the options provided,CRI-Ois the only container runtime, soBis correct.
It’s important to be precise: the component that “runs containers” is not the control plane and not etcd.etcd(option A) stores cluster state (API objects) as the backing datastore. It never runs containers.cloud-controller-manager(option C) integrates with cloud APIs for infrastructure like load balancers and nodes.kube-controller-manager(option D) runs controllers that reconcile Kubernetes objects (Deployments, Jobs, Nodes, etc.) but does not execute containers on worker nodes.
CRI-O is a CRI implementation that is optimized for Kubernetes and typically uses an OCI runtime (like runc) under the hood to start containers. Another widely used runtime is containerd. The runtime is installed on nodes and is a prerequisite for kubelet to start Pods. When a Pod is scheduled to a node, kubelet reads the PodSpec and asks the runtime to create a “pod sandbox” and then start the container processes. Runtime behavior also includes pulling images, setting up namespaces/cgroups, and exposing logs/stdout streams back to Kubernetes tooling.
So while “the container runtime” is the most general answer, the question’s option list makesCRI-Othe correct selection because it is a container runtime responsible for running containers in Kubernetes.
=========
