SlideShare une entreprise Scribd logo

Build and Run Containers With Lazy Pulling - Adoption status of containerd Stargz Snapshotter and eStargz

Kohei Tokunaga
Kohei Tokunaga

Talked about lazy pulling of container images with eStargz and Stargz Snapshotter at FOSDEM 2021. Details: https://fosdem.org/2021/schedule/event/containers_lazy_pull/ Stargz Snapshotter: https://github.com/containerd/stargz-snapshotter

Logiciels
1  sur  22
Télécharger pour lire hors ligne
Copyright(c)2021 NTT Corp. All Rights Reserved Build and Run Containers With Lazy Pulling Adop9on status of containerd Stargz Snapsho=er and eStargz Kohei Tokunaga, NTT Corpora9on FOSDEM 2021 (February 7)
Copyright(c)2021 NTT Corp. All Rights Reserved TL;DR l Pull is one of the time-consuming steps in the container lifecycle l Stargz Snapshotter, non-core subproject in containerd, is trying to solve it by lazy pulling • eStargz image based on Google stargz • Starndard compatibility, optimization and content verification l Collaboration in community • eStargz is usable with: containerd, Kubernetes, BuildKit, Kaniko, go-containerregistry, ko, nerdctl l On-going in 2021: Standardizing eStargz in OCI and improvements for stabilizing Stargz Snapshotter 0 5 10 15 20 25 30 35 40 45 estargz estargz-noopt legacy Start up Rme of python:3.7 (print “hello”) pull create run Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04) Registry: GitHub Container Registry (ghcr.io) Commit 7f45f74 (See detailed info in the later slides) [sec]
Copyright(c)2021 NTT Corp. All Rights Reserved Pull and OCI/Docker image
Copyright(c)2021 NTT Corp. All Rights Reserved Pull is 'me-consuming pulling packages accounts for 76% of container start Cme, but only 6.4% of that data is read [Harter et al. 2016] [Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast Distribution with Lazy Docker Containers". 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA Caching images Minimizing image size Cold start is s'll slow Not all images are minimizable Language runCmes, frameworks, etc. Workarounds are known but not enough Node Registry Image Container pull run
Copyright(c)2021 NTT Corp. All Rights Reserved Problem on the current OCI/Docker image sha256:deadbeaf… sha256:1a3b5c… sha256:ffe63c… sha256:6ccde1… GET /v2/<image-name>/blobs/ bin/bash bin/ls etc/passwd etc/group usr/bin/apt layer = tarball (+compression) A container is a set of tarball layers A container can’t be started unNl the all layers become locally available l Need to scan the enNre blob even for extracNng single file entry • If the blob is gzip-compressed, it’s non-seekable anymore l No parallel extracNon • Need to scan the blob from the top, sequenNally
Copyright(c)2021 NTT Corp. All Rights Reserved eStargz and Stargz Snapsho/er
Copyright(c)2021 NTT Corp. All Rights Reserved l A plugin for containerd, developed in the non-core subproject l Allows containerd to lazily pull eStargz image from standard registry l eStargz comes with workload-based op7miza7on and content verifica7on Stargz Snapsho<er Standard-compatible lazy pulling with containerd Stargz Snapsho<er Kubelet, etc OCI runJmes Container Registry lazypull doesn’t download the en7re image on pull opera7on but fetches necessary chunks of contents on-demand https://github.com/containerd/stargz-snapshotter eStargz images
Copyright(c)2021 NTT Corp. All Rights Reserved The structure of eStargz l Seekable tar.gz and compaBble to RFC 1952 (gzip) = usable as a valid OCI/Docker image layer l Based on the stargz by Google CRFS (hIps://github.com/google/crfs) l eStargz comes with performance opBmizaBon and content verificaBon l Priori>zed files enables to prefetch and precache likely accessed files ⚠ eStargz is incompaBble to stargz: “footer” is changed to make eStargz compaBble to RFC 1952 eStargz bin/ls usr/bin/apt entrypoint.sh bin/bash Priori>zed files Prefetched by a single Range Request TOC(Table Of Contents) and footer l TOC contains files metadata, offset, etc… l footer contains offset of TOC ⚠ footer is incompaBble to stargz Files fetched on demand Can also be aggressively downloadeed in background gzip member per regular file/chunk It can be extracted per-file using HTTP Range Request stargz bin/ls usr/bin/apt entrypoint.sh bin/bash For more details: hIps://github.com/containerd/stargz-snapshoIer/blob/master/docs/stargz-estargz.md
