SlideShare a Scribd company logo
1 of 34
http://strikr.in/ CC BY NC-SA 4.0
containerD
saifi@acm.org
http://strikr.in/ CC BY NC-SA 4.0
pattern seen in FOSS infra stack
infrastructure
Runtime
Orchestration
Differentiators
Commercial
extensions
http://strikr.in/ CC BY NC-SA 4.0
Docker as an example
InfraKit
containerD
SwarmKit
Docker EE, Store etc.
Plugins
Storage
Networking
API CLI Compose Build
Docker
Content
Trust
Distri-
bution
Auth
http://strikr.in/ CC BY NC-SA 4.0
Docker Engine
● Container platform for
– Complete
– Distributed
– Application
– Life cycle
http://strikr.in/ CC BY NC-SA 4.0
Container engine split
containerD: a daemon born from extracting
the container execution subset of the Docker Engine.
http://strikr.in/ CC BY NC-SA 4.0
What is a 'shim' ?
● A shim is a small library that transparently
– intercepts API calls
– changes the arguments passed
– handles the operation itself or redirects
● Benefit
– Support an old API in a new environment
– Support a new API in a older environment
– Run programs on platform other than they
were developed for
http://strikr.in/ CC BY NC-SA 4.0
containerD
runC
Docker
runC runC
containerD
containerD-shim containerD-shim containerD-shim
http://strikr.in/ CC BY NC-SA 4.0
containerD
● Core container runtime
● The daemon that controls runC
http://strikr.in/ CC BY NC-SA 4.0
ContainerD
● Architecture
– designed to be embedded into a larger
system
– rather than being used directly by developers
or end-users.
● daemon
– exposes gRPC API over a local UNIX socket.
– unix:///var/run/docker/libcontainerd/docker-containerd.sock
http://strikr.in/ CC BY NC-SA 4.0
containerD
● API design
– low-level one designed for higher layers to
wrap and extend.
● CLI
– a barebone CLI (ctr) designed for
development and debugging purpose.
● interface with runC
– uses runC to run containers according to the
OCI specification.
http://strikr.in/ CC BY NC-SA 4.0
RoadMap
Y
Y
Y
Y
http://strikr.in/ CC BY NC-SA 4.0
the promise of containerD 1.0
● Container execution and supervision
● Image distribution
● Network Interfaces Management
● Local storage
● Native plumbing level API
● Full OCI support, including the extended OCI
image specification
Windows – Linux parity
8 months ago
http://strikr.in/ CC BY NC-SA 4.0
the promise of containerD 1.0
● OCI Image Spec support
● OCI Runtime Spec support (aka runC)
● Image push and pull support
● Container runtime and lifecycle support
● Network primitives for creation, modification,
and deletion of interfaces
● Management of network namespaces
containers to join existing namespaces
● Multi-tenant supported with CAS storage for
global images
July 29th
2017
http://strikr.in/ CC BY NC-SA 4.0
http://strikr.in/ CC BY NC-SA 4.0
containerD components
http://strikr.in/ CC BY NC-SA 4.0
ctr shipped with Docker 17.06
$ docker-containerd-ctr --help
NAME:
ctr - High performance container daemon cli
USAGE:
docker-containerd-ctr [global options] command [command options] [arguments...]
VERSION:
0.2.3 commit: cfb82a876ecc11b5ca0977d1733adbe58599088a
http://strikr.in/ CC BY NC-SA 4.0
ctr shipped with Docker 17.06
COMMANDS:
checkpoints list all checkpoints
containers interact with running containers
events receive events from the containerd daemon
state get a raw dump of the containerd state
version return the daemon version
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug enable debug output in the logs
--address value proto://address of GRPC API
(default: "unix:///run/containerd/containerd.sock")
--conn-timeout value GRPC connection timeout (default: 1s)
--help, -h show help
--version, -v print the version
unix:///var/run/containerd/containerd.sock
http://strikr.in/ CC BY NC-SA 4.0
ctr (master as of 2017-07-29)
USAGE:
ctr-20170729 [global options] command [command options] [arguments...]
VERSION:
v1.0.0-alpha2-18-g20fa6aee
GLOBAL OPTIONS:
--debug enable debug output in logs
--address value, -a value address for containerd's GRPC server
(default: "/run/containerd/containerd.sock")
--timeout value total timeout for ctr commands (default: 0s)
--connect-timeout value timeout for connecting to containerd (default: 0s)
--namespace value, -n value namespace to use with commands
(default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version
http://strikr.in/ CC BY NC-SA 4.0
COMMANDS:
apply apply layer from stdin to dir
attach attach to the IO of a running container
checkpoint checkpoint a container
containers, c manage containers (metadata)
content content management
events display containerd events
exec execute additional processes in an existing container
fetch fetch all content for an image into containerd
fetch-object retrieve objects from a remote
images image management
info get info about a container
kill signal a container (default: SIGTERM)
namespaces manage namespaces
pause pause an existing container
pprof provides golang pprof outputs for containerd
ps list processes for container
pull pull an image from a remote
push push an image to a remote
push-object pushes an object to a remote
resume resume a paused container
