SlideShare a Scribd company logo

Devoxx 2016: A Developer's Guide to OCI and runC

Phil Estes
Phil Estes

A talk given at Devoxx 2016 in Antwerp, Belgium on November 7th, 2016. This talk covers the OCI (Open Container Initiative), status of the runtime and image specifications, and tools like runC and ocitools, as well as components like "riddler" and "netns" for using the OCI components as an application developer.

Software
1 of 10
Download to read offline
OCI and runC A developer’s guide for open container tools and projects Phil Estes, IBM Cloud Open Technology and Architecture @estesp / estesp@gmail.com
Phil Estes Senior Technical Staff Member IBM Cloud, Open Technologies Container Strategy/Open Source Leader Docker community core engine maintainer < Linux/open source expertise for 15 years @ IBM < Community activities & accomplishments > Brought user namespace support to the Docker engine > Helped design v2.2 image specification with multi-platform support > Implemented first tool to create multi-platform images in Docker v2.3 registry > Member of the “Docker Captains” program 2 About Me
Open Container Initiative (OCI) An open governance structure for creating open industry standards: a common container runtime and image format. • A Linux Foundation Collaborative Project • Free from control by any particular vendor’s specific cloud stack or ecosystem • Includes a specification, reference runtime* and now, a specified image format *seeded with runc + libcontainer by Docker
OCI Specs & Status > Announced June 20th, 2015 > Charter signed on December 8th, 2015 > 49 current member companies > Both specifications nearing 1.0 release targets https://opencontainers.org https://github.com/opencontainers > Runtime specification: Release 1.0.0-rc2 / September 2016 https://github.com/opencontainers/runtime-spec/releases/tag/v1.0.0-rc2 1. Very close to an official 1.0 release of the runtime spec 2. Includes required core for Linux, Windows, and Solaris > Image format spec: Release 1.0.0-rc3 / October 2016 https://github.com/opencontainers/image-spec/releases/tag/v1.0.0-rc3 1. Seeded with Docker registry v2.2 specification 2. v1.0.0-rc3 approved and released last week
Introduction to `runc` > runc is a client wrapper around libcontainer > Libcontainer is the OS level interface for containers Other platforms and architectures can implement the libcontainer API via their own primitives/system-level container concepts $ docker run -it --read-only -v /host:/hostpath alpine sh /# { "ociVersion": "0.6.0-dev", "platform": { "os": "linux", "arch": "amd64" }, "process": { "terminal": true, "args": [ "sh" ], "env": [ "PATH=/usr/local/sbin:/usr/local/bin:/bin” config.json
● CloudFoundry Garden OCI implementation ● https://github.com/cloudfoundry-incubator/guardian ● Uses runc as a backend for container execution ● Docker 1.11 (and above) ● Switched from direct libcontainer API linkage to calling runc as container executor ● Uses containerd as a gRPC daemon to disconnect Docker daemon (API/mgmt) from container execution (allows daemon restart in future without container runtime impact) runc in the “Wild” runv - Hyper.sh; small & lightweight hypervisor wraps contained process runz - Solaris zones implementation > Ports/Implementations:
How does Docker use runc? Docker engine containerd gRPC ctr-shim ctr-shim runc runc https://github.com/docker/docker https://github.com/docker/containerd https://github.com/opencontainers/runc Docker client/API HTTP/REST
OCI Image Tools > Docker engine save/load support for OCI format underway https://github.com/docker/docker/pull/26369 > `oci-fetch` tool being developed to pull OCI format images https://github.com/containers/oci-fetch > Official OCI project for image tooling (create/verify/etc.) https://github.com/opencontainers/image-tools > `acbuild` (ACI/rkt tooling) support for OCI image format https://github.com/containers/build/issues/249 > `skopeo` image query/fetch tool has support for OCI image format https://github.com/projectatomic/skopeo
@estesp github.com/estesp estesp@gmail.com https://integratedcode.us IRC: estesp DEMO $ runc run alpine # / /usr/bin/runc https://github.com/opencontainers/runc /usr/bin/ocitools https://github.com/opencontainers/ocitools /usr/local/bin/riddler https://github.com/jessfraz/riddler /usr/local/bin/netns https://github.com/jessfraz/netns
OCI & runc Futures ● Entry point for OS-level container technology implementations and added enhancements ○ Recent examples: seccomp, user namespaces, checkpoint/restore ○ Many smaller examples (lots of changes required for fully unprivileged containers) ● More users and contributed implementations (for runtime and image) ● What will you do with runc and the OCI specifications?

