Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?


Published on

A talk given at Craft Conf in Budapest, Hungary on May 10th, 2019. In this talk, Phil walked through the history of the need for a Container Runtime Interface (CRI) in Kubernetes, followed by an overview of all available CRI implementations, focusing on containerd, the CNCF core container runtime used in many clouds and projects. Phil demonstrated the "layers" of interaction from Kubernetes API, to CRI API to a container runtime's native API using an IBM Cloud Kubernetes cluster using containerd 1.2.6.

Published in: Software
  • Be the first to comment

CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?

  1. 1. @estesp CRI Runtimes: Who is running my pod?
  2. 2. @estesp Hello! I’m Phil Estes Distinguished Engineer Linux OS & Container Architecture Strategy IBM Cloud, Office of the CTO CNCF Ambassador, containerd maintainer @estesp
  3. 3. @estesp I bet you’ve used Docker. You’re probably using Kubernetes?
  4. 4. @estesp orchestrator Kubernetes is an
  5. 5. @estesp kubelet dockershim dockerd containerd runc Kubernetes doesn’t run your containers
  6. 6. @estesp Runtime wars led to OCI specs OCI specifications Linux kernel Windows kernel Docker, containerd, cri-o, Kata, Firecracker, gVisor, Nabla, Singularity, ... DockerHub, OSS distribution project, Cloud registries, JFrog, ...
  7. 7. @estesp
  8. 8. @estesp Kubernetes Container Runtime CRI ▧ K8s API ▧ Storage ▧ Networking (CNI) ▧ Healthchecks ▧ Placement ▧ Custom resources ▧ Pod container lifecycle ○ Start/stop/delete ▧ Image management ○ Push/pull/status ▧ Status ▧ Container interactions ○ attach, exec, ports, log
  9. 9. @estesp kubelet --container-runtime {string} --container-runtime-endpoint {string} What Runtimes Exist? kubelet dockershim dockerd kubelet cri-containerd containerd kubelet cri-o runc kubelet containerd Kata Firecracker kubelet singularity-cri singularity *and Nabla, gVisor, ... *v2 shim
  10. 10. @estesp CRI Runtimes Overview • A stable, core, performant core container runtime for the cloud • Has a CRI implementation, and is a CNCF graduated project • “all the runtime Kubernetes needs and nothing more”; RH created • CRI implementation over runc and 2 open libraries; K8s incubator • Intel Clear Containers + combined project • Lightweight virtualization (KVM/qemu) under cri-o and containerd • Amazon open source project announced Nov 2018; lightweight virt. • Uses Rust-based VMM instead of qemu; plugs into containerd • CRI implementation over Sylabs Singularity runtime project • Userbase traditionally from academia/HPC use cases
  11. 11. @estesp But... why should I care?
  12. 12. @estesp The benefits of runtime pluggability are mostly focused on operational concerns.
  13. 13. @estesp runtimes
  14. 14. @estesp What do I need? ▧ Performance ▧ Stability ▧ (Optional) Hypervisor Isolation ▧ Security Capabilities ▧ Broad Usage ▧ Multi-architecture Support
  15. 15. @estesp A Core Runtime runc containerd 20182016 March 2017 Feb 2019 containerd to CNCF containerd created 1.1, 1.2 major releases CNCF graduated proj.
  16. 16. @estesp Containerd + CRI
  17. 17. @estesp Containerd Adoption
  18. 18. @estesp Kubernetes 1.14.1 + contained 1.2.6
  19. 19. @estesp Demo time
  20. 20. @estesp What is all this? $ kubectl kubelet cri-containerd containerd $ crictl $ ctr K8s API CRI API containerd API
  21. 21. @estesp Going Further ▧ crictl User’s Guide: ▧ Stephen Day’s KubeCon 2018 containerd talk: ▧ Containerd project and website: ▧ My blog posts on the topic:
  22. 22. @estesp Thanks! Any questions? You can find me at: @estesp
  23. 23. @estesp Credits Special thanks to all the people who made and released these awesome resources for free: ▧ Presentation template by SlidesCarnival ▧ Photographs by Unsplash ▧ Backgrounds by Pixeden