rootfs rootfs setups a rootfs
run run a container
snapshot snapshot management
tasks, t manage tasks
version print the version
shim interact with a shim directly
help, h shows a list of commands or help for one command
http://strikr.in/ CC BY NC-SA 4.0
ctr usage examples
Start a container say
docker run –interactive –tty alpine:latest /bin/sh
docker-containerd-ctr 
--address "/var/run/docker/libcontainerd/docker-containerd.sock"
containers
docker-containerd-ctr 
--address "/var/run/docker/libcontainerd/docker-containerd.sock"
containers 
exec 
--id=346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c 
--pid=20 
--cwd=/ -a /bin/ps aux
docker-containerd-ctr 
--address "/var/run/docker/libcontainerd/docker-containerd.sock"
state 346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c
http://strikr.in/ CC BY NC-SA 4.0
the promise of containerD 1.0
https://github.com/containerd/containerd/milestones
July 29th
2017
0630 IST
http://strikr.in/ CC BY NC-SA 4.0
containerD in the ecosystem
SmartOS
containerD
Swarm
Docker
$$
Linux Solaris Windows MacOS
Pivotal
$$
Mesos
DC/OS
$$
k8s
$$
OpenShift
Google
Swarm
Azure
$$
Cloud Foundry
BlueMix
$$
Your
own
Mesos k8s ECS
AWS
$$
http://strikr.in/ CC BY NC-SA 4.0
containerD in the ecosystem
containerD
Swarm
Docker
$$
Pivotal
$$
Mesos
DC/OS
$$
k8s
$$
OpenShift
Google
Swarm
Azure
$$
Cloud Foundry
BlueMix
$$
Your
own
Mesos k8s ECS
AWS
$$
SmartOS Linux Solaris Windows MacOS
OCI
(Open Container Initiative)
http://strikr.in/ CC BY NC-SA 4.0
runC
● universal runtime for OS Containers
● CLI tool for spawning and running containers
according to the OCI specification.
http://strikr.in/ CC BY NC-SA 4.0
runC
● a CLI tool for spawning and running containers
according to the OCI specification.
● runC
– Depends on runtime-spec repo
– Supports Linux platform only
– Must be built with Go 1.6+
– Executes build tags for features
– Linux kernel 4.3+
– Uses 'vndr' for dependency management
http://strikr.in/ CC BY NC-SA 4.0
runC
rootfs
config.json
runC
Container executed
Containers are configured using bundles.
A bundle for a container is a directory that includes
- a specification file named "config.json" and
- a root filesystem rootfs.
The root filesystem contains the contents of the container.
http://strikr.in/ CC BY NC-SA 4.0
runC
USAGE:
runc [global options] command [command options] [arguments...]
COMMANDS:
checkpoint checkpoint a running container
delete delete any resources held by the container often used with detached containers
events display container events such as OOM notifications, cpu, memory, IO, network stats
exec execute new process inside the container
init initialize the namespaces and launch the process (do not call it outside of runc)
kill kill sends the specified signal (default: SIGTERM) to the container's init process
list lists containers started by runc with the given root
pause pause suspends all processes inside the container
restore restore a container from a previous checkpoint
resume resumes all processes that have been previously paused
spec create a new specification file
start create and run a container
state output the state of a container
help, h Shows a list of commands or help for one command
http://strikr.in/ CC BY NC-SA 4.0
runC CLI
GLOBAL OPTIONS:
--debug enable debug output for logging
--log "/dev/null" set the log file path where internal debug information is written
--log-format "text" set the format used by logs ('text' (default), or 'json')
--root "/run/runc" root directory for storage of container state (this should be located in tmpfs)
--criu "criu" path to the criu binary used for checkpoint and restore
--systemd-cgroup enable systemd cgroup support, expects cgroupsPath to be of form
"slice:prefix:name" for e.g. "system.slice:runc:434234"
--help, -h show help
--version, -v print the version
http://strikr.in/ CC BY NC-SA 4.0
runC client
● runc is a command line client for running
applications packaged according to the Open
Container Format (OCF) and is a compliant
implementation of the Open Container Initiative
(OCI) specification.
http://strikr.in/ CC BY NC-SA 4.0
runC and process supervisors
● runc integrates well with existing process
supervisors to provide a production container
runtime environment for applications.
● runc can be used with your existing process
monitoring tools and the container will be
spawned as a direct child of the process
supervisor.
http://strikr.in/ CC BY NC-SA 4.0
References (shim)
● https://en.wikipedia.org/wiki/Shim_(computing)
● http://www.ryde.net/code/bind.c.txt
● http://technet.microsoft.com/en-us/library/dd837644(
http://strikr.in/ CC BY NC-SA 4.0
References (containerD)
● https://github.com/containerd/containerd
● https://github.com/containerd/containerd/milestones
http://strikr.in/ CC BY NC-SA 4.0
References (runC)
● https://github.com/opencontainers/runc
●
http://strikr.in/ CC BY NC-SA 4.0
References (OCI Specs)
● OCI Image Spec
https://www.slideshare.net/StrikrHQ/oci-image-spec
● OCI Runtime Spec
https://www.slideshare.net/StrikrHQ/oci-runtime-spec