Recommended

runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's Engines
Phil Estes
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Phil Estes
 
Container Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingContainer Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're Going
Phil Estes
 
Intro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and WindowsIntro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and Windows
Thomas Chacko
 
Containerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimeContainerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container Runtime
Phil Estes
 
Embedding Containerd For Fun and Profit
Embedding Containerd For Fun and ProfitEmbedding Containerd For Fun and Profit
Embedding Containerd For Fun and Profit
Phil Estes
 
Quantifying Container Runtime Performance: OSCON 2017 Open Container Day
Quantifying Container Runtime Performance: OSCON 2017 Open Container DayQuantifying Container Runtime Performance: OSCON 2017 Open Container Day
Quantifying Container Runtime Performance: OSCON 2017 Open Container Day
Phil Estes
 

Recommended

runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's Engines
Phil Estes
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Phil Estes
 
Container Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingContainer Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're Going
Phil Estes
 
Intro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and WindowsIntro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and Windows
Thomas Chacko
 
Containerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimeContainerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container Runtime
Phil Estes
 
Embedding Containerd For Fun and Profit
Embedding Containerd For Fun and ProfitEmbedding Containerd For Fun and Profit
Embedding Containerd For Fun and Profit
Phil Estes
 
Quantifying Container Runtime Performance: OSCON 2017 Open Container Day
Quantifying Container Runtime Performance: OSCON 2017 Open Container DayQuantifying Container Runtime Performance: OSCON 2017 Open Container Day
Quantifying Container Runtime Performance: OSCON 2017 Open Container Day
Phil Estes
 
Docker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete ComponentsDocker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete Components
Phil Estes
 
Docker 101 2015-05-28
Docker 101 2015-05-28Docker 101 2015-05-28
Docker 101 2015-05-28
Adrian Otto
 
Intro To Docker
Intro To DockerIntro To Docker
Intro To Docker
Jessica Lucci
 
Introdution to Docker (theory and hands on) dbCafé - dbTrento
Introdution to Docker (theory and hands on) dbCafé - dbTrentoIntrodution to Docker (theory and hands on) dbCafé - dbTrento
Introdution to Docker (theory and hands on) dbCafé - dbTrento
Cristian Consonni
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
Docker, Inc.
 
Live Container Migration: OpenStack Summit Barcelona 2016
Live Container Migration: OpenStack Summit Barcelona 2016Live Container Migration: OpenStack Summit Barcelona 2016
Live Container Migration: OpenStack Summit Barcelona 2016
Phil Estes
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Michelle Antebi
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
Sparkbit
 
Dockercon 16 Wrap-up (Docker for Mac and Win, Docker 1.12, Swarm Mode, etc.)
Dockercon 16 Wrap-up (Docker for Mac and Win, Docker 1.12, Swarm Mode, etc.)Dockercon 16 Wrap-up (Docker for Mac and Win, Docker 1.12, Swarm Mode, etc.)
Dockercon 16 Wrap-up (Docker for Mac and Win, Docker 1.12, Swarm Mode, etc.)
Nils De Moor
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 
Docker 102 - Immutable Infrastructure
Docker 102 - Immutable InfrastructureDocker 102 - Immutable Infrastructure
Docker 102 - Immutable Infrastructure
Adrian Otto
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Phil Estes
 
DockerCon US 2016 - Extending Docker With APIs, Drivers, and Plugins
DockerCon US 2016 - Extending Docker With APIs, Drivers, and PluginsDockerCon US 2016 - Extending Docker With APIs, Drivers, and Plugins
DockerCon US 2016 - Extending Docker With APIs, Drivers, and Plugins
Arnaud Porterie
 
Docker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notesDocker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notes
Sreenivas Makam
 
Containerd - core container runtime component
Containerd - core container runtime component Containerd - core container runtime component
Containerd - core container runtime component
Docker, Inc.
 
Docker 101 - Intro to Docker
Docker 101 - Intro to DockerDocker 101 - Intro to Docker
Docker 101 - Intro to Docker
Adrian Otto
 
Ansible docker
Ansible dockerAnsible docker
Ansible docker
QNIB Solutions
 
docker installation and basics
docker installation and basicsdocker installation and basics
docker installation and basics
Walid Ashraf
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPC
Docker, Inc.
 