Copyright(c)2021 NTT Corp. All Rights Reserved Workload-based Op/miza/on of eStargz proc container Input image Output image Convert & Op/mize Profile file access l Downloading each file/chunk on-demand costs extra overhead on each file access. l Leveraging eStargz, CLI converter command ctr-remote provides workload-based op/miza/on • Workload: entrypoint, envvar, etc… specified in Dockerfile (e.g. ENTRYPOINT) l ctr-remote analyzes which files are likely accessed during runRme • Runs provided image and profiles all file accesses • Regards accessed files are also likely accessed during runRme (= priori/zed files) • Stargz SnapshoTer will prefetch these files when mounts this image eStargz For more details: https://github.com/containerd/stargz-snapshotter/blob/master/docs/ctr-remote.md
Copyright(c)2021 NTT Corp. All Rights Reserved Content Verifica-on in eStargz chunkDigest chunkDigest chunkDigest containerd.io/snapshot/stargz/toc.digest file/chunk data file/chunk data file/chunk data Verified on resolve Verified on mount Verified on each fetch references by digest references by digest Manifest TOC (metadata of all files) l Chunks are lazily pulled from registry on-demand • so they cannot verified when mounJng the layer l Chunks are “lazily” verified • TOC (metadata file) records digests per chunk • Each chunk can be verified when it’s fetched to the node • TOC itself is verified when mounJng that layer using the digest wriOen in the manifest For more details: hOps://github.com/containerd/stargz-snapshoOer/blob/master/docs/verificaJon.md (the above figure is from this doc)
Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup l Measures the container startup ?me which includes: • Pulling an image from GitHub Container Registry • For language container, running “print hello world” program in the container • For server container, wai?ng for the readiness (un?l “up and running” message is printed) • This method is based on Hello Bench [Harter, et al. 2016] l Takes 95 percen?le of 100 opera?ons l Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04) l Registry: GitHub Container Registry (ghcr.io) l Target commit: 7f45f7438617728dd06bc9853a[5e42c1d3d5a3 [Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast Distribu?on with Lazy Docker Containers". 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA
Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup 0 5 10 15 20 25 30 35 40 45 estargz estargz-noopt legacy python:3.7 (print “hello”) pull create run [sec] Waits for prefetch compleLon
Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup 0 10 20 30 40 50 60 estargz estargz-noopt legacy glassfish:4.1-jdk8 (runs unIl “Running GlassFish” is printed) pull create run [sec] Waits for prefetch compleIon
Copyright(c)2021 NTT Corp. All Rights Reserved Collabora'on in community
Copyright(c)2021 NTT Corp. All Rights Reserved eStargz on Kubernetes Nodes Stargz Snapsho3er External process gRPC API kubelet Lazy pull Container Registry eStargz Stargz Snapsho3er Stargz Snapsho3er l Lazy pulling can be enabled on Kubernetes using Stargz SnapshoCer, without patches • containerd is required as a CRI runHme l Stargz SnapshoCer needs to run on each node and containerd needs to be configured to recognize it l Real-world use-case at CERN for speeding up analysis pipeline [1] (13x faster pull for 5GB image) [1] Ricardo Rocha & Spyridon Trigazis, CERN. “Speeding Up Analysis Pipelines with Remote Container Images”. KubeCon+CloudNativeCon 2020 NA. https://sched.co/ekDj