More Related Content

What's hot

Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Community
 
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies Daniel Oh
 
Storage 101: Rook and Ceph - Open Infrastructure Denver 2019
Storage 101: Rook and Ceph - Open Infrastructure Denver 2019Storage 101: Rook and Ceph - Open Infrastructure Denver 2019
Storage 101: Rook and Ceph - Open Infrastructure Denver 2019Sean Cohen
 
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...Vietnam Open Infrastructure User Group
 
Ceph Introduction 2017
Ceph Introduction 2017  Ceph Introduction 2017
Ceph Introduction 2017 Karan Singh
 
BlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephBlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephSage Weil
 
Container Performance Analysis
Container Performance AnalysisContainer Performance Analysis
Container Performance AnalysisBrendan Gregg
 
Tutorial ceph-2
Tutorial ceph-2Tutorial ceph-2
Tutorial ceph-2Tommy Lee
 
What you need to know about ceph
What you need to know about cephWhat you need to know about ceph
What you need to know about cephEmma Haruka Iwao
 
Ceph Performance and Sizing Guide
Ceph Performance and Sizing GuideCeph Performance and Sizing Guide
Ceph Performance and Sizing GuideJose De La Rosa
 
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA Architecture
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA ArchitectureCeph Day Beijing - Ceph All-Flash Array Design Based on NUMA Architecture
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA ArchitectureDanielle Womboldt
 
Deploying PostgreSQL on Kubernetes
Deploying PostgreSQL on KubernetesDeploying PostgreSQL on Kubernetes
Deploying PostgreSQL on KubernetesJimmy Angelakos
 
Ceph Tech Talk -- Ceph Benchmarking Tool
Ceph Tech Talk -- Ceph Benchmarking ToolCeph Tech Talk -- Ceph Benchmarking Tool
Ceph Tech Talk -- Ceph Benchmarking ToolCeph Community
 
Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...
Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...
Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...Vietnam Open Infrastructure User Group
 
Storage tiering and erasure coding in Ceph (SCaLE13x)
Storage tiering and erasure coding in Ceph (SCaLE13x)Storage tiering and erasure coding in Ceph (SCaLE13x)
Storage tiering and erasure coding in Ceph (SCaLE13x)Sage Weil
 
Optimizing Servers for High-Throughput and Low-Latency at Dropbox
Optimizing Servers for High-Throughput and Low-Latency at DropboxOptimizing Servers for High-Throughput and Low-Latency at Dropbox
Optimizing Servers for High-Throughput and Low-Latency at DropboxScyllaDB
 
Ceph Day London 2014 - Best Practices for Ceph-powered Implementations of Sto...
Ceph Day London 2014 - Best Practices for Ceph-powered Implementations of Sto...Ceph Day London 2014 - Best Practices for Ceph-powered Implementations of Sto...
Ceph Day London 2014 - Best Practices for Ceph-powered Implementations of Sto...Ceph Community
 
[OpenInfra Days Korea 2018] Day 2 - CEPH 운영자를 위한 Object Storage Performance T...
[OpenInfra Days Korea 2018] Day 2 - CEPH 운영자를 위한 Object Storage Performance T...[OpenInfra Days Korea 2018] Day 2 - CEPH 운영자를 위한 Object Storage Performance T...
[OpenInfra Days Korea 2018] Day 2 - CEPH 운영자를 위한 Object Storage Performance T...OpenStack Korea Community
 

What's hot (20)

Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOcean
 
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
 
Storage 101: Rook and Ceph - Open Infrastructure Denver 2019
Storage 101: Rook and Ceph - Open Infrastructure Denver 2019Storage 101: Rook and Ceph - Open Infrastructure Denver 2019
Storage 101: Rook and Ceph - Open Infrastructure Denver 2019
 
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
 
Ceph Introduction 2017
Ceph Introduction 2017  Ceph Introduction 2017
Ceph Introduction 2017
 
BlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephBlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for Ceph
 
Container Performance Analysis
Container Performance AnalysisContainer Performance Analysis
Container Performance Analysis
 
Podman rootless containers
Podman rootless containersPodman rootless containers
Podman rootless containers
 
Tutorial ceph-2
Tutorial ceph-2Tutorial ceph-2
Tutorial ceph-2
 
Ceph issue 해결 사례
Ceph issue 해결 사례Ceph issue 해결 사례
Ceph issue 해결 사례
 
What you need to know about ceph
What you need to know about cephWhat you need to know about ceph
What you need to know about ceph
 
Ceph Performance and Sizing Guide
Ceph Performance and Sizing GuideCeph Performance and Sizing Guide
Ceph Performance and Sizing Guide
 
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA Architecture
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA ArchitectureCeph Day Beijing - Ceph All-Flash Array Design Based on NUMA Architecture
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA Architecture
 
Deploying PostgreSQL on Kubernetes
Deploying PostgreSQL on KubernetesDeploying PostgreSQL on Kubernetes
Deploying PostgreSQL on Kubernetes
 
Ceph Tech Talk -- Ceph Benchmarking Tool
Ceph Tech Talk -- Ceph Benchmarking ToolCeph Tech Talk -- Ceph Benchmarking Tool
Ceph Tech Talk -- Ceph Benchmarking Tool
 
Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...
Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...
Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...
 
Storage tiering and erasure coding in Ceph (SCaLE13x)
Storage tiering and erasure coding in Ceph (SCaLE13x)Storage tiering and erasure coding in Ceph (SCaLE13x)
Storage tiering and erasure coding in Ceph (SCaLE13x)
 
Optimizing Servers for High-Throughput and Low-Latency at Dropbox
Optimizing Servers for High-Throughput and Low-Latency at DropboxOptimizing Servers for High-Throughput and Low-Latency at Dropbox
Optimizing Servers for High-Throughput and Low-Latency at Dropbox
 
Ceph Day London 2014 - Best Practices for Ceph-powered Implementations of Sto...
Ceph Day London 2014 - Best Practices for Ceph-powered Implementations of Sto...Ceph Day London 2014 - Best Practices for Ceph-powered Implementations of Sto...
Ceph Day London 2014 - Best Practices for Ceph-powered Implementations of Sto...
 
