SlideShare une entreprise Scribd logo

[KubeCon EU 2021] Introduction and Deep Dive Into Containerd

A
Akihiro Suda

Join containerd maintainers and reviewers in a combined introduction and deep dive session. They will discuss the overview and the recent updates of containerd as well as how it is being used by Kubernetes, Docker and other container-based systems. The brief introduction about its architecture and service design will be included. The talk will also deep dive into how to leverage contained by extending and customizing it for your use case with low-level plugins like remote snapshotters, as well as by implementing your own containerd client. Upcoming features and recent discussion in containerd community will also be covered. - - - https://kccnceu2021.sched.com/event/iE6v/introduction-and-deep-dive-into-containerd-kohei-tokunaga-akihiro-suda-ntt-corporation?iframe=no

Logiciels
1  sur  36
Télécharger pour lire hors ligne
Kohei Tokunaga & Akihiro Suda, NTT Corporation Introduction and Deep Dive Into Containerd
Introduction to containerd Kohei Tokunaga, NTT Corporation
Overview ● CNCF graduated container runtime project ● Resource manager • Container process • Image artifacts • Filesystem snapshots • Metadata and dependencies management ● Tightly scoped (100% approval is required to stretch) but highly extensible ● Used by Kubernetes, Docker and various container-based projects https://github.com/containerd/containerd
Usage in community ● Managed: GKE, AWS Fargate, AKS, IKS ● Development: Docker/moby, BuildKit ● K8s distribution: k3s, kind、minikube, kubespray, microk8s, k0s ● FaaS: faasd Adoption https://sysdig.com/blog/sysdig-2021-contai ner-security-usage-report/ ● Docker’s use of containerd + pure use of containerd is 83% of container usage (Sysdig 2021 container security and usage report) ● Used by several managed services as well as open source projects in community
How containerd is used? Low-level runtime kubelet CRI Low-level runtime containerd API dockerd Low-level runtime containerd API Arbitrary tools As a CRI runtime As a component of Docker As a general container management tool
Containerd as a CRI runtime Container Registry kubectl apply Detects Pod events Manages Pods using CRI runtime • Manages Pods, containers and images • Pulls image from the registry • Executes low-level runtimes Creates and manipulates isolated execution environments as containers e.g. runc, gVisor, Kata Containers Node Low-level runtime apiserver kubelet CRI pull The de facto standard CRI runtime for Kubernetes ● Managed Kubernetes: IKS, GKE, AKS, AWS Fargate, … ● Kubernetes distributions: K3s, kind, minikube, kubespray, microk8s, k0s, ...
Containerd as a component of Docker Container Registry docker run Manages containers, images, networking and volumes, etc. Low-level runtime • Manages containers • Executes low-level runtimes containerd API dockerd Node pull/push Docker API Creates and manipulates isolated execution environments as containers e.g. runc, gVisor, Kata Containers
Containerd as a general container management tool ● Several applications are developed based on containerd ● Containerd provides a Go client library (discussed later) ● Applications can extend containerd with plugins, without recompilation (discussed later) Applications managing containers Low-level runtime Provides container management functionality to upper tools containerd API BuildKit faasd Pouch Container nerdctl Creates and manipulates isolated execution environments as containers e.g. runc, gVisor, Kata Containers
Containerd Internal Kohei Tokunaga, NTT Corporation
Containerd Architecture OS plugins container image tasks namespace leases version introspection events diff Server runtimes Client containerd API Kubelet CRI ● Client-server architecture • Go client library (used by Docker, BuildKit, etc.) ● Client calls server via containerd API • Through /run/containerd/containerd.sock ● Various low-level runtimes are supported • OCI runtimes (runc, gVisor, Kata Container, etc) • Firecracker (firecracker-containerd) ● Extensibility • Low-level plugins • Extending containerd API with custom services • Client library is easy to customize
Containerd Client ● “Smart” Client (Go library) • Containerd API bindings • Registry client • Pulling/Pushing images • Image unpacker • Creating OCI config for OCI runtimes ● Go application can integrate with containerd using client library OS container image tasks namespace leases version introspection events diff container image Etc… namespace leases content snapshots events tasks Registry client Image unpacker events OCI config constructor Server plugins runtimes API bindings Utilities Utilities
Containerd Client Implementations OS container image tasks namespace leases version introspection events diff Server plugins runtimes ctr, nerdctl, Docker, etc containerd API Client lib ● ctr: https://github.com/containerd/containerd • CLI client for containerd • Mainly for debugging or trying new features ● nerdctl: https://github.com/containerd/nerdctl • Docker-compatible CLI for containerd • Easy to use for Docker users • Supports containerd’s cutting-edge features (e.g. lazy pulling, image encryption) ● containerd-based tools • Arbitrary tools can integrate to containerd using client library • e.g. Docker, BuildKit, faasd
Containerd Core & API container image etc… namespace leases content snapshots CRI tasks Metadata store OS Container management Image management Container execution Shared DB among services shim OCI CRI ● Micro services • Containerd API is the set of APIs of services • Services are loosely connected ● Shared metadata DB • bbolt-based • https://github.com/etcd-io/bbolt • Stores metadata of containers, images, contents, snapshots, etc. • Manages reference graph for GC
CRI Service NRI Plugin Image Service Container Service Image service Runtime service Task Service CNI Plugin Containerd client ・・・ CNI client NRI client ● CRI service implements CRI of Kubernetes ● Implemented as a builtin service • Initially repo and binary were separated from containerd • Merged to containerd/containerd since 1.5 ● Depends on other services for container & image management • Communicates via function call ● Uses external CNI/NRI plugins for networking and resource management plugins kubelet CRI service Pod namespace container container Registry pull
Low-level Services OS container image etc… namespace leases content snapshots CRI tasks C o n t e n t s t o r e S n a p s h o t t e r R u n t i m e ● Content Store • Stores image manifest and layers “as-is” • content addressable (keyed by digest) ● Snapshotter • Manages ”snapshots” • Extracted and stacked view of rootfs layers • Passed to OCI runtimes as rootfs • Snapshotter impl. per backing filesystem • Overlayfs, btrfs, aufs, FUSE, … ● Runtime • Executes low-level runtimes via “shim” • Shim is a wrapper daemon of OCI runtime • Well-suit to stateful runtimes (e.g. Kata Containers)
