Download as PDF, PPTX
![skopeo
● Copy images from/to (multiple transports/storages):
○ containers-storage:docker-reference
○ dir:path
○ docker://docker-reference
○ docker-archive:path[:docker-reference]
○ docker-daemon:docker-reference
○ oci:path:tag
○ ostree:image[@/absolute/repo/path]
● Inspect images
● Delete an image from a repository
● Standalone binary / No daemon running
● Perfect for pipelines (e.g. Jenkins)
@jorgemoralespou](https://image.slidesharecdn.com/buildandrunapplicationsinadockerlesskubernetesworld-devconf-india-18-180805071518/75/Build-and-run-applications-in-a-dockerless-kubernetes-world-DevConf-India-18-29-2048.jpg)
![“Our ancestors called it
magic, but you call it
[computer] science.
I come from a land where
they are one and the same.”
—THOR](https://image.slidesharecdn.com/buildandrunapplicationsinadockerlesskubernetesworld-devconf-india-18-180805071518/75/Build-and-run-applications-in-a-dockerless-kubernetes-world-DevConf-India-18-35-2048.jpg)
Uploaded byJorge Morales
Build and run applications in a dockerless kubernetes world - DevConf India 18
The document discusses the evolution and standardization of container management in a Kubernetes environment, emphasizing the Container Runtime Interface (CRI) introduced in Kubernetes 1.5 and its impact on container orchestration. It highlights the benefits and methodologies of building container images without relying on a Docker daemon through tools such as Buildah, Kaniko, and Podman. Additionally, various approaches to Dockerfile and Dockerfile-less builds are presented, showcasing their pros and cons in the context of developer experience and efficiency.
More Related Content
![[Szjug] Docker. Does it matter for java developer?](https://cdn.slidesharecdn.com/ss_thumbnails/szjugdocker-151015130202-lva1-app6892-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Build and run applications in a dockerless kubernetes world - DevConf India 18
![[WSO2Con Asia 2018] Deploying Applications in K8S and Docker](https://cdn.slidesharecdn.com/ss_thumbnails/deployingapplicationsink8sanddocker-wso2conasia2018-sanjaya-180810103523-thumbnail.jpg?width=640&height=640&fit=bounds)
Build and run applications in a dockerless kubernetes world - DevConf India 18
- 1. Build and runapplications in a Dockerless Kubernetes world Jorge Morales OpenShift Developer Advocate DevConf India 2018 August 5th - 11:45 - Room 1
- 2. Me (aka JorgeMorales) ● Spanish by nature and by language ● Work at Red Hat ● OpenShift Developer Advocate ● Mostly Java developer ● Obsessed with improving the developer experience @jorgemoralespou github.com/jorgemoralespou http://jorgemoral.es
- 5. Kernel namespaces: sandboxingprocesses from one another Control Groups (cgroups): control process resource allocations Security: capabilities drop (seccomp), Mandatory access control (SELinux, Apparmor) Linux Containers @jorgemoralespou
- 6.
- 7.
- 9.
- 10.
- 11. With scale camecomplexity
- 12.
- 13. OTHER ORCHESTRATORS (Cloud FoundryDiego, Nomad, Blox, etc.) 2 YEARS AGO Fragmented landscape TODAY Kubernetes consolidation OTHER ORCHESTRATORS CONTAINER ORCHESTRATION LANDSCAPE @jorgemoralespou
- 14. Why kubernetes? #1: Opensource, backed by giants #2: Vibrant and fast growing community #3: Supported on all clouds #4: Great partnerships @jorgemoralespou
- 15. Started slow June 2014 Docker 1.0 Dec 2014 Kubernetes1.0: Supports Docker containers Rkt 0.1.0 July 2015 @jorgemoralespou
- 16. then more runtimesshowed up Rkt 1.0 Feb 2016 Kubernetes 1.3: Supports Docker and Rkt containers July 2016 June 2014 Docker 1.0 Dec 2014 Kubernetes 1.0: Supports Docker containers Rkt 0.1.0 July 2015 @jorgemoralespou
- 17. and code gotmessy @jorgemoralespou
- 18. “Change is theessential process of all of existence.” —SPOCK
- 19. Standardize containers ● Runtimespec (runc = Reference implementation) ● Image spec ● Distribution spec (proposal) @jorgemoralespou
- 20. Use API/Interfaces toContainer Runtimes KUBELET FRAKTI OCI-RUNTIME RUNC DOCKERD RKT CONTAINER RUNTIME INTERFACE (CRI) DOCKERD RKT KUBELET @jorgemoralespou
- 21. Standardization became afact Rkt 1.0 Feb 2016 Kubernetes 1.3: Supports Docker and Rkt containers July 2016 June 2014 Docker 1.0 Dec 2014 Kubernetes 1.0: Supports Docker containers Rkt 0.1.0 July 2015 Dec 2016 Kubernetes 1.5: Container Runtime Interface (CRI) alpha July 2017 Kubernetes 1.7: CRI support GA @jorgemoralespou
- 22. What is ContainerRuntime Interface (CRI)? ● A gRPC interface and a group of libraries ● Enables Kubernetes to use a wide variety of container runtimes ● Introduced in Kubernetes 1.5 ● GA in Kubernetes 1.7 @jorgemoralespou
- 23.