[OpenInfra Days Korea 2018] Day 2 - CEPH 운영자를 위한 Object Storage Performance T...
[OpenInfra Days Korea 2018] Day 2 - CEPH 운영자를 위한 Object Storage Performance T...[OpenInfra Days Korea 2018] Day 2 - CEPH 운영자를 위한 Object Storage Performance T...
[OpenInfra Days Korea 2018] Day 2 - CEPH 운영자를 위한 Object Storage Performance T...
 

Similar to containerD

Introduction of Docker and Docker Compose
Introduction of Docker and Docker ComposeIntroduction of Docker and Docker Compose
Introduction of Docker and Docker ComposeDr. Ketan Parmar
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context ConstraintsAlessandro Arrichiello
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 PresentationSreenivas Makam
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
 
Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Ricardo Amaro
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetesDongwon Kim
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019kanedafromparis
 
Using Docker with OpenStack - Hands On!
 Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!Adrian Otto
 
Docker and the Container Ecosystem
Docker and the Container EcosystemDocker and the Container Ecosystem
Docker and the Container Ecosystempsconnolly
 
vSphere Integrated Containers 101 and End-User Workflow
vSphere Integrated Containers 101 and End-User WorkflowvSphere Integrated Containers 101 and End-User Workflow
vSphere Integrated Containers 101 and End-User WorkflowSimone Morellato
 
Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introductionJason Hu
 
from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?strikr .
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 applicationRoman Rodomansky
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_kanedafromparis
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 augVincent De Smet
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Phil Estes
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Patrick Chanezon
 
Containers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container ServicesContainers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container ServicesNEXTtour
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Arun prasath
 

Similar to containerD (20)

Introduction of Docker and Docker Compose
Introduction of Docker and Docker ComposeIntroduction of Docker and Docker Compose
Introduction of Docker and Docker Compose
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 Presentation
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use Cases
 
Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
 
Using Docker with OpenStack - Hands On!
 Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
 
Docker and the Container Ecosystem
Docker and the Container EcosystemDocker and the Container Ecosystem
Docker and the Container Ecosystem
 
vSphere Integrated Containers 101 and End-User Workflow
vSphere Integrated Containers 101 and End-User WorkflowvSphere Integrated Containers 101 and End-User Workflow
vSphere Integrated Containers 101 and End-User Workflow
 
Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introduction
 
from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 aug
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
 
Containers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container ServicesContainers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container Services
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 

More from strikr .

Monitoring
MonitoringMonitoring
Monitoringstrikr .
 
OpenStack for Telco Cloud
OpenStack for Telco CloudOpenStack for Telco Cloud
OpenStack for Telco Cloudstrikr .
 
Oracle to PostgreSQL migration
Oracle to PostgreSQL migrationOracle to PostgreSQL migration
Oracle to PostgreSQL migrationstrikr .
 
Making Automation Work
Making Automation WorkMaking Automation Work
Making Automation Workstrikr .
 
Taking the Containers First Approach
Taking the Containers First ApproachTaking the Containers First Approach
Taking the Containers First Approachstrikr .
 
Docker enterprise Technologies
Docker enterprise TechnologiesDocker enterprise Technologies
Docker enterprise Technologiesstrikr .
 
Data Center to Cloud
Data Center to CloudData Center to Cloud
Data Center to Cloudstrikr .
 
OCI Image Spec
OCI Image SpecOCI Image Spec
OCI Image Specstrikr .
 
OCI Runtime Spec
OCI Runtime SpecOCI Runtime Spec
OCI Runtime Specstrikr .
 
Container Orchestration
Container OrchestrationContainer Orchestration
Container Orchestrationstrikr .
 
cgo and Go plugins
cgo and Go pluginscgo and Go plugins
cgo and Go pluginsstrikr .
 