Image content flow unpacker Content Store Diff Service Snapshotter Unpack layers extracted snapshots Task & Runtime Store layer blobs “as-is” Decompression Decryption etc… Mount snapshots as rootfs rootfs of a container remote container & task service API bindings ・・・ Registry pull containerd client utilities
Containerd Extensibility Kohei Tokunaga, NTT Corporation
Extending containerd with plugins and services OS container image etc… namespace leases content snapshots CRI tasks shim OCI plugins plugins s h i m ● containerd is tightly scoped but highly extensible ● Custom low-level service; no need to recompile • external binary plugins • Plugin via unix socket (proxy snapshotter, proxy content store) • Plugin as an executable binary (stream processor, shim) • Go plugin ● API is extendable by implementing your own custom service • e.g. ”control API” of firecracker-containerd
Extension example 1: Lazy pulling ● Remote snapshotter plugin • allows “lazy pulling” of images from arbitrary remote store (not limited to the registry) • container can startup without waiting for the entire image contents being locally available ● Snapshotter can run as an external daemon (proxy snapshotter) • No re-compilation is required • Containerd talks with the snapshotter via unix socket ● Stargz Snapshotter enables lazy pulling of OCI-compatible eStargz/Stargz images from standard registry • https://github.com/containerd/stargz-snapshotter Arbitrary remote store proce ss container Remote Snapshotter Node Provides rootfs snapshots as mount points Remote Snapshotters in community - Stargz Snapshotter - CVMFS-snapshotter - Nydus-snapshotter - OverlayBD-snapshotter
Extension example 2: Generic image layers ● Containerd can handle arbitrary image layers, not limited to OCI standards • gzip, zstd, encrypted layers… ● Stream Processor plugin converts arbitrary media type to another (e.g. OCI standard types) ● Separated binary can plug into containerd, without re-compilation Stream Processor in community - imgcrypt for encrypted images e.g. layer decription Image layers Rootfs snapshots ・・・ Builtin decompressor Plugin binary Diff Service
Extension example 3: Integrating low-level runtimes ● V2 Shim per low-level runtime ● Both of OCI (e.g. runc) and Non-OCI (e.g. Firecracker) runtime can integrate to containerd ● Binary naming convention: io.containerd.runc.v2 -> containerd-shim-runc-v2 ● Pluggable logging destination • fifo(Linux), npipe(Windows), external binary(Linux, Windows), file(Linux, Windows) runc Kata Containers gVisor Firecracker io.containerd.runc.v2 io.containerd.kata.v2 io.containerd.runsc.v1 io.containerd.aws-firecracker Low-level Runtimes in community V2 shims in community Runtime service
Implementing your own containerd client Akihiro Suda, NTT Corporation
Two APIs are available containerd API is recommended for most use cases, but CRI API might be easier to get started Implementing your own containerd client containerd API CRI API Consumers Docker/Moby, BuildKit, faasd, nerdctl... Kubernetes Paradigm Container-oriented Pod-oriented Flexibility Good Bad Simplicity Bad Good Transportation gRPC over UNIX socket gRPC over UNIX socket
Implementing your own containerd client ● Both containerd API and CRI API use gRPC ● In theory you could use any language for your own client ● But containerd API depends on “smart client” written in Go, especially for pulling images ● So, currently, Go is the best language for Native API ● Contribution is wanted for other languages
Implementing your own containerd client Example: https://containerd.io/docs/getting-started/
Implementing your own containerd client Example: https://containerd.io/docs/getting-started/
Implementing your own containerd client Example: https://containerd.io/docs/getting-started/ You will add WithXXX options here: - oci.WithProcessArgs - oci.WithMounts - oci.WithMemoryLimit - seccomp.WithProfile - ...
Implementing your own containerd client In addition to the client, you will also want to implement OCI hooks and logger binary ● OCI Hooks: custom commands called on creation and deletion of containers ○ e.g., for setting up and tearing down CNI bridge and portmap ○ Optional, but necessary if you want your containers to be restarted automatically on host reboot ○ Example: https://github.com/containerd/nerdctl/blob/v0.7.2/run.go#L629-L663 ● Logger Binary: custom command for handling container logs ○ e.g., store as a local file, transfer to fluentd, … ○ Example: https://github.com/containerd/nerdctl/blob/v0.7.2/run.go#L618-L627
Implementing your own containerd client Full example: nerdctl https://github.com/containerd/nerdctl Spun out from `ctr` tool with more practical features: - Automatic restarting - Port forwarding - Logging - Rootless - Stargz - OCIcrypt - … You may copy the code as the “starter pack” to create your own client :)
containerd 1.5 updates and future plan Akihiro Suda, NTT Corporation
containerd 1.5 updates (April) ● Support zstd as an image compression algorithm ○ Faster than gzip ○ https://facebook.github.io/zstd/ ● Support NRI: Node Resource Interface ○ Akin to CNI, but for managing resources, e.g., cgroup ○ https://github.com/containerd/nri ● Enable OCIcrypt decryption by default ○ Supported since 1.3, but it was not enabled by default ○ https://github.com/containers/ocicrypt https://github.com/containerd/imgcrypt ● nerdctl (contaiNERD ctl) joined containerd, as a non-core subproject ○ Docker-compatible CLI but with stargz and ocicrypt ○ https://github.com/containerd/nerdctl
containerd 1.5 updates (April) ● The CRI plugin repo (github.com/containerd/cri) is now merged into the main repo (github.com/containerd/containerd) ○ No visible change to users, but significantly simplifies contribution process ● Client library is now available as a Go module
Future plan ● Filesystem quota (#759) ● CRI support for user namespaces (KEP #2101) ○ Run Kubernetes pods as a user that is different from the daemon user ○ Akin to “Rootless Containers”, but different (and does not conflict, either) ● Chown-less user namespaces (#4734) ○ Requires idmapped mounts, introduced in kernel 5.12 ● Pause-less pod sandboxes (#4131) ● More documentation (help wanted! 🙏)
Third party plugin updates ● Nydus Snapshotter https://github.com/dragonflyoss/image-service ○ Similar to Stargz Snapshotter but with a different image format ● OverlayBD Snapshotter https://github.com/alibaba/accelerated-container-image ○ Boot containers from iSCSI ● runu https://github.com/ukontainer/runu ○ Linux containers on macOS, using LKL (Linux Kernel Library) ● runj https://github.com/samuelkarp/runj ○ FreeBSD containers
Recap ● The de facto standard runtime for Kubernetes, but not only for Kubernetes ● Extensible with plugins ○ Runtime plugins, e.g., gVisor, Kata ○ Snapshotter plugins, e.g., Stargz Snapshotter ○ Stream processor plugins, e.g., OCIcrypt ○ Logging binary plugins, e.g., json-file ○ ... ● New subproject: nerdctl (https://github.com/containerd/nerdctl) ○ Like `docker` but with full features of containerd ○ Like `ctr` but with full user experience of `docker` ○ nerdctl run -d -p 80:80 --restart=always nginx
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd

Recommandé

Introduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdIntroduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdKohei Tokunaga
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes ArchitectureKnoldus Inc.
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewBob Killen
 
Kubernetes a comprehensive overview
Kubernetes a comprehensive overviewKubernetes a comprehensive overview
Kubernetes a comprehensive overviewGabriel Carro
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Megan O'Keefe
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 

Recommandé

Introduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdIntroduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdKohei Tokunaga
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes ArchitectureKnoldus Inc.
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewBob Killen
 
Kubernetes a comprehensive overview
Kubernetes a comprehensive overviewKubernetes a comprehensive overview
Kubernetes a comprehensive overviewGabriel Carro
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Megan O'Keefe
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 
Kubernetes 101 for Beginners
Kubernetes 101 for BeginnersKubernetes 101 for Beginners
Kubernetes 101 for BeginnersOktay Esgul
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionMartin Danielsson
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networkingSim Janghoon
 
Containerd internals: building a core container runtime
Containerd internals: building a core container runtimeContainerd internals: building a core container runtime
Containerd internals: building a core container runtimeDocker, Inc.
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能Kohei Tokunaga
 
[넥슨] kubernetes 소개 (2018)
[넥슨] kubernetes 소개 (2018)[넥슨] kubernetes 소개 (2018)
[넥슨] kubernetes 소개 (2018)용호 최
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
 
