Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Looking Under The Hood: containerD


Published on

As we move to our application units to containers most people are asking themselves the question about orchestrator choice. That is not the only choice that’s important, what about the underlying container runtime? In this talk, we will look at why you would use containerD with runC with both Swarm and Kubernetes, but other uses for ContainerD like container OS’s to ship immutable infrastructure.

Published in: Technology
  • Be the first to comment

Looking Under The Hood: containerD

  1. 1. Looking under the hood: containerd Scott Coulton Principal software engineer @ Puppet
  2. 2. The talk should have been called? containerd, What does it mean for me ?
  3. 3. About me ... @scotty-c @scottcoulton
  4. 4. Agenda ● What is containerd? ● Why is containerd a critical part of the container ecosystem ? ● What upstream projects use containerd ● How is containerd changing the way we build container products
  5. 5. What is containerd?
  6. 6. “containerd is an industry-standard core container runtime with an emphasis on simplicity, robustness and portability. containerd can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments.”
  7. 7. Let’s breakdown containerd ● CTR (containerd CLI) ● A daemon exposing gRPC API over a local UNIX socket ● Protobuf specs between components
  8. 8. Runtimes Metadata ContainersContent DiffSnapshot Tasks EventsImages GRPC Metrics Runtimes Storage OS
  9. 9. containerd gives us ● OCI Image Spec support ● OCI Runtime Spec support (aka runC) ● Image push and pull support ● Management of namespaces
  10. 10. What upstream projects use containerd
  11. 11. How does containerd architecture allow other projects to interact with it containerd OS (Storage, FS, Networking Runtimes API Client (moby, cri-containerd, etc.)
  12. 12. How does containerd architecture allow other projects to interact with it
  13. 13. containerd is used in ● Moby ● Moby linux kit (I want to talk about this separately) ● Kubernetes
  14. 14. The Moby Project
  15. 15. The Moby project is made up of ● The Docker Engine ● SwarmKit ● HyperKit ● RunC ● Also LinuxKit (I want to cover that separately)
  16. 16. How does containerd interact with Moby
  17. 17. How is ContainerD different from Docker
  18. 18. LinuxKit
  19. 19. What is LinuxKit ? ● Lean OS. Minimal size, minimal boot time ● 4.9 Kernel ● Allows you to run any container runtime ● Batteries included but can be replaced
  20. 20. Why is it different to a traditional OS ? ● Smaller attack surface ● Immutable infrastructure ● Sandboxed system services ● Specialized patches and configurations ● You have full control over the build ● The configuration is all yaml
  21. 21. How is containerd integrated with LinuxKit ? init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:2649198589ef0020d99f613adaeda45ce0093a38 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288
  22. 22. Every containerd demo we have done has run in LinuxKit
  23. 23. Kubernetes
  24. 24. How does containerd and Kubernetes interact ?
  25. 25. To follow this project
  26. 26. Yesterdays news
  27. 27. Questions ?
  28. 28. Thank you