Referee project
Referee projectReferee project
Referee projectstrikr .
 
Immutable Infrastructure
Immutable InfrastructureImmutable Infrastructure
Immutable Infrastructurestrikr .
 
Reflection in Go
Reflection in GoReflection in Go
Reflection in Gostrikr .
 
Go 1.8 'new' networking features
Go 1.8 'new' networking featuresGo 1.8 'new' networking features
Go 1.8 'new' networking featuresstrikr .
 

More from strikr . (16)

Monitoring
MonitoringMonitoring
Monitoring
 
OpenStack for Telco Cloud
OpenStack for Telco CloudOpenStack for Telco Cloud
OpenStack for Telco Cloud
 
Oracle to PostgreSQL migration
Oracle to PostgreSQL migrationOracle to PostgreSQL migration
Oracle to PostgreSQL migration
 
DBOps
DBOpsDBOps
DBOps
 
Making Automation Work
Making Automation WorkMaking Automation Work
Making Automation Work
 
Taking the Containers First Approach
Taking the Containers First ApproachTaking the Containers First Approach
Taking the Containers First Approach
 
Docker enterprise Technologies
Docker enterprise TechnologiesDocker enterprise Technologies
Docker enterprise Technologies
 
Data Center to Cloud
Data Center to CloudData Center to Cloud
Data Center to Cloud
 
OCI Image Spec
OCI Image SpecOCI Image Spec
OCI Image Spec
 
OCI Runtime Spec
OCI Runtime SpecOCI Runtime Spec
OCI Runtime Spec
 
Container Orchestration
Container OrchestrationContainer Orchestration
Container Orchestration
 
cgo and Go plugins
cgo and Go pluginscgo and Go plugins
cgo and Go plugins
 
Referee project
Referee projectReferee project
Referee project
 
Immutable Infrastructure
Immutable InfrastructureImmutable Infrastructure
Immutable Infrastructure
 
Reflection in Go
Reflection in GoReflection in Go
Reflection in Go
 
Go 1.8 'new' networking features
Go 1.8 'new' networking featuresGo 1.8 'new' networking features
Go 1.8 'new' networking features
 