Docker Distributed application bundle & Stack - Overview
Docker Distributed application bundle & Stack - Overview Docker Distributed application bundle & Stack - Overview
Docker Distributed application bundle & Stack - Overview
Thomas Chacko
 
Runc: The Little Engine That Could (Run Docker Containers)
Runc: The Little Engine That Could (Run Docker Containers)Runc: The Little Engine That Could (Run Docker Containers)
Runc: The Little Engine That Could (Run Docker Containers)
Phil Estes
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016
Phil Estes
 

More Related Content

What's hot

Docker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete ComponentsDocker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete Components
Phil Estes
 
Docker 101 2015-05-28
Docker 101 2015-05-28Docker 101 2015-05-28
Docker 101 2015-05-28
Adrian Otto
 
Intro To Docker
Intro To DockerIntro To Docker
Intro To Docker
Jessica Lucci
 
Introdution to Docker (theory and hands on) dbCafé - dbTrento
Introdution to Docker (theory and hands on) dbCafé - dbTrentoIntrodution to Docker (theory and hands on) dbCafé - dbTrento
Introdution to Docker (theory and hands on) dbCafé - dbTrento
Cristian Consonni
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
Docker, Inc.
 
Live Container Migration: OpenStack Summit Barcelona 2016
Live Container Migration: OpenStack Summit Barcelona 2016Live Container Migration: OpenStack Summit Barcelona 2016
Live Container Migration: OpenStack Summit Barcelona 2016
Phil Estes
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Michelle Antebi
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
Sparkbit
 
Dockercon 16 Wrap-up (Docker for Mac and Win, Docker 1.12, Swarm Mode, etc.)
Dockercon 16 Wrap-up (Docker for Mac and Win, Docker 1.12, Swarm Mode, etc.)Dockercon 16 Wrap-up (Docker for Mac and Win, Docker 1.12, Swarm Mode, etc.)
Dockercon 16 Wrap-up (Docker for Mac and Win, Docker 1.12, Swarm Mode, etc.)
Nils De Moor
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 
Docker 102 - Immutable Infrastructure
Docker 102 - Immutable InfrastructureDocker 102 - Immutable Infrastructure
Docker 102 - Immutable Infrastructure
Adrian Otto
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Phil Estes
 
DockerCon US 2016 - Extending Docker With APIs, Drivers, and Plugins
DockerCon US 2016 - Extending Docker With APIs, Drivers, and PluginsDockerCon US 2016 - Extending Docker With APIs, Drivers, and Plugins
DockerCon US 2016 - Extending Docker With APIs, Drivers, and Plugins
Arnaud Porterie
 
Docker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notesDocker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notes
Sreenivas Makam
 
Containerd - core container runtime component
Containerd - core container runtime component Containerd - core container runtime component
Containerd - core container runtime component
Docker, Inc.
 
Docker 101 - Intro to Docker
Docker 101 - Intro to DockerDocker 101 - Intro to Docker
Docker 101 - Intro to Docker
Adrian Otto
 
Ansible docker
Ansible dockerAnsible docker
Ansible docker
QNIB Solutions
 
docker installation and basics
docker installation and basicsdocker installation and basics
docker installation and basics
Walid Ashraf
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPC
Docker, Inc.
 
Docker Distributed application bundle & Stack - Overview
Docker Distributed application bundle & Stack - Overview Docker Distributed application bundle & Stack - Overview
Docker Distributed application bundle & Stack - Overview
Thomas Chacko
 

What's hot (20)

Docker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete ComponentsDocker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete Components
 
Docker 101 2015-05-28
Docker 101 2015-05-28Docker 101 2015-05-28
Docker 101 2015-05-28
 
Intro To Docker
Intro To DockerIntro To Docker
Intro To Docker
 
Introdution to Docker (theory and hands on) dbCafé - dbTrento
Introdution to Docker (theory and hands on) dbCafé - dbTrentoIntrodution to Docker (theory and hands on) dbCafé - dbTrento
Introdution to Docker (theory and hands on) dbCafé - dbTrento
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
 
Live Container Migration: OpenStack Summit Barcelona 2016
Live Container Migration: OpenStack Summit Barcelona 2016Live Container Migration: OpenStack Summit Barcelona 2016
Live Container Migration: OpenStack Summit Barcelona 2016
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Dockercon 16 Wrap-up (Docker for Mac and Win, Docker 1.12, Swarm Mode, etc.)
Dockercon 16 Wrap-up (Docker for Mac and Win, Docker 1.12, Swarm Mode, etc.)Dockercon 16 Wrap-up (Docker for Mac and Win, Docker 1.12, Swarm Mode, etc.)
Dockercon 16 Wrap-up (Docker for Mac and Win, Docker 1.12, Swarm Mode, etc.)
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Docker 102 - Immutable Infrastructure
Docker 102 - Immutable InfrastructureDocker 102 - Immutable Infrastructure
Docker 102 - Immutable Infrastructure
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use Cases
 