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and FanoutOpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and FanoutSaju Madhavan
 
Azure kubernetes service (aks)
Azure kubernetes service (aks)Azure kubernetes service (aks)
Azure kubernetes service (aks)Akash Agrawal
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetesrajdeep
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterThe overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterKohei Tokunaga
 
Performance Monitoring: Understanding Your Scylla Cluster
Performance Monitoring: Understanding Your Scylla ClusterPerformance Monitoring: Understanding Your Scylla Cluster
Performance Monitoring: Understanding Your Scylla ClusterScyllaDB
 
Kubernetes
KubernetesKubernetes
Kuberneteserialc_w
 
忙しい人の5分で分かるDocker 2017年春Ver
忙しい人の5分で分かるDocker 2017年春Ver忙しい人の5分で分かるDocker 2017年春Ver
忙しい人の5分で分かるDocker 2017年春VerMasahito Zembutsu
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architectureIgor Sfiligoi
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線Motonori Shindo
 
Docker & kubernetes
Docker & kubernetesDocker & kubernetes
Docker & kubernetesNexThoughts Technologies
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRIDocker, Inc.
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013dotCloud
 

Contenu connexe

Tendances

Kubernetes 101 for Beginners
Kubernetes 101 for BeginnersKubernetes 101 for Beginners
Kubernetes 101 for BeginnersOktay Esgul
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networkingSim Janghoon
 
Containerd internals: building a core container runtime
Containerd internals: building a core container runtimeContainerd internals: building a core container runtime
Containerd internals: building a core container runtimeDocker, Inc.
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能Kohei Tokunaga
 
[넥슨] kubernetes 소개 (2018)
[넥슨] kubernetes 소개 (2018)[넥슨] kubernetes 소개 (2018)
[넥슨] kubernetes 소개 (2018)용호 최
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
 
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and FanoutOpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and FanoutSaju Madhavan
 
Azure kubernetes service (aks)
Azure kubernetes service (aks)Azure kubernetes service (aks)
Azure kubernetes service (aks)Akash Agrawal
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetesrajdeep
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterThe overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterKohei Tokunaga
 
Performance Monitoring: Understanding Your Scylla Cluster
Performance Monitoring: Understanding Your Scylla ClusterPerformance Monitoring: Understanding Your Scylla Cluster
Performance Monitoring: Understanding Your Scylla ClusterScyllaDB
 
Kubernetes
KubernetesKubernetes
Kuberneteserialc_w
 
忙しい人の5分で分かるDocker 2017年春Ver
忙しい人の5分で分かるDocker 2017年春Ver忙しい人の5分で分かるDocker 2017年春Ver
忙しい人の5分で分かるDocker 2017年春VerMasahito Zembutsu
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architectureIgor Sfiligoi
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線Motonori Shindo
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 

Tendances (20)

Kubernetes 101 for Beginners
Kubernetes 101 for BeginnersKubernetes 101 for Beginners
Kubernetes 101 for Beginners
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networking
 
Containerd internals: building a core container runtime
Containerd internals: building a core container runtimeContainerd internals: building a core container runtime
Containerd internals: building a core container runtime
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能
 
[넥슨] kubernetes 소개 (2018)
[넥슨] kubernetes 소개 (2018)[넥슨] kubernetes 소개 (2018)
[넥슨] kubernetes 소개 (2018)
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
 
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and FanoutOpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
 
Azure kubernetes service (aks)
Azure kubernetes service (aks)Azure kubernetes service (aks)
Azure kubernetes service (aks)
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterThe overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
 
Performance Monitoring: Understanding Your Scylla Cluster
Performance Monitoring: Understanding Your Scylla ClusterPerformance Monitoring: Understanding Your Scylla Cluster
Performance Monitoring: Understanding Your Scylla Cluster
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
忙しい人の5分で分かるDocker 2017年春Ver
忙しい人の5分で分かるDocker 2017年春Ver忙しい人の5分で分かるDocker 2017年春Ver
忙しい人の5分で分かるDocker 2017年春Ver
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architecture
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線
 
Docker & kubernetes
Docker & kubernetesDocker & kubernetes
Docker & kubernetes
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
 

Similaire à [KubeCon EU 2021] Introduction and Deep Dive Into Containerd

containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRIDocker, Inc.
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013dotCloud
 
LXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryLXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryDocker, Inc.
 
Looking Under The Hood: containerD
Looking Under The Hood: containerDLooking Under The Hood: containerD
Looking Under The Hood: containerDDocker, Inc.
 
Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...All Things Open
 
[KubeConNA2023] containerd pavilion
[KubeConNA2023] containerd pavilion[KubeConNA2023] containerd pavilion
[KubeConNA2023] containerd pavilionAkihiro Suda
 
20240320 [KubeCon EU Pavilion] containerd.pdf
20240320 [KubeCon EU Pavilion] containerd.pdf20240320 [KubeCon EU Pavilion] containerd.pdf
20240320 [KubeCon EU Pavilion] containerd.pdfAkihiro Suda
 
Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Jérôme Petazzoni
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep DiveAkihiro Suda
 
[KubeConEU2023] containerd pavilion
[KubeConEU2023] containerd pavilion[KubeConEU2023] containerd pavilion
[KubeConEU2023] containerd pavilionAkihiro Suda
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetesDongwon Kim
 
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013dotCloud
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...NETWAYS
 
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka Mario Ishara Fernando
 
Docker - Portable Deployment
Docker - Portable DeploymentDocker - Portable Deployment
Docker - Portable Deploymentjavaonfly
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesPhil Estes
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Jérôme Petazzoni
 

Similaire à [KubeCon EU 2021] Introduction and Deep Dive Into Containerd (20)

containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRI
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
 
LXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryLXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software Delivery
 
Looking Under The Hood: containerD
Looking Under The Hood: containerDLooking Under The Hood: containerD
Looking Under The Hood: containerD
 
Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...
 
[KubeConNA2023] containerd pavilion
[KubeConNA2023] containerd pavilion[KubeConNA2023] containerd pavilion
[KubeConNA2023] containerd pavilion
 
20240320 [KubeCon EU Pavilion] containerd.pdf
20240320 [KubeCon EU Pavilion] containerd.pdf20240320 [KubeCon EU Pavilion] containerd.pdf
20240320 [KubeCon EU Pavilion] containerd.pdf
 
Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive
 
[KubeConEU2023] containerd pavilion
[KubeConEU2023] containerd pavilion[KubeConEU2023] containerd pavilion
[KubeConEU2023] containerd pavilion
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
Containers 101
Containers 101Containers 101
Containers 101
 
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
 
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
 
Docker - Portable Deployment
Docker - Portable DeploymentDocker - Portable Deployment
Docker - Portable Deployment
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for Kubernetes
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!
 
Docker.pptx
Docker.pptxDocker.pptx
Docker.pptx
 
Docker.ppt
Docker.pptDocker.ppt
Docker.ppt
 

Plus de Akihiro Suda

20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
20240321 [KubeCon EU Pavilion] Lima.pdf_
20240321 [KubeCon EU Pavilion] Lima.pdf_20240321 [KubeCon EU Pavilion] Lima.pdf_
20240321 [KubeCon EU Pavilion] Lima.pdf_Akihiro Suda
 
20240201 [HPC Containers] Rootless Containers.pdf
20240201 [HPC Containers] Rootless Containers.pdf20240201 [HPC Containers] Rootless Containers.pdf
20240201 [HPC Containers] Rootless Containers.pdfAkihiro Suda
 
[Podman Special Event] Kubernetes in Rootless Podman
[Podman Special Event] Kubernetes in Rootless Podman[Podman Special Event] Kubernetes in Rootless Podman
[Podman Special Event] Kubernetes in Rootless PodmanAkihiro Suda
 
[KubeConNA2023] Lima pavilion
[KubeConNA2023] Lima pavilion[KubeConNA2023] Lima pavilion
[KubeConNA2023] Lima pavilionAkihiro Suda
 
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdfAkihiro Suda
 
[CNCF TAG-Runtime] Usernetes Gen2
[CNCF TAG-Runtime] Usernetes Gen2[CNCF TAG-Runtime] Usernetes Gen2
[CNCF TAG-Runtime] Usernetes Gen2Akihiro Suda
 
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...Akihiro Suda
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesAkihiro Suda
 
[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilion[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilionAkihiro Suda
 
[Container Plumbing Days 2023] Why was nerdctl made?
[Container Plumbing Days 2023] Why was nerdctl made?[Container Plumbing Days 2023] Why was nerdctl made?
[Container Plumbing Days 2023] Why was nerdctl made?Akihiro Suda
 
[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile
[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile
[FOSDEM2023] Bit-for-bit reproducible builds with DockerfileAkihiro Suda
 
[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] LimaAkihiro Suda
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOSAkihiro Suda
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Akihiro Suda
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...Akihiro Suda
 
[Docker Tokyo #35] Docker 20.10
[Docker Tokyo #35] Docker 20.10[Docker Tokyo #35] Docker 20.10
[Docker Tokyo #35] Docker 20.10Akihiro Suda
 
DockerとPodmanの比較
DockerとPodmanの比較DockerとPodmanの比較
DockerとPodmanの比較Akihiro Suda
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
 
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless ModeAkihiro Suda
 

Plus de Akihiro Suda (20)

20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
20240321 [KubeCon EU Pavilion] Lima.pdf_
20240321 [KubeCon EU Pavilion] Lima.pdf_20240321 [KubeCon EU Pavilion] Lima.pdf_
20240321 [KubeCon EU Pavilion] Lima.pdf_
 