Recently uploaded

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

containerD

  • 1. http://strikr.in/ CC BY NC-SA 4.0 containerD saifi@acm.org
  • 2. http://strikr.in/ CC BY NC-SA 4.0 pattern seen in FOSS infra stack infrastructure Runtime Orchestration Differentiators Commercial extensions
  • 3. http://strikr.in/ CC BY NC-SA 4.0 Docker as an example InfraKit containerD SwarmKit Docker EE, Store etc. Plugins Storage Networking API CLI Compose Build Docker Content Trust Distri- bution Auth
  • 4. http://strikr.in/ CC BY NC-SA 4.0 Docker Engine ● Container platform for – Complete – Distributed – Application – Life cycle
  • 5. http://strikr.in/ CC BY NC-SA 4.0 Container engine split containerD: a daemon born from extracting the container execution subset of the Docker Engine.
  • 6. http://strikr.in/ CC BY NC-SA 4.0 What is a 'shim' ? ● A shim is a small library that transparently – intercepts API calls – changes the arguments passed – handles the operation itself or redirects ● Benefit – Support an old API in a new environment – Support a new API in a older environment – Run programs on platform other than they were developed for
  • 7. http://strikr.in/ CC BY NC-SA 4.0 containerD runC Docker runC runC containerD containerD-shim containerD-shim containerD-shim
  • 8. http://strikr.in/ CC BY NC-SA 4.0 containerD ● Core container runtime ● The daemon that controls runC
  • 9. http://strikr.in/ CC BY NC-SA 4.0 ContainerD ● Architecture – designed to be embedded into a larger system – rather than being used directly by developers or end-users. ● daemon – exposes gRPC API over a local UNIX socket. – unix:///var/run/docker/libcontainerd/docker-containerd.sock
  • 10. http://strikr.in/ CC BY NC-SA 4.0 containerD ● API design – low-level one designed for higher layers to wrap and extend. ● CLI – a barebone CLI (ctr) designed for development and debugging purpose. ● interface with runC – uses runC to run containers according to the OCI specification.
  • 11. http://strikr.in/ CC BY NC-SA 4.0 RoadMap Y Y Y Y
  • 12. http://strikr.in/ CC BY NC-SA 4.0 the promise of containerD 1.0 ● Container execution and supervision ● Image distribution ● Network Interfaces Management ● Local storage ● Native plumbing level API ● Full OCI support, including the extended OCI image specification Windows – Linux parity 8 months ago
  • 13. http://strikr.in/ CC BY NC-SA 4.0 the promise of containerD 1.0 ● OCI Image Spec support ● OCI Runtime Spec support (aka runC) ● Image push and pull support ● Container runtime and lifecycle support ● Network primitives for creation, modification, and deletion of interfaces ● Management of network namespaces containers to join existing namespaces ● Multi-tenant supported with CAS storage for global images July 29th 2017
  • 15. http://strikr.in/ CC BY NC-SA 4.0 containerD components
  • 16. http://strikr.in/ CC BY NC-SA 4.0 ctr shipped with Docker 17.06 $ docker-containerd-ctr --help NAME: ctr - High performance container daemon cli USAGE: docker-containerd-ctr [global options] command [command options] [arguments...] VERSION: 0.2.3 commit: cfb82a876ecc11b5ca0977d1733adbe58599088a
  • 17. http://strikr.in/ CC BY NC-SA 4.0 ctr shipped with Docker 17.06 COMMANDS: checkpoints list all checkpoints containers interact with running containers events receive events from the containerd daemon state get a raw dump of the containerd state version return the daemon version help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --debug enable debug output in the logs --address value proto://address of GRPC API (default: "unix:///run/containerd/containerd.sock") --conn-timeout value GRPC connection timeout (default: 1s) --help, -h show help --version, -v print the version unix:///var/run/containerd/containerd.sock
  • 18. http://strikr.in/ CC BY NC-SA 4.0 ctr (master as of 2017-07-29) USAGE: ctr-20170729 [global options] command [command options] [arguments...] VERSION: v1.0.0-alpha2-18-g20fa6aee GLOBAL OPTIONS: --debug enable debug output in logs --address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") --timeout value total timeout for ctr commands (default: 0s) --connect-timeout value timeout for connecting to containerd (default: 0s) --namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE] --help, -h show help --version, -v print the version
  • 19. http://strikr.in/ CC BY NC-SA 4.0 COMMANDS: apply apply layer from stdin to dir attach attach to the IO of a running container checkpoint checkpoint a container containers, c manage containers (metadata) content content management events display containerd events exec execute additional processes in an existing container fetch fetch all content for an image into containerd fetch-object retrieve objects from a remote images image management info get info about a container kill signal a container (default: SIGTERM) namespaces manage namespaces pause pause an existing container pprof provides golang pprof outputs for containerd ps list processes for container pull pull an image from a remote push push an image to a remote push-object pushes an object to a remote resume resume a paused container rootfs rootfs setups a rootfs run run a container snapshot snapshot management tasks, t manage tasks version print the version shim interact with a shim directly help, h shows a list of commands or help for one command