Copyright(c)2021 NTT Corp. All Rights Reserved eStargz on containerd proc container Node Stargz Snapsho2er Lazy pull Container Registry eStargz Fetching files/chunks on demand Mounting rootfs as FUSE l Stargz Snapsho?er enables lazy pulling of eStargz on containerd • Implemented as a “remote snapsho?er” plugin l Mounts rooHs snapshots as FUSE and downloads accessed file contents on-demand l nerdctl (Docker-compaQble CLI for containerd; h?ps://github.com/AkihiroSuda/nerdctl) supports lazy pulling of eStargz on containerd Implemented as a “remote snapsho?er”
Copyright(c)2021 NTT Corp. All Rights Reserved FROM ghcr.io/stargz-containers/golang:1.15.3-esgz as dev COPY ./hello.go /hello.go RUN go build -o hello /hello.go COPY and RUN without wai2ng for the pull comple2on Container Registry eStargz on BuildKit golang:1.15.3-esgz • /usr/local/go/bin/go • /usr/local/go/src/fmt/… etc... Fetch files/chunks on demand Build on node Lazy pull eStargz l BuildKit > v0.8.0 experimentally supports lazy pulling of eStargz base images during build • FROM instrucMon is skipped and chunks are lazily pulled on-demand during COPY/RUN/etc. l Can shorten the Mme of build e.g. on temporary (and fresh) CI instances with big base images. l More details at blog: hVps://medium.com/nVlabs/buildkit-lazypull-66c37690963f • speeding up building ”hello world” image from tens of seconds to a few seconds at the best
Copyright(c)2021 NTT Corp. All Rights Reserved Tools start to support eStargz crea0on (1/2) ctr-remote l Image converter developed in Stargz Snapshotter project l Converts image to eStargz l Comes with workload-based optimization hFps://github.com/containerd/stargz-snapshoFer/tree/master/cmd/ctr-remote nerdctl l Docker-compaKble CLI for containerd by Akihiro Suda, NTT l Converts image to eStargz l Comes with manual opKmizaKon (i.e. manually specifying prioriKzed files) hFps://github.com/AkihiroSuda/nerdctl kaniko l Container image builder by Google l Builds eStargz image (no opKmizaKon) l Base images need to be pre-converted to eStargz l GGCR_EXPERIMENT_ESTARGZ=1 is needed hFps://github.com/GoogleContainerTools/kaniko
Copyright(c)2021 NTT Corp. All Rights Reserved Tools start to support eStargz crea0on (2/2) go-containerregistry and crane CLI l Container registry client library and CLI by Google l Converts image to eStargz l Comes with manual opFmizaFon (i.e. manually specifying prioriFzed files) l GGCR_EXPERIMENT_ESTARGZ=1 is needed hPps://github.com/google/go-containerregistry ko l Build & Deployment tool of Go applicaFon on Kubernetes, by Google l Builds eStargz image (no opFmizaFon) l Base images need to be pre-converted to eStargz l GGCR_EXPERIMENT_ESTARGZ=1 is needed https://github.com/google/ko
Copyright(c)2021 NTT Corp. All Rights Reserved eStargz in 2021
Copyright(c)2021 NTT Corp. All Rights Reserved Updates will come in 2021 Standardizing eStargz l eStargz is proposed to OCI Image Spec l Discussion is on-going l Backward-compaHble extensions • OpHonal extension to applicaHon/vnd.oci.image.layer.v1.tar+gz • OpHonal annotaHon for content verificaHon hOps://github.com/opencontainers/image-spec/issues/815 Features and improvements for stabilizing Stargz Snapsho=er l Higher availability of Stargz Snapshotter (mounting images from multiple backend registries) l Improvements on memory consumption of Stargz Snapshotter l Speeding up image conversion l Static optimization of images l etc…
Copyright(c)2021 NTT Corp. All Rights Reserved Summary Feedbacks and sugges1ons are always welcome! h;ps://github.com/containerd/stargz-snapsho;er l Pull is one of the Gme-consuming steps in the container lifecycle l Stargz Snapsho:er, non-core subproject in containerd, is trying to solve it by lazy pulling • eStargz image based on Google stargz • Starndard compaGbility, opGmizaGon and content verificaGon l Collabora1on in community • eStargz on various plaMorms: Kubernetes, containerd and BuildKit • go-containerregistry, ko, kaniko and nerdctl start to support eStargz creaGon l On-going in 2021: Standardizing eStargz in OCI and improvements for stabilizing Stargz Snapsho;er

