A talk given at Cloud Native London meetup, February 6, 2018 on the role of container runtimes in Kubernetes, the introduction of the Container Runtime Interface (CRI), and the history of containerd and it's use as a CRI implementing container runtime for Kubernetes.
4. @estesp
Kubernetes is an Orchestrator
▪ Kubernetes has no code to execute or run
containers on Linux or Windows
▪ Initially the Kubernetes pod manager
(called “kubelet”) had direct linkage to the
Docker engine
4
kubelet dockershim dockerd
containerd
runc
https://github.com/kubernetes/kubernetes/tree/release-1.4/pkg/kubelet/dockershim
11. @estesp
runc
containerd
Why Containerd 1.0?
▪ Continue projects spun out from
monolithic Docker engine
▪ Expected use beyond Docker
engine (Kubernetes CRI)
▪ Donation to foundation for broad
industry collaboration
□ Similar to runc/libcontainer
and the OCI
12. @estesp
Technical Goals/Intentions
▪ Clean gRPC-based API + client library
▪ Full OCI support (runtime and image spec)
▪ Stability and performance with tight,
well-defined core of container function
▪ Decoupled systems (image, filesystem,
runtime) for pluggability, reuse
14. @estesp
Release Process
https://github.com/containerd/containerd/blob/master/RELEASES.md
Latest Release: v1.0.2 (-rc.1 will release in the next day)
Key Points:
▪ Using SemVer
▪ Major releases have a support horizon with backported
fixes
□ Already proven out post-1.0.0 with 2 releases
▪ Next release (v1.1) plans will include Windows container
runtime support and other enhancements
▪ Stability and compatibility provided for & documented
15. @estesp
▪ Containerd is a member project
within the Cloud Native
Computing Foundation (CNCF)
▪ The Moby project governance,
adopted in Q42017 is not a
BDFL model
▪ The newly formed Moby
Technical Steering Committee
(TSC) oversees Moby projects
▪ Broad base of contributors,
and growing
TOP TEN CONTRIBUTORS
1. Docker
2. Google
3. NTT
4. Tesla*
5. IBM
6. ZTE
7. Microsoft
8. Red Hat**
9. Huawei
10. Amazon Web Services
* Former Docker maintainer left for Tesla
** Red Hat contributions mostly prior to 1.0 codebase
Project Contributors
18. @estesp
Containerd Benefits
● Designed and implemented with broad
usage as a core container runtime in mind:
○ Docker, LinuxKit, Kubernetes and
embedded core runtime use cases
(OpenWhisk, Cloud Foundry)
● Stress testing validating stability and
performance guarantees 24/7
● Attention to detail re: Go/gRPC APIs for
usability and ease of embedding
● Focus on compatibility guarantees; bug fix
backports for high level of support on major
version levels
19. Source: https://github.com/kelseyhightower/kubernetes-the-hard-way
▪ Requires runc and containerd to be
installed (distro packaging lagging
these projects)
▪ CRI-Containerd project has been
doing binary releases with
dependencies included (future TBD)
▪ No requirement for Docker engine
installation on worker nodes at all
▪ LinuxKit also using (and providing)
this configuration in their default
Kubernetes project:
▪ “make all KUBE_RUNTIME=cri-containerd”
▪ See: https://github.com/linuxkit/kubernetes
Using Containerd in Kubernetes 1.9+
20. @estesp
Summary
▪ Introducing the CRI helped abstract runtime
requirements from a specific container engine
▪ The CRI now gives Kubernetes admins
and/or cluster creators a choice for container
runtime options
▪ Containerd (and its CRI implementation) is
purpose-built for the K8s and Docker stacks
as a high-performance, supported and stable
runtime
20