20240201 [HPC Containers] Rootless Containers.pdf
20240201 [HPC Containers] Rootless Containers.pdf20240201 [HPC Containers] Rootless Containers.pdf
20240201 [HPC Containers] Rootless Containers.pdf
 
[Podman Special Event] Kubernetes in Rootless Podman
[Podman Special Event] Kubernetes in Rootless Podman[Podman Special Event] Kubernetes in Rootless Podman
[Podman Special Event] Kubernetes in Rootless Podman
 
[KubeConNA2023] Lima pavilion
[KubeConNA2023] Lima pavilion[KubeConNA2023] Lima pavilion
[KubeConNA2023] Lima pavilion
 
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
 
[CNCF TAG-Runtime] Usernetes Gen2
[CNCF TAG-Runtime] Usernetes Gen2[CNCF TAG-Runtime] Usernetes Gen2
[CNCF TAG-Runtime] Usernetes Gen2
 
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
 
[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilion[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilion
 
[Container Plumbing Days 2023] Why was nerdctl made?
[Container Plumbing Days 2023] Why was nerdctl made?[Container Plumbing Days 2023] Why was nerdctl made?
[Container Plumbing Days 2023] Why was nerdctl made?
 
[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile
[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile
[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile
 
[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
 
[Docker Tokyo #35] Docker 20.10
[Docker Tokyo #35] Docker 20.10[Docker Tokyo #35] Docker 20.10
[Docker Tokyo #35] Docker 20.10
 
DockerとPodmanの比較
DockerとPodmanの比較DockerとPodmanの比較
DockerとPodmanの比較
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020
 
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
 

Dernier

How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyAnusha Are
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxalwaysnagaraju26
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Nitya salvi
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 

Dernier (20)