Recommandé

Starting up Containers Super Fast With Lazy Pulling of Images
Starting up Containers Super Fast With Lazy Pulling of ImagesStarting up Containers Super Fast With Lazy Pulling of Images
Starting up Containers Super Fast With Lazy Pulling of ImagesKohei Tokunaga
 
Startup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image DistributionStartup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image DistributionKohei Tokunaga
 
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterThe overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterKohei Tokunaga
 
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するKohei Tokunaga
 
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy PullingFaster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy PullingKohei Tokunaga
 
eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動Kohei Tokunaga
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能Kohei Tokunaga
 
BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話Kohei Tokunaga
 

Recommandé

Starting up Containers Super Fast With Lazy Pulling of Images
Starting up Containers Super Fast With Lazy Pulling of ImagesStarting up Containers Super Fast With Lazy Pulling of Images
Starting up Containers Super Fast With Lazy Pulling of ImagesKohei Tokunaga
 
Startup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image DistributionStartup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image DistributionKohei Tokunaga
 
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterThe overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterKohei Tokunaga
 
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するKohei Tokunaga
 
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy PullingFaster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy PullingKohei Tokunaga
 
eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動Kohei Tokunaga
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能Kohei Tokunaga
 
BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話Kohei Tokunaga
 
Introduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdIntroduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdKohei Tokunaga
 
P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
 
DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるKohei Tokunaga
 
Java applications containerized and deployed
Java applications containerized and deployedJava applications containerized and deployed
Java applications containerized and deployedAnthony Dahanne
 
SCALE 2011 Deploying OpenStack with Chef
SCALE 2011 Deploying OpenStack with ChefSCALE 2011 Deploying OpenStack with Chef
SCALE 2011 Deploying OpenStack with ChefMatt Ray
 
App container rkt
App container rktApp container rkt
App container rktXiaofeng Guo
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container imagesAkihiro Suda
 
Daneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver Meetup
Daneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver MeetupDaneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver Meetup
Daneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver MeetupShannon McFarland
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...Akihiro Suda
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep DiveAkihiro Suda
 
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into ContainerdAkihiro Suda
 
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKitAkihiro Suda
 
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless ModeAkihiro Suda
 
Usernetes: Kubernetes as a non-root user
Usernetes: Kubernetes as a non-root userUsernetes: Kubernetes as a non-root user
Usernetes: Kubernetes as a non-root userAkihiro Suda
 
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動するKohei Tokunaga
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
 
ISC HPCW talks
ISC HPCW talksISC HPCW talks
ISC HPCW talksAkihiro Suda
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerNissan Dookeran
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesAkihiro Suda
 
【CNDO2021】Calicoのデプロイをミスって本番クラスタを壊しそうになった話
【CNDO2021】Calicoのデプロイをミスって本番クラスタを壊しそうになった話【CNDO2021】Calicoのデプロイをミスって本番クラスタを壊しそうになった話
【CNDO2021】Calicoのデプロイをミスって本番クラスタを壊しそうになった話katsuya kawabe
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned RightScale
 
Parallelizing CI using Docker Swarm-Mode
Parallelizing CI using Docker Swarm-ModeParallelizing CI using Docker Swarm-Mode
Parallelizing CI using Docker Swarm-ModeAkihiro Suda
 

Contenu connexe

Tendances

Introduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdIntroduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdKohei Tokunaga
 
P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
 
DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるKohei Tokunaga
 
Java applications containerized and deployed
Java applications containerized and deployedJava applications containerized and deployed
Java applications containerized and deployedAnthony Dahanne
 
SCALE 2011 Deploying OpenStack with Chef
SCALE 2011 Deploying OpenStack with ChefSCALE 2011 Deploying OpenStack with Chef
SCALE 2011 Deploying OpenStack with ChefMatt Ray
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container imagesAkihiro Suda
 
Daneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver Meetup
Daneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver MeetupDaneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver Meetup
Daneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver MeetupShannon McFarland
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...Akihiro Suda
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep DiveAkihiro Suda
 
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into ContainerdAkihiro Suda
 
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKitAkihiro Suda
 
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless ModeAkihiro Suda
 
Usernetes: Kubernetes as a non-root user
Usernetes: Kubernetes as a non-root userUsernetes: Kubernetes as a non-root user
Usernetes: Kubernetes as a non-root userAkihiro Suda
 
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動するKohei Tokunaga
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesAkihiro Suda
 
【CNDO2021】Calicoのデプロイをミスって本番クラスタを壊しそうになった話
【CNDO2021】Calicoのデプロイをミスって本番クラスタを壊しそうになった話【CNDO2021】Calicoのデプロイをミスって本番クラスタを壊しそうになった話
【CNDO2021】Calicoのデプロイをミスって本番クラスタを壊しそうになった話katsuya kawabe
 

