Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes


Published on

A talk given at Cloud Native London meetup, February 6, 2018 on the role of container runtimes in Kubernetes, the introduction of the Container Runtime Interface (CRI), and the history of containerd and it's use as a CRI implementing container runtime for Kubernetes.

Published in: Software

Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes

  1. 1. Whose Job Is It Anyway? The role of container runtimes, the CRI, and Kubernetes
  2. 2. Hello! Phil Estes > Office of the CTO > IBM Watson & Cloud Platform > Docker Captain > Containerd and Moby Project maintainer 2
  3. 3. 1. Kubernetes & Runtimes A quick history
  4. 4. @estesp Kubernetes is an Orchestrator ▪ Kubernetes has no code to execute or run containers on Linux or Windows ▪ Initially the Kubernetes pod manager (called “kubelet”) had direct linkage to the Docker engine 4 kubelet dockershim dockerd containerd runc
  5. 5. Runtime specification Image specification runC implementation 2013 2014 2015 2016 2017 Garden-runC Guardian project K8sCRI *[0.2.x branch] *[1.0 branch] 5
  6. 6. 2. Kubernetes CRI The Container Runtime Interface
  7. 7. @estesp Kubernetes Announces the CRI 7
  8. 8. @estesp The CRI gRPC API ▪ Includes container lifecycle operations (start, stop, pause, unpause, delete) ▪ Includes K8s pod-centric operations (start/stop pod, status of pod, remove) ▪ Requires simple image operations (pull, list, status, remove) ▪ Requires some basic administrative functions (exec, attach, ports, logs, stats) 8
  9. 9. @estesp So, who implements the CRI today? ▪ Docker, containerd, rkt, frakti, cri-o □ Future: Kata containers? 9 kubelet dockershim dockerd kubelet cri-containerd containerd kubelet cri-o runc kubelet frakti runV dockerd kubelet --container-runtime {string} --container-runtime-endpoint {string}
  10. 10. 3. Containerd & CRI-Containerd Containerd as a runtime for K8s
  11. 11. @estesp runc containerd Why Containerd 1.0? ▪ Continue projects spun out from monolithic Docker engine ▪ Expected use beyond Docker engine (Kubernetes CRI) ▪ Donation to foundation for broad industry collaboration □ Similar to runc/libcontainer and the OCI
  12. 12. @estesp Technical Goals/Intentions ▪ Clean gRPC-based API + client library ▪ Full OCI support (runtime and image spec) ▪ Stability and performance with tight, well-defined core of container function ▪ Decoupled systems (image, filesystem, runtime) for pluggability, reuse
  13. 13. @estesp Containerd Architecture Runtimes Metadata ContainersContent DiffSnapshot Tasks EventsImages GRPC Metrics Runtimes Storage OS
  14. 14. @estesp Release Process Latest Release: v1.0.2 (-rc.1 will release in the next day) Key Points: ▪ Using SemVer ▪ Major releases have a support horizon with backported fixes □ Already proven out post-1.0.0 with 2 releases ▪ Next release (v1.1) plans will include Windows container runtime support and other enhancements ▪ Stability and compatibility provided for & documented
  15. 15. @estesp ▪ Containerd is a member project within the Cloud Native Computing Foundation (CNCF) ▪ The Moby project governance, adopted in Q42017 is not a BDFL model ▪ The newly formed Moby Technical Steering Committee (TSC) oversees Moby projects ▪ Broad base of contributors, and growing TOP TEN CONTRIBUTORS 1. Docker 2. Google 3. NTT 4. Tesla* 5. IBM 6. ZTE 7. Microsoft 8. Red Hat** 9. Huawei 10. Amazon Web Services * Former Docker maintainer left for Tesla ** Red Hat contributions mostly prior to 1.0 codebase Project Contributors
  16. 16. @estesp Users - CURRENT - Docker (moby) - Kubernetes (cri-containerd) - SwarmKit - LinuxKit - BuildKit - PLANNING/DEVELOPING - CloudFoundry (Garden-runC) - Apache OpenWhisk - Puppet R&D - {your project here}
  17. 17. @estesp kubelet kubelet dockershim (CRI) Docker engine containerd containerd-shim containerd-shim containerd-shim runc runc runc containerd containerd-shim containerd-shim containerd-shim runc runc runc cri plugin containerd cri-containerd ttrpc: very lightweight gRPC protocol format Kubernetes CRI Runtimes: Docker vs. cri-containerd ( **NOTE: Cri-container project merged into containerd GitHub project in January 2018; will become a plugin within the containerd binary ) ** 17
  18. 18. @estesp Containerd Benefits ● Designed and implemented with broad usage as a core container runtime in mind: ○ Docker, LinuxKit, Kubernetes and embedded core runtime use cases (OpenWhisk, Cloud Foundry) ● Stress testing validating stability and performance guarantees 24/7 ● Attention to detail re: Go/gRPC APIs for usability and ease of embedding ● Focus on compatibility guarantees; bug fix backports for high level of support on major version levels
  19. 19. Source: ▪ Requires runc and containerd to be installed (distro packaging lagging these projects) ▪ CRI-Containerd project has been doing binary releases with dependencies included (future TBD) ▪ No requirement for Docker engine installation on worker nodes at all ▪ LinuxKit also using (and providing) this configuration in their default Kubernetes project: ▪ “make all KUBE_RUNTIME=cri-containerd” ▪ See: Using Containerd in Kubernetes 1.9+
  20. 20. @estesp Summary ▪ Introducing the CRI helped abstract runtime requirements from a specific container engine ▪ The CRI now gives Kubernetes admins and/or cluster creators a choice for container runtime options ▪ Containerd (and its CRI implementation) is purpose-built for the K8s and Docker stacks as a high-performance, supported and stable runtime 20
  21. 21. 21 Thanks! @estesp Slack/IRC: estesp