Kublr, profile picture
Uploaded byKublr
149 views

Container Runtimes and Tooling

The document discusses the evolution of container runtimes and tooling, starting from Docker's release in 2013 and leading to the establishment of the Open Container Initiative (OCI). It offers a detailed analysis of various container management tools, their specifications, and the broader landscape of container orchestration and runtimes. It also highlights specific tools and commands used in container management, including Docker, containerd, and Podman, along with resources for further reference.

Embed presentation

Download to read offline
Container Runtimes and Tooling Oleg Chunikhin | CTO, Kublr
Oleg Chunikhin CTO, Kublr • 25 years in software architecture & development • Working w/ Kubernetes since its release in 2015 • Software architect behind Kublr—an enterprise ready container management platform • @olgch Introductions
Automation Ingress Custom Clusters Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Certificate Rotation Audit Storage Networking Container Registry CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE
Timeline ● Mar 2013: Docker released as open-source, uses LXC ath the time ● Mar 2014: Docker 0.9 released switching to libcontainer written in Go ● Oct 2014: Microsoft announced Docker integration ● Jun 2015: OCI Created by Docker, Coreos, Google, Microsoft and others ● Jul 2015: Kubernetes 1.0 released as open source ● Dec 2016: Kubernetes 1.5 introduces CRI ● Aug 2017: Moby project created for open R&D and upstream for Docker CE and EE ● Oct 2017: RedHat introduces CRI-O 1.0 ● Apr 2018: Docker Registry HTTP API V2 was adopted by OCI as the distribution spec ● May 2021: OCI Distribution Spec reaches 1.0 ● Aug 2021: Docker Desktop (NOT Docker CE) is not free for enterprise users
Container Management Landscape ● Specifications: OCI - Open Container Initiative ○ Image, Runtime, Distribution ● Container Runtimes and Engines ○ Docker, moby, containerd, runc, CRI-O ● Container Orchestration, CRI ○ Kubernetes, CRI, docker shim, CRI-O ● Tools ○ docker, ctr, nerdctl, podman, buildah, bazel
OCI - Open Container Initiative OCI Specs OCI Runtime Spec Container Lifecycle OCI Image Spec
Docker/Containerd - container implementation Container runtime Container engine/tools OCI-compliant tool creates and runs container processes Default OCI implementation OCI-compliant container process management library container runtime spec Basic container and image management tools Upstream open source container and image management and build tools Docker container and image management and build tools
CRI-O - container implementation
Kubernetes and container runtimes CRI-O Containerd CRI-O
Docker tools docker container ps -a docker run --name cnt1 -it my-img:v1.0 docker stop cnt1 docker kill cnt1 docker rm cnt1 docker image build –-tag my-img:v1.0 . docker image ls docker image tag my-img:v1.0 my-repo.com/my-img:v1.0 docker image push my-repo.com/my-img:v1.0 docker image pull kublr/kublr:1.22.2 FROM ubuntu:20.04 ADD file1 file2 RUN apt install curl ENTRYPOINT ["/bin/bash"]
containerd tools ctr -n my-ns container list ctr -n my-ns container create docker.io/library/alpine:latest my-cnt echo Hi ctr -n my-ns task start my-cnt ctr -n my-ns task list ctr -n my-ns container remove my-cnt ctr namespaces list ctr namespaces create my-namespace ctr -n my-ns images pull docker.io/library/alpine:latest ctr -n my-ns images push docker.io/library/alpine:latest ctr -n my-ns images remove docker.io/library/alpine:latest ctr -n my-ns images mount docker.io/library/alpine:latest /root/m ctr -n my-ns images unmount /root/m Pros: 1. namespaces 2. labels 3. image mounts 4. content Cons: 1. No image build tools Different: 1. No docker hub default nerdctl ...
Podman podman container ps -a podman run --name cnt1 -it my-img:v1.0 podman stop cnt1 podman kill cnt1 podman rm cnt1 # podman ~ docker # uses buildah podman image build –-tag my-img:v1.0 . podman image ls podman image tag my-img:v1.0 my-repo.com/my-img:v1.0 podman image push my-repo.com/my-img:v1.0 podman image pull kublr/kublr:1.22.2 # Containerfile/Dockerfile FROM ubuntu:20.04 ADD file1 file2 RUN apt install curl ENTRYPOINT ["/bin/bash"]
Buildah container=$(buildah from fedora) buildah run $container bash buildah run $container -- dnf -y install java buildah build -f Dockerfile -t fedora-httpd . # Containerfile/Dockerfile FROM ubuntu:20.04 ADD file1 file2 RUN apt install curl ENTRYPOINT ["/bin/bash"]
Bazel # WORKSPACE container_pull( name = "kublr_alpine", registry = "cr.kublr.com", repository = "kublr/alpine", # tag = "3.14.2-6", digest = "sha256:5363....f164", ) # BUILD.bazel pkg_tar( name = "image-tar-svc", files = {":svc"}, mode = "0555", package_dir = "/opt", strip_prefix = strip_prefix.from_pkg(), ) container_image( name = "image", base = "@kublr_alpine//image", entrypoint = ["/opt/my-svc", "--port", "8080"], layers = [":image-layer-swagger"], ports = ["8080"], tars = [":image-tar-svc"], workdir = "/opt", )
Buildah Tool Components / Focus / Limitations / Benefits libcontainer runtime (library) runc runtime containerd runtime, container, image, registry cri-o runtime, container, image, registry docker runtime, container, image, registry, build podman container, image, registry, build (client only, no daemon) buildah build, container, image, registry (client only, no daemon) bazel (docker rules) build, registry (limited, portable, hermetic)
References @olgch; @kublr github.com/opencontainers/image-spec github.com/opencontainers/runtime-spec github.com/opencontainers/distribution-spec github.com/opencontainers/artifacts OCI Specifications (Alibaba Blog) https://mobyproject.org/ https://cri-o.io/ https://github.com/cri-o/cri-o https://podman.io/ https://buildah.io/ https://bazel.build/
Beyond the Presentation ● Docker Swarm, Notary etc, … ● Image registries ● CRI-O CLI tools ● Windows Containers
Q&A
Oleg Chunikhin CTO oleg@kublr.com @olgch Follow Us @kublr Thank You