How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 

[KubeCon EU 2021] Introduction and Deep Dive Into Containerd

  • 1. Kohei Tokunaga & Akihiro Suda, NTT Corporation Introduction and Deep Dive Into Containerd
  • 2. Introduction to containerd Kohei Tokunaga, NTT Corporation
  • 3. Overview ● CNCF graduated container runtime project ● Resource manager • Container process • Image artifacts • Filesystem snapshots • Metadata and dependencies management ● Tightly scoped (100% approval is required to stretch) but highly extensible ● Used by Kubernetes, Docker and various container-based projects https://github.com/containerd/containerd
  • 4. Usage in community ● Managed: GKE, AWS Fargate, AKS, IKS ● Development: Docker/moby, BuildKit ● K8s distribution: k3s, kind、minikube, kubespray, microk8s, k0s ● FaaS: faasd Adoption https://sysdig.com/blog/sysdig-2021-contai ner-security-usage-report/ ● Docker’s use of containerd + pure use of containerd is 83% of container usage (Sysdig 2021 container security and usage report) ● Used by several managed services as well as open source projects in community
  • 5. How containerd is used? Low-level runtime kubelet CRI Low-level runtime containerd API dockerd Low-level runtime containerd API Arbitrary tools As a CRI runtime As a component of Docker As a general container management tool
  • 6. Containerd as a CRI runtime Container Registry kubectl apply Detects Pod events Manages Pods using CRI runtime • Manages Pods, containers and images • Pulls image from the registry • Executes low-level runtimes Creates and manipulates isolated execution environments as containers e.g. runc, gVisor, Kata Containers Node Low-level runtime apiserver kubelet CRI pull The de facto standard CRI runtime for Kubernetes ● Managed Kubernetes: IKS, GKE, AKS, AWS Fargate, … ● Kubernetes distributions: K3s, kind, minikube, kubespray, microk8s, k0s, ...
  • 7. Containerd as a component of Docker Container Registry docker run Manages containers, images, networking and volumes, etc. Low-level runtime • Manages containers • Executes low-level runtimes containerd API dockerd Node pull/push Docker API Creates and manipulates isolated execution environments as containers e.g. runc, gVisor, Kata Containers
  • 8. Containerd as a general container management tool ● Several applications are developed based on containerd ● Containerd provides a Go client library (discussed later) ● Applications can extend containerd with plugins, without recompilation (discussed later) Applications managing containers Low-level runtime Provides container management functionality to upper tools containerd API BuildKit faasd Pouch Container nerdctl Creates and manipulates isolated execution environments as containers e.g. runc, gVisor, Kata Containers
  • 10. Containerd Architecture OS plugins container image tasks namespace leases version introspection events diff Server runtimes Client containerd API Kubelet CRI ● Client-server architecture • Go client library (used by Docker, BuildKit, etc.) ● Client calls server via containerd API • Through /run/containerd/containerd.sock ● Various low-level runtimes are supported • OCI runtimes (runc, gVisor, Kata Container, etc) • Firecracker (firecracker-containerd) ● Extensibility • Low-level plugins • Extending containerd API with custom services • Client library is easy to customize
  • 11. Containerd Client ● “Smart” Client (Go library) • Containerd API bindings • Registry client • Pulling/Pushing images • Image unpacker • Creating OCI config for OCI runtimes ● Go application can integrate with containerd using client library OS container image tasks namespace leases version introspection events diff container image Etc… namespace leases content snapshots events tasks Registry client Image unpacker events OCI config constructor Server plugins runtimes API bindings Utilities Utilities
  • 12. Containerd Client Implementations OS container image tasks namespace leases version introspection events diff Server plugins runtimes ctr, nerdctl, Docker, etc containerd API Client lib ● ctr: https://github.com/containerd/containerd • CLI client for containerd • Mainly for debugging or trying new features ● nerdctl: https://github.com/containerd/nerdctl • Docker-compatible CLI for containerd • Easy to use for Docker users • Supports containerd’s cutting-edge features (e.g. lazy pulling, image encryption) ● containerd-based tools • Arbitrary tools can integrate to containerd using client library • e.g. Docker, BuildKit, faasd
  • 13. Containerd Core & API container image etc… namespace leases content snapshots CRI tasks Metadata store OS Container management Image management Container execution Shared DB among services shim OCI CRI ● Micro services • Containerd API is the set of APIs of services • Services are loosely connected ● Shared metadata DB • bbolt-based • https://github.com/etcd-io/bbolt • Stores metadata of containers, images, contents, snapshots, etc. • Manages reference graph for GC
  • 14. CRI Service NRI Plugin Image Service Container Service Image service Runtime service Task Service CNI Plugin Containerd client ・・・ CNI client NRI client ● CRI service implements CRI of Kubernetes ● Implemented as a builtin service • Initially repo and binary were separated from containerd • Merged to containerd/containerd since 1.5 ● Depends on other services for container & image management • Communicates via function call ● Uses external CNI/NRI plugins for networking and resource management plugins kubelet CRI service Pod namespace container container Registry pull
  • 15. Low-level Services OS container image etc… namespace leases content snapshots CRI tasks C o n t e n t s t o r e S n a p s h o t t e r R u n t i m e ● Content Store • Stores image manifest and layers “as-is” • content addressable (keyed by digest) ● Snapshotter • Manages ”snapshots” • Extracted and stacked view of rootfs layers • Passed to OCI runtimes as rootfs • Snapshotter impl. per backing filesystem • Overlayfs, btrfs, aufs, FUSE, … ● Runtime • Executes low-level runtimes via “shim” • Shim is a wrapper daemon of OCI runtime • Well-suit to stateful runtimes (e.g. Kata Containers)
  • 16. Image content flow unpacker Content Store Diff Service Snapshotter Unpack layers extracted snapshots Task & Runtime Store layer blobs “as-is” Decompression Decryption etc… Mount snapshots as rootfs rootfs of a container remote container & task service API bindings ・・・ Registry pull containerd client utilities