Tendances (20)

Introduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdIntroduction and Deep Dive Into Containerd
Introduction and Deep Dive Into Containerd
 
P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctl
 
DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐる
 
Java applications containerized and deployed
Java applications containerized and deployedJava applications containerized and deployed
Java applications containerized and deployed
 
SCALE 2011 Deploying OpenStack with Chef
SCALE 2011 Deploying OpenStack with ChefSCALE 2011 Deploying OpenStack with Chef
SCALE 2011 Deploying OpenStack with Chef
 
App container rkt
App container rktApp container rkt
App container rkt
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images
 
Daneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver Meetup
Daneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver MeetupDaneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver Meetup
Daneyon Hansen - Intro to OpenStack - Feb13 OpenStack Denver Meetup
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive
 
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
 
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
 
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
 
Usernetes: Kubernetes as a non-root user
Usernetes: Kubernetes as a non-root userUsernetes: Kubernetes as a non-root user
Usernetes: Kubernetes as a non-root user
 
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020
 
ISC HPCW talks
ISC HPCW talksISC HPCW talks
ISC HPCW talks
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issues
 
【CNDO2021】Calicoのデプロイをミスって本番クラスタを壊しそうになった話
【CNDO2021】Calicoのデプロイをミスって本番クラスタを壊しそうになった話【CNDO2021】Calicoのデプロイをミスって本番クラスタを壊しそうになった話
【CNDO2021】Calicoのデプロイをミスって本番クラスタを壊しそうになった話
 

Similaire à Build and Run Containers With Lazy Pulling - Adoption status of containerd Stargz Snapshotter and eStargz

Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned RightScale
 
Parallelizing CI using Docker Swarm-Mode
Parallelizing CI using Docker Swarm-ModeParallelizing CI using Docker Swarm-Mode
Parallelizing CI using Docker Swarm-ModeAkihiro Suda
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'acorehard_by
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
 
Continuous delivery workflow with Docker
Continuous delivery workflow with DockerContinuous delivery workflow with Docker
Continuous delivery workflow with DockerIgor Moochnick
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014Carlo Bonamico
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to productionmuayyad alsadi
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and ContainersDocker, Inc.
 
Oracle Database on Docker
Oracle Database on DockerOracle Database on Docker
Oracle Database on DockerFranck Pachot
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQdotCloud
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesJérôme Petazzoni
 
Docker - A Ruby Introduction
Docker - A Ruby IntroductionDocker - A Ruby Introduction
Docker - A Ruby IntroductionTyler Johnston
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with DockerAndrey Hristov
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with DockerAndrey Hristov
 

Similaire à Build and Run Containers With Lazy Pulling - Adoption status of containerd Stargz Snapshotter and eStargz (20)

Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
 
Parallelizing CI using Docker Swarm-Mode
Parallelizing CI using Docker Swarm-ModeParallelizing CI using Docker Swarm-Mode
Parallelizing CI using Docker Swarm-Mode
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
 
Docker_AGH_v0.1.3
Docker_AGH_v0.1.3Docker_AGH_v0.1.3
Docker_AGH_v0.1.3
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
 
Continuous delivery workflow with Docker
Continuous delivery workflow with DockerContinuous delivery workflow with Docker
Continuous delivery workflow with Docker
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on Azure
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to production
 
JOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to ProductionJOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to Production
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
 
Oracle Database on Docker
Oracle Database on DockerOracle Database on Docker
Oracle Database on Docker
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
 
Docker - A Ruby Introduction
Docker - A Ruby IntroductionDocker - A Ruby Introduction
Docker - A Ruby Introduction
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 
Containerization using docker and its applications
Containerization using docker and its applicationsContainerization using docker and its applications
Containerization using docker and its applications
 

Plus de Kohei Tokunaga

BuildKitの概要と最近の機能
BuildKitの概要と最近の機能BuildKitの概要と最近の機能
BuildKitの概要と最近の機能Kohei Tokunaga
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Kohei Tokunaga
 
OCIランタイムの筆頭「runc」を俯瞰する
OCIランタイムの筆頭「runc」を俯瞰するOCIランタイムの筆頭「runc」を俯瞰する
OCIランタイムの筆頭「runc」を俯瞰するKohei Tokunaga
 
