Advertisement
runC – Open Container Initiative
Aug. 26, 2017•0 likes•1,270 views
3 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Report
Technology
Deep Dive into OCI ( Open Container Initiative) and runC
Jeeva ChelladhuraiFollow
Technical Author, Agile Coach, DevOps Speciallist at IBMAdvertisement
Advertisement
Advertisement
Recommended
Containerd Internals: Building a Core Container RuntimePhil Estes
eBPF - Observability In DeepMydbops
[Outdated] Secrets of Performance Tuning Java on KubernetesBruno Borges
Write microservice in golangBo-Yi Wu
Istio a service meshChandresh Pancholi
Kubernetes Architecture - beyond a black box - Part 1Hao H. Zhang
runC – Open Container Initiative
- runC – Open Container Initiative Jeeva S. Chelladhurai https://www.linkedin.com/in/jeevachelladhurai/ @Docker Meetup #34 Author of Learning Docker https://www.packtpub.com/networking-and-servers/learning-docker-second-edition
- About OCI • Open Container Initiative • Open Industry Standard • Common, minimal, open standards and specification • Container Format and Runtime • Linux Foundation Collaborative Project • Launched June 22 2015 • Docker, CoreOS and etc. • Docker donated libcontainer • https://github.com/opencontainers/runc
- Why OCI • Removes vendor lock-in • Portability • Interoperability • Agility • Rootless container • Init system & Cron integration
- OCI Scope [1/4] • Runtime executable reference • OCI Base Layer • RunC - reference implementation • https://github.com/opencontainers/runc • Runtime Spec • OCI Base Layer • https://github.com/opencontainers/runtime-spec • Defines the parameters needed to run the container
- OCI Scope [2/4] • Bundle Format • OCI Base Layer • https://github.com/opencontainers/image-spec • Defines the filesystem layout • Standardization needed for various runtimes • Hashing for Content Integrity • OCI Base Layer • https://github.com/opencontainers/go-digest • Ensure content integrity
- OCI Scope [3/4] • Content Addressable name • OCI Base Layer • Using hash as address for immutable containers • Early stage of discussion • Archival Format • OCI Base Layer • Serialization of filesystem bundle • Yet to start
- OCI Scope [4/4] • Compliance Test Suite • OCI Base Layer • Test cases and tools to ensure the implementations comply with the specs • OCI Optional Layers • Signature • DNS based naming
- runC • Client wrapper around libcontainer • libcontainer is OS interface • runC requires • OCI config (json) • OCI bundle (filesystem)
- Environment • Vagrant https://www.vagrantup.com • VirtualBox https://www.virtualbox.org • Vagrant Box used: ubuntu/xenial64 • vagrant flow create a directory in the host system, and from that directory run below vagrant commands vagrant init ubuntu/xenial64 vagrant ssh
- Installing runC thru docker • Docker uses runC as its runtime • It is shipped with docker as docker-runc ubuntu@ubuntu-xenial:~$ docker --version Docker version 17.06.0-ce, build 02c1d87 ubuntu@ubuntu-xenial:~$ docker-runc --version runc version 1.0.0-rc3 commit: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4 spec: 1.0.0-rc5
- Installing runC from Release • Release binary can be downloaded from https://github.com/opencontainers/runc/releases/
- Installing runC from source • install go lang 1.8.3 (might work with older versions too) • set GOROOT & GOPATH path • also install libseccomp-dev, gcc, make, pkg-config • cd $GOPATH/src/github.com/opencontainers • git clone https://github.com/opencontainers/runc • cd runc && make && sudo make install ubuntu@ubuntu-xenial:~$ runc --version runc version 1.0.0-rc4+dev commit: ae2948042b08ad3d6d13cd09f40a50ffff4fc688 spec: 1.0.0
- runc CLI
- docker-runc CLI
- OCI runC flow nnkn Config.json -platform -env -user -hostname -root + r rootfs / bin/ etc/ home/ opt/ …… Container Runtime ContainerContainer Filesystem Bundle
- Creating an OCI Bundle 1. Choose a directory $ cd ${HOME}/myalpine 2. Create rootfs $ mkdir rootfs 3. Create a docker container $ docker create --name myalpine alpine 4. Export the container to a tar file $ docker container export myalpine -o myalpine.tar 5. Untar the file into rootfs $ tar -C rootfs -xvf myalpine.tar 6. Generate config.json spec $ runc spec
- Create a bundle in a single stroke 1. Choose a directory $ cd ${HOME}/myalpine2 2. Create rootfs $ mkdir rootfs 3. Create bundle with chain of commands $ docker export $(docker create alpine) | tar -C rootfs -xvf - 4. Generate config.json spec $ runc spec
- Running your first runc container 1. Change to the OCI Bundle directory $ cd ${HOME}/myalpine 2. Run the alpine bundle as root $ sudo runc run myalpine
- config.json snippet
- Working with spec false “ip”, “addr” Remove netwrok namespace for host network
- runc on host network config.json https://gist.github.com/sjeeva/903de797838882082af7921bac5fbfd4
- rootless containers • Running container as non-root user • runc binary should be owned by root • Create a spec for rootless container • runc spec --rootless • Launch runc with --root option • runc --root /tmp/runc run myalpine
- Mounting host directories • Edit the config.json spec and added the mount point to the mounts section • Example:
- Hooks • Supports three hooks to perform specific action • prestart – before launching the container • poststart – after launching the user process inside the container • poststop – after stopping the user process inside the container
- Thank You https://www.linkedin.com/in/jeevachelladhurai/
Advertisement