  • 18. Extending containerd with plugins and services OS container image etc… namespace leases content snapshots CRI tasks shim OCI plugins plugins s h i m ● containerd is tightly scoped but highly extensible ● Custom low-level service; no need to recompile • external binary plugins • Plugin via unix socket (proxy snapshotter, proxy content store) • Plugin as an executable binary (stream processor, shim) • Go plugin ● API is extendable by implementing your own custom service • e.g. ”control API” of firecracker-containerd
  • 19. Extension example 1: Lazy pulling ● Remote snapshotter plugin • allows “lazy pulling” of images from arbitrary remote store (not limited to the registry) • container can startup without waiting for the entire image contents being locally available ● Snapshotter can run as an external daemon (proxy snapshotter) • No re-compilation is required • Containerd talks with the snapshotter via unix socket ● Stargz Snapshotter enables lazy pulling of OCI-compatible eStargz/Stargz images from standard registry • https://github.com/containerd/stargz-snapshotter Arbitrary remote store proce ss container Remote Snapshotter Node Provides rootfs snapshots as mount points Remote Snapshotters in community - Stargz Snapshotter - CVMFS-snapshotter - Nydus-snapshotter - OverlayBD-snapshotter
  • 20. Extension example 2: Generic image layers ● Containerd can handle arbitrary image layers, not limited to OCI standards • gzip, zstd, encrypted layers… ● Stream Processor plugin converts arbitrary media type to another (e.g. OCI standard types) ● Separated binary can plug into containerd, without re-compilation Stream Processor in community - imgcrypt for encrypted images e.g. layer decription Image layers Rootfs snapshots ・・・ Builtin decompressor Plugin binary Diff Service
  • 21. Extension example 3: Integrating low-level runtimes ● V2 Shim per low-level runtime ● Both of OCI (e.g. runc) and Non-OCI (e.g. Firecracker) runtime can integrate to containerd ● Binary naming convention: io.containerd.runc.v2 -> containerd-shim-runc-v2 ● Pluggable logging destination • fifo(Linux), npipe(Windows), external binary(Linux, Windows), file(Linux, Windows) runc Kata Containers gVisor Firecracker io.containerd.runc.v2 io.containerd.kata.v2 io.containerd.runsc.v1 io.containerd.aws-firecracker Low-level Runtimes in community V2 shims in community Runtime service
  • 22. Implementing your own containerd client Akihiro Suda, NTT Corporation
  • 23. Two APIs are available containerd API is recommended for most use cases, but CRI API might be easier to get started Implementing your own containerd client containerd API CRI API Consumers Docker/Moby, BuildKit, faasd, nerdctl... Kubernetes Paradigm Container-oriented Pod-oriented Flexibility Good Bad Simplicity Bad Good Transportation gRPC over UNIX socket gRPC over UNIX socket
  • 24. Implementing your own containerd client ● Both containerd API and CRI API use gRPC ● In theory you could use any language for your own client ● But containerd API depends on “smart client” written in Go, especially for pulling images ● So, currently, Go is the best language for Native API ● Contribution is wanted for other languages
  • 25. Implementing your own containerd client Example: https://containerd.io/docs/getting-started/
  • 26. Implementing your own containerd client Example: https://containerd.io/docs/getting-started/
  • 27. Implementing your own containerd client Example: https://containerd.io/docs/getting-started/ You will add WithXXX options here: - oci.WithProcessArgs - oci.WithMounts - oci.WithMemoryLimit - seccomp.WithProfile - ...
  • 28. Implementing your own containerd client In addition to the client, you will also want to implement OCI hooks and logger binary ● OCI Hooks: custom commands called on creation and deletion of containers ○ e.g., for setting up and tearing down CNI bridge and portmap ○ Optional, but necessary if you want your containers to be restarted automatically on host reboot ○ Example: https://github.com/containerd/nerdctl/blob/v0.7.2/run.go#L629-L663 ● Logger Binary: custom command for handling container logs ○ e.g., store as a local file, transfer to fluentd, … ○ Example: https://github.com/containerd/nerdctl/blob/v0.7.2/run.go#L618-L627
  • 29. Implementing your own containerd client Full example: nerdctl https://github.com/containerd/nerdctl Spun out from `ctr` tool with more practical features: - Automatic restarting - Port forwarding - Logging - Rootless - Stargz - OCIcrypt - … You may copy the code as the “starter pack” to create your own client :)
  • 30. containerd 1.5 updates and future plan Akihiro Suda, NTT Corporation
  • 31. containerd 1.5 updates (April) ● Support zstd as an image compression algorithm ○ Faster than gzip ○ https://facebook.github.io/zstd/ ● Support NRI: Node Resource Interface ○ Akin to CNI, but for managing resources, e.g., cgroup ○ https://github.com/containerd/nri ● Enable OCIcrypt decryption by default ○ Supported since 1.3, but it was not enabled by default ○ https://github.com/containers/ocicrypt https://github.com/containerd/imgcrypt ● nerdctl (contaiNERD ctl) joined containerd, as a non-core subproject ○ Docker-compatible CLI but with stargz and ocicrypt ○ https://github.com/containerd/nerdctl
  • 32. containerd 1.5 updates (April) ● The CRI plugin repo (github.com/containerd/cri) is now merged into the main repo (github.com/containerd/containerd) ○ No visible change to users, but significantly simplifies contribution process ● Client library is now available as a Go module
  • 33. Future plan ● Filesystem quota (#759) ● CRI support for user namespaces (KEP #2101) ○ Run Kubernetes pods as a user that is different from the daemon user ○ Akin to “Rootless Containers”, but different (and does not conflict, either) ● Chown-less user namespaces (#4734) ○ Requires idmapped mounts, introduced in kernel 5.12 ● Pause-less pod sandboxes (#4131) ● More documentation (help wanted! 🙏)
  • 34. Third party plugin updates ● Nydus Snapshotter https://github.com/dragonflyoss/image-service ○ Similar to Stargz Snapshotter but with a different image format ● OverlayBD Snapshotter https://github.com/alibaba/accelerated-container-image ○ Boot containers from iSCSI ● runu https://github.com/ukontainer/runu ○ Linux containers on macOS, using LKL (Linux Kernel Library) ● runj https://github.com/samuelkarp/runj ○ FreeBSD containers
  • 35. Recap ● The de facto standard runtime for Kubernetes, but not only for Kubernetes ● Extensible with plugins ○ Runtime plugins, e.g., gVisor, Kata ○ Snapshotter plugins, e.g., Stargz Snapshotter ○ Stream processor plugins, e.g., OCIcrypt ○ Logging binary plugins, e.g., json-file ○ ... ● New subproject: nerdctl (https://github.com/containerd/nerdctl) ○ Like `docker` but with full features of containerd ○ Like `ctr` but with full user experience of `docker` ○ nerdctl run -d -p 80:80 --restart=always nginx