Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kubernetes CRI containerd integration by Lantao Liu (Google)

26,187 views

Published on

The talk will firstly give a brief review of the runtime portability of Kubernetes, then talk about why containerd is attractive to Kubernetes, and then give a brief introduction and status update of Kubernetes Containerd Integration and a demo.

Published in: Technology
  • Be the first to comment

Kubernetes CRI containerd integration by Lantao Liu (Google)

  1. 1. Kubernetes Container Integration - CRI-Container 14 Sept, 2017 Lantao Liu <Random-Liu@github> Google Kubernetes Abhinandan Prativadi <abhinandanpb@github> Docker
  2. 2. Contents ● Container Runtime Interface (CRI) ● CRI & Containerd ● CRI-Containerd ● Q & A
  3. 3. Contents ● Container Runtime Interface (CRI) ● CRI & Containerd ● CRI-Containerd ● Q & A
  4. 4. Container Runtime Interface ● What is Container Runtime Interface (CRI) ? ○ A gRPC interface and a group of libraries ○ Enables Kubernetes to use a wide variety of container runtimes ○ Introduced in Kubernetes 1.5 Kubelet CRI gRPC client CRI shim CRI gRPC server container runtime container container container container container
  5. 5. Container Runtime Interface ● CRI Runtimes ○ cri-containerd: https://github.com/kubernetes-incubator/cri-containerd ○ cri-o: https://github.com/kubernetes-incubator/cri-o ○ Docker (Upstream): https://github.com/kubernetes/kubernetes/tree/master/pkg/kubelet/dockershim ○ frakti: https://github.com/kubernetes/frakti ○ rktlet: https://github.com/kubernetes-incubator/rktlet ○ virtlet: https://github.com/Mirantis/virtlet ● CRI Tools https://github.com/kubernetes-incubator/cri-tools ○ critest: CRI Validation Test Suite ○ crictl: CRI Command Line Tool
  6. 6. Contents ● Container Runtime Interface (CRI) ● CRI & Containerd ● CRI-Containerd ● Q & A
  7. 7. CRI & Containerd ● The scope of containerd 1.0 aligns with the requirement of CRI. Name CRI Requirement Containerd 1.0 Scope Container Lifecycle Management Create/Start/Stop/Delete/Lis t/Inspect In Image Management Pull/List/Inspect In Networking K8s handles pod and service network, container runtime SHOULD NOT provide extra network solution. Out No concrete network solution. User can setup network namespace, and put container into it.
  8. 8. CRI & Containerd ● Continued Name CRI Requirement Containerd Scope Volumes K8s manages volumes. Container runtime SHOULD NOT provide extra volume support. Out No volume management. User can setup host path, and mount into container. Persistent Container Logging K8s has specific requirements for persistent container logging, namely format and path. Container runtime SHOULD NOT persist an unmanageable log. Out No persistent container logging. Container stdio is provided as FIFOs, which can be redirected/decorated as is required.
  9. 9. CRI & Containerd ● Continued Name CRI Requirement Containerd Scope Metrics K8s expects container runtime to provide container metrics (CPU, Memory, Writable Layer Size etc.) and image filesystem usage. In Containerd provides these metrics as part of the API.
  10. 10. CRI & Containerd ● Other alignments with Kubernetes: ○ Decentralized container management - containerd-shim. ■ Live restore. ■ Charge container management overhead to corresponding pod. ○ Decoupled image and container management. ■ Support other image formats (e.g. tarball) ○ Extensible image management: ■ Client-driven Image Download ■ Snapshotter ○ Support OCI image/runtime spec. ○ CNCF project. ○ ...
  11. 11. Contents ● Container Runtime Interface (CRI) ● CRI & Containerd ● CRI-Containerd ● Q & A
  12. 12. CRI-Containerd ● cri-containerd: A containerd based implementation of CRI. ○ https://github.com/kubernetes-incubator/cri-containerd ○ Kubernetes incubator project. ○ Started in April 2017. containercontainerKubelet dockershim docker container d container container CRI containercontainer Kubelet cri-containerd container d container container CRI dockershim cri-containerd
  13. 13. CRI-Containerd Architecture Pod B Pod A Cgroups Pod A Namespaces cri-containerd sandbox container containerd shim image service runtime service Kubelet gRPC Client containerd shim container A ocicni
  14. 14. CRI-Containerd Status ● Dependencies: ○ Kubernetes: >= v1.7 ○ containerd: v1.0.0-beta.0 (daily/weekly update) ○ CNI: v0.6.0 (Spec Version: 0.3.1) ● All features in CRI (K8s 1.8) supported other than 3 missing features being added soon: ○ Seccomp. Under review. ○ Metrics. Kubelet and containerd changes merged, cri-containerd support in 1-2 weeks. ○ Mount Propagation (K8s 1.8): Under review. ● 37/37 CRI validation tests passing (Per-PR test) ● 180/182 node e2e tests passing (Per-PR test) ○ Running the same set of K8s PR node e2e test.
  15. 15. CRI-Containerd Plan for 2017 ● 1.0.0-alpha.0 by the end of September. ○ Feature Complete. ○ All Kubernetes PR node e2e tests passing. ○ Use kubeadm to bring up Kubernetes cri-containerd cluster. ○ Release tarball for distribution and installation. ● Q4: Additional testing, bug fixes and documentation. ○ Test: Setup FULL SET of node/cluster e2e test in Kubernetes test infra. ■ Suites: Slow, Serial, Reboot, Performance etc. ■ OS: Ubuntu, COS (Container-Optimized OS) etc. ○ Ease of use: ■ Documentation. ■ Polish kubeadm integration. ■ kube-up.sh integration. ○ 1.0.0-beta.0 by the end of 2017.
  16. 16. Demo ● Demo Focus: ○ Installation ○ Cluster lifecycle ○ Networking ○ Namespace management ○ Mount Propagation ○ Pod operations ○ Sample Demo App
  17. 17. Recap ● CRI is the standard way to integrate Container Runtime with Kubernetes. ● New containerd matches CRI and Kubernetes’ requirement very well. ● CRI-Containerd 1.0.0-alpha.0 is releasing by the end of September. It will be feature complete.
  18. 18. Links ● Github: https://github.com/kubernetes-incubator/cri-containerd ● Slack: https://kubernetes.slack.com/messages/sig-node ● Mailing List: https://groups.google.com/forum/#!forum/kubernetes- sig-node ● Maintainers: ○ Lantao Liu <lantaol@google.com> ○ Abhi Prativadi <abhi@docker.com> ○ Mike Brown <brownwm@us.ibm.com>
  19. 19. Q & A

×