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!Kohei Tokunaga
 
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェストKohei Tokunaga
 
今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみたKohei Tokunaga
 
コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門Kohei Tokunaga
 

Plus de Kohei Tokunaga (7)

BuildKitの概要と最近の機能
BuildKitの概要と最近の機能BuildKitの概要と最近の機能
BuildKitの概要と最近の機能
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行
 
OCIランタイムの筆頭「runc」を俯瞰する
OCIランタイムの筆頭「runc」を俯瞰するOCIランタイムの筆頭「runc」を俯瞰する
OCIランタイムの筆頭「runc」を俯瞰する
 
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
 
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
 
今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた
 
コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門
 

Dernier

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 

Dernier (20)

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 

Build and Run Containers With Lazy Pulling - Adoption status of containerd Stargz Snapshotter and eStargz

  • 1. Copyright(c)2021 NTT Corp. All Rights Reserved Build and Run Containers With Lazy Pulling Adop9on status of containerd Stargz Snapsho=er and eStargz Kohei Tokunaga, NTT Corpora9on FOSDEM 2021 (February 7)
  • 2. Copyright(c)2021 NTT Corp. All Rights Reserved TL;DR l Pull is one of the time-consuming steps in the container lifecycle l Stargz Snapshotter, non-core subproject in containerd, is trying to solve it by lazy pulling • eStargz image based on Google stargz • Starndard compatibility, optimization and content verification l Collaboration in community • eStargz is usable with: containerd, Kubernetes, BuildKit, Kaniko, go-containerregistry, ko, nerdctl l On-going in 2021: Standardizing eStargz in OCI and improvements for stabilizing Stargz Snapshotter 0 5 10 15 20 25 30 35 40 45 estargz estargz-noopt legacy Start up Rme of python:3.7 (print “hello”) pull create run Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04) Registry: GitHub Container Registry (ghcr.io) Commit 7f45f74 (See detailed info in the later slides) [sec]
  • 3. Copyright(c)2021 NTT Corp. All Rights Reserved Pull and OCI/Docker image
  • 4. Copyright(c)2021 NTT Corp. All Rights Reserved Pull is 'me-consuming pulling packages accounts for 76% of container start Cme, but only 6.4% of that data is read [Harter et al. 2016] [Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast Distribution with Lazy Docker Containers". 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA Caching images Minimizing image size Cold start is s'll slow Not all images are minimizable Language runCmes, frameworks, etc. Workarounds are known but not enough Node Registry Image Container pull run
  • 5. Copyright(c)2021 NTT Corp. All Rights Reserved Problem on the current OCI/Docker image sha256:deadbeaf… sha256:1a3b5c… sha256:ffe63c… sha256:6ccde1… GET /v2/<image-name>/blobs/ bin/bash bin/ls etc/passwd etc/group usr/bin/apt layer = tarball (+compression) A container is a set of tarball layers A container can’t be started unNl the all layers become locally available l Need to scan the enNre blob even for extracNng single file entry • If the blob is gzip-compressed, it’s non-seekable anymore l No parallel extracNon • Need to scan the blob from the top, sequenNally
  • 6. Copyright(c)2021 NTT Corp. All Rights Reserved eStargz and Stargz Snapsho/er
  • 7. Copyright(c)2021 NTT Corp. All Rights Reserved l A plugin for containerd, developed in the non-core subproject l Allows containerd to lazily pull eStargz image from standard registry l eStargz comes with workload-based op7miza7on and content verifica7on Stargz Snapsho<er Standard-compatible lazy pulling with containerd Stargz Snapsho<er Kubelet, etc OCI runJmes Container Registry lazypull doesn’t download the en7re image on pull opera7on but fetches necessary chunks of contents on-demand https://github.com/containerd/stargz-snapshotter eStargz images