  • 20. http://strikr.in/ CC BY NC-SA 4.0 ctr usage examples Start a container say docker run –interactive –tty alpine:latest /bin/sh docker-containerd-ctr --address "/var/run/docker/libcontainerd/docker-containerd.sock" containers docker-containerd-ctr --address "/var/run/docker/libcontainerd/docker-containerd.sock" containers exec --id=346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c --pid=20 --cwd=/ -a /bin/ps aux docker-containerd-ctr --address "/var/run/docker/libcontainerd/docker-containerd.sock" state 346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c
  • 21. http://strikr.in/ CC BY NC-SA 4.0 the promise of containerD 1.0 https://github.com/containerd/containerd/milestones July 29th 2017 0630 IST
  • 22. http://strikr.in/ CC BY NC-SA 4.0 containerD in the ecosystem SmartOS containerD Swarm Docker $$ Linux Solaris Windows MacOS Pivotal $$ Mesos DC/OS $$ k8s $$ OpenShift Google Swarm Azure $$ Cloud Foundry BlueMix $$ Your own Mesos k8s ECS AWS $$
  • 23. http://strikr.in/ CC BY NC-SA 4.0 containerD in the ecosystem containerD Swarm Docker $$ Pivotal $$ Mesos DC/OS $$ k8s $$ OpenShift Google Swarm Azure $$ Cloud Foundry BlueMix $$ Your own Mesos k8s ECS AWS $$ SmartOS Linux Solaris Windows MacOS OCI (Open Container Initiative)
  • 24. http://strikr.in/ CC BY NC-SA 4.0 runC ● universal runtime for OS Containers ● CLI tool for spawning and running containers according to the OCI specification.
  • 25. http://strikr.in/ CC BY NC-SA 4.0 runC ● a CLI tool for spawning and running containers according to the OCI specification. ● runC – Depends on runtime-spec repo – Supports Linux platform only – Must be built with Go 1.6+ – Executes build tags for features – Linux kernel 4.3+ – Uses 'vndr' for dependency management
  • 26. http://strikr.in/ CC BY NC-SA 4.0 runC rootfs config.json runC Container executed Containers are configured using bundles. A bundle for a container is a directory that includes - a specification file named "config.json" and - a root filesystem rootfs. The root filesystem contains the contents of the container.
  • 27. http://strikr.in/ CC BY NC-SA 4.0 runC USAGE: runc [global options] command [command options] [arguments...] COMMANDS: checkpoint checkpoint a running container delete delete any resources held by the container often used with detached containers events display container events such as OOM notifications, cpu, memory, IO, network stats exec execute new process inside the container init initialize the namespaces and launch the process (do not call it outside of runc) kill kill sends the specified signal (default: SIGTERM) to the container's init process list lists containers started by runc with the given root pause pause suspends all processes inside the container restore restore a container from a previous checkpoint resume resumes all processes that have been previously paused spec create a new specification file start create and run a container state output the state of a container help, h Shows a list of commands or help for one command
  • 28. http://strikr.in/ CC BY NC-SA 4.0 runC CLI GLOBAL OPTIONS: --debug enable debug output for logging --log "/dev/null" set the log file path where internal debug information is written --log-format "text" set the format used by logs ('text' (default), or 'json') --root "/run/runc" root directory for storage of container state (this should be located in tmpfs) --criu "criu" path to the criu binary used for checkpoint and restore --systemd-cgroup enable systemd cgroup support, expects cgroupsPath to be of form "slice:prefix:name" for e.g. "system.slice:runc:434234" --help, -h show help --version, -v print the version
  • 29. http://strikr.in/ CC BY NC-SA 4.0 runC client ● runc is a command line client for running applications packaged according to the Open Container Format (OCF) and is a compliant implementation of the Open Container Initiative (OCI) specification.
  • 30. http://strikr.in/ CC BY NC-SA 4.0 runC and process supervisors ● runc integrates well with existing process supervisors to provide a production container runtime environment for applications. ● runc can be used with your existing process monitoring tools and the container will be spawned as a direct child of the process supervisor.
  • 31. http://strikr.in/ CC BY NC-SA 4.0 References (shim) ● https://en.wikipedia.org/wiki/Shim_(computing) ● http://www.ryde.net/code/bind.c.txt ● http://technet.microsoft.com/en-us/library/dd837644(
  • 32. http://strikr.in/ CC BY NC-SA 4.0 References (containerD) ● https://github.com/containerd/containerd ● https://github.com/containerd/containerd/milestones
  • 33. http://strikr.in/ CC BY NC-SA 4.0 References (runC) ● https://github.com/opencontainers/runc ●
  • 34. http://strikr.in/ CC BY NC-SA 4.0 References (OCI Specs) ● OCI Image Spec https://www.slideshare.net/StrikrHQ/oci-image-spec ● OCI Runtime Spec https://www.slideshare.net/StrikrHQ/oci-runtime-spec