- 24. CRI-O ● Open source& Open governance ● Lean, Stable, Secure and BORING! ○ Tied to the CRI ○ No features that can mine stability and performance ○ Shaped around Kubernetes ○ Only supported user is Kubernetes ○ Versioning and Support are tied to Kubernetes @jorgemoralespou
- 25. Man, this guyis so boring! When is the live demo? @jorgemoralespou
- 27. What if Iwant to try it? $ minikube start --network-plugin=cni --container-runtime=cri-o --bootstrapper=kubeadm @jorgemoralespou
- 28.
- 29. skopeo ● Copy imagesfrom/to (multiple transports/storages): ○ containers-storage:docker-reference ○ dir:path ○ docker://docker-reference ○ docker-archive:path[:docker-reference] ○ docker-daemon:docker-reference ○ oci:path:tag ○ ostree:image[@/absolute/repo/path] ● Inspect images ● Delete an image from a repository ● Standalone binary / No daemon running ● Perfect for pipelines (e.g. Jenkins) @jorgemoralespou
- 30.
- 31. buildah ● Build images ●No daemon running ● shell-like syntax ● Build from Dockerfile(s) @jorgemoralespou
- 32.
- 33. libpod/podman Library (libpod) andCLI (podman) for managing OCI-based Pods, Containers, and Container Images ● Replacement for docker cli ○ known CLI ● Integrated with CRI-O (soon) ● No daemon running @jorgemoralespou
- 35. “Our ancestors calledit magic, but you call it [computer] science. I come from a land where they are one and the same.” —THOR
- 36.
- 37.
- 38. Daemon-less Dockerfile builds ●Consume a Dockerfile, but build image without a docker daemon ● Pros ○ Docker build-like experience (just write a Dockerfile) ○ Potentially more control over image layers (combine or shard) ○ Aim is for greater security ● Cons ○ Dockerfile fidelity might make difficult some use cases ○ Different approaches to image layer construction @jorgemoralespou
- 39. Daemon-less Dockerfile builds ●Buildah ○ a tool that facilitates building OCI container images ● Img ○ Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder. ○ The commands/UX are the same as docker (drop-in replacement) ● Kaniko ○ kaniko is a tool to build OCI container images from a Dockerfile, inside a container or Kubernetes cluster ○ executes each command within a Dockerfile completely in userspace ● more... @jorgemoralespou
- 40. Dockerfile-less builds ● Userinput is source / intent: “I want to run a Node.js web server” ● Pros: ○ Less configuration ○ Tools can intelligently build layers, better/safe layer caching ○ Docker image best practices can be codified into tools ● Cons: ○ Less flexible - Opinionated builds ○ Very fragmented across vendors, no real standard @jorgemoralespou
- 41. Dockerfile-less builds ● Sourceto Image ○ User provides source, source gets built+layered into an application image ○ Dependent on ecosystem of framework/language builder images ● Buildpacks ○ Invented by Heroku, adopted by Cloud Foundry / Deis ○ User provides source, “build” produces “slug”, “export” produces container image ● FTL (Faster than light) ○ Purpose-built source to image builders per-language, goal is layer-per-dependency ○ Insight: turn build incrementality into deploy incrementality ● Bazel ○ Google’s OSS build system, supports declarative image builds ○ Used for user-mode Docker image builds for 3+ years @jorgemoralespou
- 42. And don’t forgetto tweet if you liked it (or if you didn’t) @jorgemoralespou @jorgemoralespou