DockerCon US 2016 - Extending Docker With APIs, Drivers, and Plugins
DockerCon US 2016 - Extending Docker With APIs, Drivers, and PluginsDockerCon US 2016 - Extending Docker With APIs, Drivers, and Plugins
DockerCon US 2016 - Extending Docker With APIs, Drivers, and Plugins
 
Docker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notesDocker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notes
 
Containerd - core container runtime component
Containerd - core container runtime component Containerd - core container runtime component
Containerd - core container runtime component
 
Docker 101 - Intro to Docker
Docker 101 - Intro to DockerDocker 101 - Intro to Docker
Docker 101 - Intro to Docker
 
Ansible docker
Ansible dockerAnsible docker
Ansible docker
 
docker installation and basics
docker installation and basicsdocker installation and basics
docker installation and basics
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPC
 
Docker Distributed application bundle & Stack - Overview
Docker Distributed application bundle & Stack - Overview Docker Distributed application bundle & Stack - Overview
Docker Distributed application bundle & Stack - Overview
 

Similar to Devoxx 2016: A Developer's Guide to OCI and runC

Runc: The Little Engine That Could (Run Docker Containers)
Runc: The Little Engine That Could (Run Docker Containers)Runc: The Little Engine That Could (Run Docker Containers)
Runc: The Little Engine That Could (Run Docker Containers)
Phil Estes
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016
Phil Estes
 
Innovating Out in the Open
Innovating Out in the Open Innovating Out in the Open
Innovating Out in the Open
Dev_Events
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Patrick Chanezon
 
Docker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine EvolutionDocker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine Evolution
Phil Estes
 
Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source
John Willis
 
Docker.pptx
Docker.pptxDocker.pptx
Docker.pptx
balaji257
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
WSO2
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
Imesh Gunaratne
 
2 Linux Container and Docker
2 Linux Container and Docker2 Linux Container and Docker
2 Linux Container and Docker
Fabio Fumarola
 
Develop with linux containers and docker
Develop with linux containers and dockerDevelop with linux containers and docker
Develop with linux containers and docker
Fabio Fumarola
 
Docker Basics
Docker BasicsDocker Basics
Docker Basics
DuckDuckGo
 
Docker basics
Docker basicsDocker basics
Docker basics
Claudio Montoya
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
Liang Bo
 
Introduction to Containers & Diving a little deeper into the benefits of Con...
Introduction to Containers & Diving a little deeper into the benefits of Con... Introduction to Containers & Diving a little deeper into the benefits of Con...
Introduction to Containers & Diving a little deeper into the benefits of Con...
Synergetics Learning and Cloud Consulting
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
Andrey Hristov
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
Andrey Hristov
 
runC – Open Container Initiative
runC – Open Container InitiativerunC – Open Container Initiative
runC – Open Container Initiative
Jeeva Chelladhurai
 
What is Docker?
What is Docker?What is Docker?
What is Docker?
Shubhrank Rastogi
 

Similar to Devoxx 2016: A Developer's Guide to OCI and runC (20)

Runc: The Little Engine That Could (Run Docker Containers)
Runc: The Little Engine That Could (Run Docker Containers)Runc: The Little Engine That Could (Run Docker Containers)
Runc: The Little Engine That Could (Run Docker Containers)
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016
 
Innovating Out in the Open
Innovating Out in the Open Innovating Out in the Open
Innovating Out in the Open
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
 
Docker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine EvolutionDocker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine Evolution
 
Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source
 
Docker.pptx
Docker.pptxDocker.pptx
Docker.pptx
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
 
2 Linux Container and Docker
2 Linux Container and Docker2 Linux Container and Docker
2 Linux Container and Docker
 
Develop with linux containers and docker
Develop with linux containers and dockerDevelop with linux containers and docker
Develop with linux containers and docker
 
Docker Basics
Docker BasicsDocker Basics
Docker Basics
 
Docker basics
Docker basicsDocker basics
Docker basics
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
 
Introduction to Containers & Diving a little deeper into the benefits of Con...
Introduction to Containers & Diving a little deeper into the benefits of Con... Introduction to Containers & Diving a little deeper into the benefits of Con...
Introduction to Containers & Diving a little deeper into the benefits of Con...
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 
runC – Open Container Initiative
runC – Open Container InitiativerunC – Open Container Initiative
runC – Open Container Initiative
 
What is Docker?
What is Docker?What is Docker?
What is Docker?
 

