Innovating Out In The Open - OSCON 2016
•
3 likes•4,688 views
Phil Estes is a senior technical staff member at IBM who is involved in open source software including Linux, containers, and cloud technologies. He discusses his work contributing to Docker and the Open Container Initiative (OCI). The OCI is a Linux Foundation project that aims to create open standards for container runtimes and image formats. Estes helped bring features like user namespaces to Docker and helped design the multi-platform image specification. He also discusses runc, an OCI-compliant runtime that is used as the backend for Docker and CloudFoundry containers. Estes believes runc can continue to drive innovations in container features and implementations on different platforms and architectures.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Innovating Out In The Open - OSCON 2016
Similar to Innovating Out In The Open - OSCON 2016 (20)
More from Phil Estes
More from Phil Estes (20)
Recently uploaded
Recently uploaded (20)
Innovating Out In The Open - OSCON 2016
- 1. Innovating Out in the Open Phil Estes, IBM <estesp@us.ibm.com> Twitter/IRC: @estesp
- 2. Phil Estes Senior Technical Staff Member IBM Open Cloud Technologies @estesp > Docker core engine maintainer > Member of “Docker Captains” program > 10+ years involved in Linux/OSS > Interests: cloud/containers/Linux Intro Key upstream accomplishments > Brought user namespace support to the Docker engine > Helped design v2.2 image specification with multi-platform support > Implemented first tool to create multi-platform images in Docker v2.3 registry
- 3. Open Container Initiative (OCI) • A Linux Foundation Collaborative Project • Free from control by any particular vendor’s specific cloud stack or ecosystem • Includes a specification, reference runtime* and now, a specified image format An open governance structure for creating open industry standards: a common container runtime and image format. *seeded with runc + libcontainer by Docker
- 4. OCI: Specs and Status > Runtime specification: Release 0.5.0 / April 2016 https://github.com/opencontainers/runtime-spec/releases/tag/v0.5.0 Goal is to reach a 1.0 release by mid-June Includes required core for containerization on Linux & Windows > Image format specification: Release 0.1.0 / May 2016 https://github.com/opencontainers/image-spec/releases/tag/v0.1.0 Seeded with Docker registry v2.2 specification Work just beginning in the repository; 0.1 is a “stake in the ground” ▪ Announced June 20th, 2015 ▪ Charter signed on December 8th, 2015 ▪ 46 current member companies ▪ Target of a 1.0 specification (runtime) by June https://opencontainers.org https://github.com/opencontainers
- 5. Introduction to > is a client wrapper around libcontainer > Libcontainer is the OS level interface for containers Other platforms and architectures can implement the libcontainer API via their own primitives/system-level container concepts
- 6. Runc In The Wild ▪ CloudFoundry Garden OCI implementation - https://github.com/cloudfoundry-incubator/guardian - Uses runc as a backend for container execution ▪ Docker 1.11 (and above) - Switched from direct libcontainer API linkage to calling runc as container executor - Uses containerd as a gRPC daemon to disconnect Docker daemon (API/mgmt) from container execution (allows daemon restart in future without container runtime impact)
- 7. runC: An open innovation platform for containers Implement low-level container features ▪ Operating system level features should be defined in the OCI runtime specification ▪ New capabilities (PID cgroup controls, checkpoint/restore, seccomp) implemented in runC OCI compliance/pluggable execution engine ▪ Implement a OS/environment for containers via an OCI spec compliant binary ▪ Examples: runz (Solaris zones), runv (hypervisor-based), Intel Clear Containers Iterative container configuration test/debug ▪ Simple variant of “Docker-like” containers with less friction for quick modifications ▪ Low bar for dependencies: single binary + physical rootfs bundle + JSON config
- 8. Let’s Demo What I’m going to show you: →
- 9. OCI Futures - Image format specification - Just getting underway - More users and contributed implementations - runC innovations moving into higher level implementations - Checkpoint+restore under consideration for exposure via Docker API - Seccomp, user namespaces, and PID limits are prior examples - What do you plan to do with OCI and/or runC?