Looking Under The Hood: containerD

33
Looking under the hood: containerd Scott Coulton Principal software engineer @ Puppet

Transcript of Looking Under The Hood: containerD

Page 1: Looking Under The Hood: containerD

Looking under the hood: containerd

Scott CoultonPrincipal software engineer @ Puppet

Page 2: Looking Under The Hood: containerD

The talk should have been called?containerd, What does it mean for me ?

Page 3: Looking Under The Hood: containerD

About me ...

@scotty-c

@scottcoulton

Page 4: Looking Under The Hood: containerD

Agenda● What is containerd?● Why is containerd a critical part of the container

ecosystem ? ● What upstream projects use containerd● How is containerd changing the way we build

container products

Page 5: Looking Under The Hood: containerD

What is containerd?

Page 6: Looking Under The Hood: containerD

“containerd is an industry-standard core container runtime with an emphasis on simplicity, robustness and portability.

containerd can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments.”

Page 7: Looking Under The Hood: containerD

Let’s breakdown containerd● CTR (containerd CLI)● A daemon exposing gRPC API over a

local UNIX socket● Protobuf specs between components

Page 8: Looking Under The Hood: containerD

Runtimes

Metadata

ContainersContent DiffSnapshot Tasks EventsImages

GRPC Metrics

Runtimes

Storage

OS

Page 9: Looking Under The Hood: containerD
Page 10: Looking Under The Hood: containerD

containerd gives us

● OCI Image Spec support● OCI Runtime Spec support (aka runC)● Image push and pull support● Management of namespaces

Page 11: Looking Under The Hood: containerD
Page 12: Looking Under The Hood: containerD

What upstream projects use containerd

Page 13: Looking Under The Hood: containerD

How does containerd architecture allow other projects to interact with it

containerd

OS (Storage, FS, Networking Runtimes

API Client (moby, cri-containerd, etc.)

Page 14: Looking Under The Hood: containerD

How does containerd architecture allow other projects to interact with it

Page 15: Looking Under The Hood: containerD

containerd is used in ● Moby● Moby linux kit (I want to talk about this separately)

● Kubernetes

Page 16: Looking Under The Hood: containerD

The Moby Project

Page 17: Looking Under The Hood: containerD

The Moby project is made up of

● The Docker Engine● SwarmKit● HyperKit● RunC● Also LinuxKit (I want to cover that

separately)

Page 18: Looking Under The Hood: containerD

How does containerd interact with Moby

Page 19: Looking Under The Hood: containerD

How is ContainerD different from Docker

Page 20: Looking Under The Hood: containerD
Page 21: Looking Under The Hood: containerD

LinuxKit

Page 22: Looking Under The Hood: containerD

What is LinuxKit ?● Lean OS. Minimal size, minimal boot

time● 4.9 Kernel● Allows you to run any container

runtime● Batteries included but can be

replaced● All system services are containers

Page 23: Looking Under The Hood: containerD

Why is it different to a traditional OS ?● Smaller attack surface● Immutable infrastructure● Sandboxed system services● Specialized patches and configurations● You have full control over the build● The configuration is all yaml

Page 24: Looking Under The Hood: containerD

How is containerd integrated with LinuxKit ?init:

- linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b

- linuxkit/runc:2649198589ef0020d99f613adaeda45ce0093a38

- linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b

- linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288

Page 25: Looking Under The Hood: containerD

Every containerd demo we have done has run in LinuxKit

Page 26: Looking Under The Hood: containerD
Page 27: Looking Under The Hood: containerD
Page 28: Looking Under The Hood: containerD

Kubernetes

Page 29: Looking Under The Hood: containerD

How does containerd and Kubernetes interact ?

Page 30: Looking Under The Hood: containerD

To follow this project

Page 31: Looking Under The Hood: containerD

Yesterdays news

Page 32: Looking Under The Hood: containerD

Questions ?

Page 33: Looking Under The Hood: containerD

Thank you


Looking under the hood of various RAN Access Deployment Technologies: 4G, LTE-A and 5G

Looking under the hood of various RAN Access Deployment Technologies: 4G, LTE-A and 5G

Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques

Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques

Looking Under The Hood: Software - Northwestern …hades.mech.northwestern.edu/images/9/95/PIC32SoftwareAndInterrupts.pdfLooking Under The Hood: Software In the last chapter, ... TRISA,

Looking Under The Hood: Software - Northwestern …hades.mech.northwestern.edu/images/9/95/PIC32SoftwareAndInterrupts.pdfLooking Under The Hood: Software In the last chapter, ... TRISA,

Kubernetes CRI containerd integration by Lantao Liu (Google)

Kubernetes CRI containerd integration by Lantao Liu (Google)

containerd Internals - GOTO Conference · 2018-04-26 · A Brief History APRIL 2016 Containerd “0.2” announced, Docker 1.11 Announce expansion of containerd OSS project DECEMBER

containerd Internals - GOTO Conference · 2018-04-26 · A Brief History APRIL 2016 Containerd “0.2” announced, Docker 1.11 Announce expansion of containerd OSS project DECEMBER

Containerd internals: building a core container runtime

Containerd internals: building a core container runtime

VMworld 2015: Horizon View Troubleshooting - Looking Under the Hood

VMworld 2015: Horizon View Troubleshooting - Looking Under the Hood

Containerd - core container runtime component

Containerd - core container runtime component

Looking Under the Hood at the Oracle ClusterWare OOW -2009 Murali Vallath murali.vallath@summersky.biz.

Looking Under the Hood at the Oracle ClusterWare OOW -2009 Murali Vallath [email protected].

Looking Under the Hood: Hardware - Northwestern Universityhades.mech.northwestern.edu/images/4/43/PIC32hardware.pdfLooking Under the Hood: Hardware 2.1 The PIC32 The Microchip PIC32

Looking Under the Hood: Hardware - Northwestern Universityhades.mech.northwestern.edu/images/4/43/PIC32hardware.pdfLooking Under the Hood: Hardware 2.1 The PIC32 The Microchip PIC32

Looking Under the Hood -- Australia SharePoint Conference

Looking Under the Hood -- Australia SharePoint Conference

How to Cha-Cha Looking under the hood of the Cha-Cha Intranet Search Engine

How to Cha-Cha Looking under the hood of the Cha-Cha Intranet Search Engine

Diving Through The Layers: Investigating runc, containerd, and the Docker engine architecture

Diving Through The Layers: Investigating runc, containerd, and the Docker engine architecture

Practical PC, 7 th Edition Chapter 17: Looking Under the Hood.

Practical PC, 7 th Edition Chapter 17: Looking Under the Hood.

Looking Under the Hood of Competency-Based Education: The ...

Looking Under the Hood of Competency-Based Education: The ...

LOOKING UNDER THE HOOD OF COMPETENCY-BASED EDUCATION

LOOKING UNDER THE HOOD OF COMPETENCY-BASED EDUCATION

Containerd Donation to CNCF Cloud Native Conference Berlin 2017

Containerd Donation to CNCF Cloud Native Conference Berlin 2017

Contribute 101: Engine/Swarm/ContainerD by Phil Estes

Contribute 101: Engine/Swarm/ContainerD by Phil Estes

Looking Under the Hood of the High Performance Computing Industry

Looking Under the Hood of the High Performance Computing Industry

Looking Under the Hood: IPM Performance at Pest Management ... · 2005 Children’s Environmental Health Recognition Award, US EPA Office of Children’s Health Protection Looking

Looking Under the Hood: IPM Performance at Pest Management ... · 2005 Children’s Environmental Health Recognition Award, US EPA Office of Children’s Health Protection Looking