More from Phil Estes

Enabling Security via Container Runtimes
Enabling Security via Container RuntimesEnabling Security via Container Runtimes
Enabling Security via Container Runtimes
Phil Estes
 
Extended and embedding: containerd update & project use cases
Extended and embedding: containerd update & project use casesExtended and embedding: containerd update & project use cases
Extended and embedding: containerd update & project use cases
Phil Estes
 
Cloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications PrimerCloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications Primer
Phil Estes
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A Primer
Phil Estes
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A Primer
Phil Estes
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for Kubernetes
Phil Estes
 
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
Phil Estes
 
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
Phil Estes
 
Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019
Phil Estes
 
What's Running My Containers? A review of runtimes and standards.
What's Running My Containers? A review of runtimes and standards.What's Running My Containers? A review of runtimes and standards.
What's Running My Containers? A review of runtimes and standards.
Phil Estes
 
FOSDEM 2019: A containerd Project Update
FOSDEM 2019: A containerd Project UpdateFOSDEM 2019: A containerd Project Update
FOSDEM 2019: A containerd Project Update
Phil Estes
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?
Phil Estes
 
It's 2018. Are My Containers Secure Yet!?
It's 2018. Are My Containers Secure Yet!?It's 2018. Are My Containers Secure Yet!?
It's 2018. Are My Containers Secure Yet!?
Phil Estes
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open Communities
Phil Estes
 
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesWhose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Phil Estes
 
Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018
Phil Estes
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime Performance
Phil Estes
 
AtlanTEC 2017: Containers! Why Docker, Why NOW?
AtlanTEC 2017: Containers! Why Docker, Why NOW?AtlanTEC 2017: Containers! Why Docker, Why NOW?
AtlanTEC 2017: Containers! Why Docker, Why NOW?
Phil Estes
 
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinEmpower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Phil Estes
 
Containerize, PaaS, or Go Serverless!?
Containerize, PaaS, or Go Serverless!?Containerize, PaaS, or Go Serverless!?
Containerize, PaaS, or Go Serverless!?
Phil Estes
 

More from Phil Estes (20)

Enabling Security via Container Runtimes
Enabling Security via Container RuntimesEnabling Security via Container Runtimes
Enabling Security via Container Runtimes
 
Extended and embedding: containerd update & project use cases
Extended and embedding: containerd update & project use casesExtended and embedding: containerd update & project use cases
Extended and embedding: containerd update & project use cases
 
Cloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications PrimerCloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications Primer
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A Primer
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A Primer
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for Kubernetes
 
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
 
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
 
Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019
 
What's Running My Containers? A review of runtimes and standards.
What's Running My Containers? A review of runtimes and standards.What's Running My Containers? A review of runtimes and standards.
What's Running My Containers? A review of runtimes and standards.
 
FOSDEM 2019: A containerd Project Update
FOSDEM 2019: A containerd Project UpdateFOSDEM 2019: A containerd Project Update
FOSDEM 2019: A containerd Project Update
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?
 
It's 2018. Are My Containers Secure Yet!?
It's 2018. Are My Containers Secure Yet!?It's 2018. Are My Containers Secure Yet!?
It's 2018. Are My Containers Secure Yet!?
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open Communities
 
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesWhose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
 
Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime Performance
 
AtlanTEC 2017: Containers! Why Docker, Why NOW?
AtlanTEC 2017: Containers! Why Docker, Why NOW?AtlanTEC 2017: Containers! Why Docker, Why NOW?
AtlanTEC 2017: Containers! Why Docker, Why NOW?
 
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinEmpower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
 
Containerize, PaaS, or Go Serverless!?
Containerize, PaaS, or Go Serverless!?Containerize, PaaS, or Go Serverless!?
Containerize, PaaS, or Go Serverless!?
 