  • 8. Copyright(c)2021 NTT Corp. All Rights Reserved The structure of eStargz l Seekable tar.gz and compaBble to RFC 1952 (gzip) = usable as a valid OCI/Docker image layer l Based on the stargz by Google CRFS (hIps://github.com/google/crfs) l eStargz comes with performance opBmizaBon and content verificaBon l Priori>zed files enables to prefetch and precache likely accessed files ⚠ eStargz is incompaBble to stargz: “footer” is changed to make eStargz compaBble to RFC 1952 eStargz bin/ls usr/bin/apt entrypoint.sh bin/bash Priori>zed files Prefetched by a single Range Request TOC(Table Of Contents) and footer l TOC contains files metadata, offset, etc… l footer contains offset of TOC ⚠ footer is incompaBble to stargz Files fetched on demand Can also be aggressively downloadeed in background gzip member per regular file/chunk It can be extracted per-file using HTTP Range Request stargz bin/ls usr/bin/apt entrypoint.sh bin/bash For more details: hIps://github.com/containerd/stargz-snapshoIer/blob/master/docs/stargz-estargz.md
  • 9. Copyright(c)2021 NTT Corp. All Rights Reserved Workload-based Op/miza/on of eStargz proc container Input image Output image Convert & Op/mize Profile file access l Downloading each file/chunk on-demand costs extra overhead on each file access. l Leveraging eStargz, CLI converter command ctr-remote provides workload-based op/miza/on • Workload: entrypoint, envvar, etc… specified in Dockerfile (e.g. ENTRYPOINT) l ctr-remote analyzes which files are likely accessed during runRme • Runs provided image and profiles all file accesses • Regards accessed files are also likely accessed during runRme (= priori/zed files) • Stargz SnapshoTer will prefetch these files when mounts this image eStargz For more details: https://github.com/containerd/stargz-snapshotter/blob/master/docs/ctr-remote.md
  • 10. Copyright(c)2021 NTT Corp. All Rights Reserved Content Verifica-on in eStargz chunkDigest chunkDigest chunkDigest containerd.io/snapshot/stargz/toc.digest file/chunk data file/chunk data file/chunk data Verified on resolve Verified on mount Verified on each fetch references by digest references by digest Manifest TOC (metadata of all files) l Chunks are lazily pulled from registry on-demand • so they cannot verified when mounJng the layer l Chunks are “lazily” verified • TOC (metadata file) records digests per chunk • Each chunk can be verified when it’s fetched to the node • TOC itself is verified when mounJng that layer using the digest wriOen in the manifest For more details: hOps://github.com/containerd/stargz-snapshoOer/blob/master/docs/verificaJon.md (the above figure is from this doc)
  • 11. Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup l Measures the container startup ?me which includes: • Pulling an image from GitHub Container Registry • For language container, running “print hello world” program in the container • For server container, wai?ng for the readiness (un?l “up and running” message is printed) • This method is based on Hello Bench [Harter, et al. 2016] l Takes 95 percen?le of 100 opera?ons l Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04) l Registry: GitHub Container Registry (ghcr.io) l Target commit: 7f45f7438617728dd06bc9853a[5e42c1d3d5a3 [Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast Distribu?on with Lazy Docker Containers". 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA
  • 12. Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup 0 5 10 15 20 25 30 35 40 45 estargz estargz-noopt legacy python:3.7 (print “hello”) pull create run [sec] Waits for prefetch compleLon
  • 13. Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup 0 10 20 30 40 50 60 estargz estargz-noopt legacy glassfish:4.1-jdk8 (runs unIl “Running GlassFish” is printed) pull create run [sec] Waits for prefetch compleIon
  • 14. Copyright(c)2021 NTT Corp. All Rights Reserved Collabora'on in community
  • 15. Copyright(c)2021 NTT Corp. All Rights Reserved eStargz on Kubernetes Nodes Stargz Snapsho3er External process gRPC API kubelet Lazy pull Container Registry eStargz Stargz Snapsho3er Stargz Snapsho3er l Lazy pulling can be enabled on Kubernetes using Stargz SnapshoCer, without patches • containerd is required as a CRI runHme l Stargz SnapshoCer needs to run on each node and containerd needs to be configured to recognize it l Real-world use-case at CERN for speeding up analysis pipeline [1] (13x faster pull for 5GB image) [1] Ricardo Rocha & Spyridon Trigazis, CERN. “Speeding Up Analysis Pipelines with Remote Container Images”. KubeCon+CloudNativeCon 2020 NA. https://sched.co/ekDj