Recently uploaded

E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
Hornet Dynamics
 
What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
aymanquadri279
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
ICS
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptxLORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
lorraineandreiamcidl
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
Gerardo Pardo-Castellote
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
Hironori Washizaki
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
Yara Milbes
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
Rakesh Kumar R
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
Hornet Dynamics
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 

Recently uploaded (20)

E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
 
What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptxLORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 

Devoxx 2016: A Developer's Guide to OCI and runC

  • 1. OCI and runC A developer’s guide for open container tools and projects Phil Estes, IBM Cloud Open Technology and Architecture @estesp / estesp@gmail.com
  • 2. Phil Estes Senior Technical Staff Member IBM Cloud, Open Technologies Container Strategy/Open Source Leader Docker community core engine maintainer < Linux/open source expertise for 15 years @ IBM < Community activities & accomplishments > Brought user namespace support to the Docker engine > Helped design v2.2 image specification with multi-platform support > Implemented first tool to create multi-platform images in Docker v2.3 registry > Member of the “Docker Captains” program 2 About Me
  • 3. Open Container Initiative (OCI) An open governance structure for creating open industry standards: a common container runtime and image format. • A Linux Foundation Collaborative Project • Free from control by any particular vendor’s specific cloud stack or ecosystem • Includes a specification, reference runtime* and now, a specified image format *seeded with runc + libcontainer by Docker
  • 4. OCI Specs & Status > Announced June 20th, 2015 > Charter signed on December 8th, 2015 > 49 current member companies > Both specifications nearing 1.0 release targets https://opencontainers.org https://github.com/opencontainers > Runtime specification: Release 1.0.0-rc2 / September 2016 https://github.com/opencontainers/runtime-spec/releases/tag/v1.0.0-rc2 1. Very close to an official 1.0 release of the runtime spec 2. Includes required core for Linux, Windows, and Solaris > Image format spec: Release 1.0.0-rc3 / October 2016 https://github.com/opencontainers/image-spec/releases/tag/v1.0.0-rc3 1. Seeded with Docker registry v2.2 specification 2. v1.0.0-rc3 approved and released last week
  • 5. Introduction to `runc` > runc is a client wrapper around libcontainer > Libcontainer is the OS level interface for containers Other platforms and architectures can implement the libcontainer API via their own primitives/system-level container concepts $ docker run -it --read-only -v /host:/hostpath alpine sh /# { "ociVersion": "0.6.0-dev", "platform": { "os": "linux", "arch": "amd64" }, "process": { "terminal": true, "args": [ "sh" ], "env": [ "PATH=/usr/local/sbin:/usr/local/bin:/bin” config.json
  • 6. ● CloudFoundry Garden OCI implementation ● https://github.com/cloudfoundry-incubator/guardian ● Uses runc as a backend for container execution ● Docker 1.11 (and above) ● Switched from direct libcontainer API linkage to calling runc as container executor ● Uses containerd as a gRPC daemon to disconnect Docker daemon (API/mgmt) from container execution (allows daemon restart in future without container runtime impact) runc in the “Wild” runv - Hyper.sh; small & lightweight hypervisor wraps contained process runz - Solaris zones implementation > Ports/Implementations:
  • 7. How does Docker use runc? Docker engine containerd gRPC ctr-shim ctr-shim runc runc https://github.com/docker/docker https://github.com/docker/containerd https://github.com/opencontainers/runc Docker client/API HTTP/REST
  • 8. OCI Image Tools > Docker engine save/load support for OCI format underway https://github.com/docker/docker/pull/26369 > `oci-fetch` tool being developed to pull OCI format images https://github.com/containers/oci-fetch > Official OCI project for image tooling (create/verify/etc.) https://github.com/opencontainers/image-tools > `acbuild` (ACI/rkt tooling) support for OCI image format https://github.com/containers/build/issues/249 > `skopeo` image query/fetch tool has support for OCI image format https://github.com/projectatomic/skopeo
  • 9. @estesp github.com/estesp estesp@gmail.com https://integratedcode.us IRC: estesp DEMO $ runc run alpine # / /usr/bin/runc https://github.com/opencontainers/runc /usr/bin/ocitools https://github.com/opencontainers/ocitools /usr/local/bin/riddler https://github.com/jessfraz/riddler /usr/local/bin/netns https://github.com/jessfraz/netns
  • 10. OCI & runc Futures ● Entry point for OS-level container technology implementations and added enhancements ○ Recent examples: seccomp, user namespaces, checkpoint/restore ○ Many smaller examples (lots of changes required for fully unprivileged containers) ● More users and contributed implementations (for runtime and image) ● What will you do with runc and the OCI specifications?