  • 16. Copyright(c)2021 NTT Corp. All Rights Reserved eStargz on containerd proc container Node Stargz Snapsho2er Lazy pull Container Registry eStargz Fetching files/chunks on demand Mounting rootfs as FUSE l Stargz Snapsho?er enables lazy pulling of eStargz on containerd • Implemented as a “remote snapsho?er” plugin l Mounts rooHs snapshots as FUSE and downloads accessed file contents on-demand l nerdctl (Docker-compaQble CLI for containerd; h?ps://github.com/AkihiroSuda/nerdctl) supports lazy pulling of eStargz on containerd Implemented as a “remote snapsho?er”
  • 17. Copyright(c)2021 NTT Corp. All Rights Reserved FROM ghcr.io/stargz-containers/golang:1.15.3-esgz as dev COPY ./hello.go /hello.go RUN go build -o hello /hello.go COPY and RUN without wai2ng for the pull comple2on Container Registry eStargz on BuildKit golang:1.15.3-esgz • /usr/local/go/bin/go • /usr/local/go/src/fmt/… etc... Fetch files/chunks on demand Build on node Lazy pull eStargz l BuildKit > v0.8.0 experimentally supports lazy pulling of eStargz base images during build • FROM instrucMon is skipped and chunks are lazily pulled on-demand during COPY/RUN/etc. l Can shorten the Mme of build e.g. on temporary (and fresh) CI instances with big base images. l More details at blog: hVps://medium.com/nVlabs/buildkit-lazypull-66c37690963f • speeding up building ”hello world” image from tens of seconds to a few seconds at the best
  • 18. Copyright(c)2021 NTT Corp. All Rights Reserved Tools start to support eStargz crea0on (1/2) ctr-remote l Image converter developed in Stargz Snapshotter project l Converts image to eStargz l Comes with workload-based optimization hFps://github.com/containerd/stargz-snapshoFer/tree/master/cmd/ctr-remote nerdctl l Docker-compaKble CLI for containerd by Akihiro Suda, NTT l Converts image to eStargz l Comes with manual opKmizaKon (i.e. manually specifying prioriKzed files) hFps://github.com/AkihiroSuda/nerdctl kaniko l Container image builder by Google l Builds eStargz image (no opKmizaKon) l Base images need to be pre-converted to eStargz l GGCR_EXPERIMENT_ESTARGZ=1 is needed hFps://github.com/GoogleContainerTools/kaniko
  • 19. Copyright(c)2021 NTT Corp. All Rights Reserved Tools start to support eStargz crea0on (2/2) go-containerregistry and crane CLI l Container registry client library and CLI by Google l Converts image to eStargz l Comes with manual opFmizaFon (i.e. manually specifying prioriFzed files) l GGCR_EXPERIMENT_ESTARGZ=1 is needed hPps://github.com/google/go-containerregistry ko l Build & Deployment tool of Go applicaFon on Kubernetes, by Google l Builds eStargz image (no opFmizaFon) l Base images need to be pre-converted to eStargz l GGCR_EXPERIMENT_ESTARGZ=1 is needed https://github.com/google/ko
  • 20. Copyright(c)2021 NTT Corp. All Rights Reserved eStargz in 2021
  • 21. Copyright(c)2021 NTT Corp. All Rights Reserved Updates will come in 2021 Standardizing eStargz l eStargz is proposed to OCI Image Spec l Discussion is on-going l Backward-compaHble extensions • OpHonal extension to applicaHon/vnd.oci.image.layer.v1.tar+gz • OpHonal annotaHon for content verificaHon hOps://github.com/opencontainers/image-spec/issues/815 Features and improvements for stabilizing Stargz Snapsho=er l Higher availability of Stargz Snapshotter (mounting images from multiple backend registries) l Improvements on memory consumption of Stargz Snapshotter l Speeding up image conversion l Static optimization of images l etc…
  • 22. Copyright(c)2021 NTT Corp. All Rights Reserved Summary Feedbacks and sugges1ons are always welcome! h;ps://github.com/containerd/stargz-snapsho;er l Pull is one of the Gme-consuming steps in the container lifecycle l Stargz Snapsho:er, non-core subproject in containerd, is trying to solve it by lazy pulling • eStargz image based on Google stargz • Starndard compaGbility, opGmizaGon and content verificaGon l Collabora1on in community • eStargz on various plaMorms: Kubernetes, containerd and BuildKit • go-containerregistry, ko, kaniko and nerdctl start to support eStargz creaGon l On-going in 2021: Standardizing eStargz in OCI and improvements for stabilizing Stargz Snapsho;er