More Related Content

PDF
Kubernetes in Hybrid Environments with Submariner
byKublr
 
PDF
Intro into Rook and Ceph on Kubernetes
byKublr
 
PDF
Virtualization inside kubernetes
byinwin stack
 
PDF
Intro to Kubernetes
bymatthewbrahms
 
PDF
Network plugins for kubernetes
byinwin stack
 
PDF
Kubernetes 架構與虛擬化之差異
byinwin stack
 
PPTX
Advanced Scheduling in Kubernetes
byKublr
 
PDF
KubeCon EU 2016: A Practical Guide to Container Scheduling
byKubeAcademy
 
Kubernetes in Hybrid Environments with Submariner
byKublr
 
Intro into Rook and Ceph on Kubernetes
byKublr
 
Virtualization inside kubernetes
byinwin stack
 
Intro to Kubernetes
bymatthewbrahms
 
Network plugins for kubernetes
byinwin stack
 
Kubernetes 架構與虛擬化之差異
byinwin stack
 
Advanced Scheduling in Kubernetes
byKublr
 
KubeCon EU 2016: A Practical Guide to Container Scheduling
byKubeAcademy
 

What's hot

PPTX
Introduction kubernetes 2017_12_24
bySam Zheng
 
PDF
Kubernetes meetup 101
byJakir Patel
 
PDF
DevOps in AWS with Kubernetes
byOleg Chunikhin
 
PDF
K8s storage-glusterfs-20180210
byChe-Chia Chang
 
PDF
Secure your K8s cluster from multi-layers
byJiantang Hao
 
PDF
Kubernetes basics and hands on exercise
byCloud Technology Experts
 
PDF
Sysdig monitor - a brief introduction
byDaniel Kerwin
 
PPTX
Introducing Docker Swarm - the orchestration tool by Docker
byRamit Surana
 
PPTX
Kubernetes @ Squarespace: Kubernetes in the Datacenter
byKevin Lynch
 
PPTX
Kubernetes 101
byStanislav Pogrebnyak
 
PDF
Kubernetes
byMeng-Ze Lee
 
PDF
Vault - Enhancement for K8S secret security
byHuynh Thai Bao
 
PDF
Kubernetes Networking - Giragadurai Vallirajan
byNeependra Khare
 
PDF
Networking in docker
byJakir Patel
 
PDF
Scaling Microservices with Kubernetes
byDeivid Hahn Fração
 
PDF
Kubernetes Networking
byGiragadurai Vallirajan
 
ODP
Network services on Kubernetes on premise
byHans Duedal
 
PDF
Deep Dive into Kubernetes - Part 2
byImesh Gunaratne
 
PPTX
Kubernetes Introduction
byMartin Danielsson
 
PDF
Demystifying the Nuts & Bolts of Kubernetes Architecture
byAjeet Singh Raina
 
Introduction kubernetes 2017_12_24
bySam Zheng
 
Kubernetes meetup 101
byJakir Patel
 
DevOps in AWS with Kubernetes
byOleg Chunikhin
 
K8s storage-glusterfs-20180210
byChe-Chia Chang
 
Secure your K8s cluster from multi-layers
byJiantang Hao
 
Kubernetes basics and hands on exercise
byCloud Technology Experts
 
Sysdig monitor - a brief introduction
byDaniel Kerwin
 
Introducing Docker Swarm - the orchestration tool by Docker
byRamit Surana
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
byKevin Lynch
 
Kubernetes 101
byStanislav Pogrebnyak
 
Kubernetes
byMeng-Ze Lee
 
Vault - Enhancement for K8S secret security
byHuynh Thai Bao
 
Kubernetes Networking - Giragadurai Vallirajan
byNeependra Khare
 
Networking in docker
byJakir Patel
 
Scaling Microservices with Kubernetes
byDeivid Hahn Fração
 
Kubernetes Networking
byGiragadurai Vallirajan
 
Network services on Kubernetes on premise
byHans Duedal
 
Deep Dive into Kubernetes - Part 2
byImesh Gunaratne
 
Kubernetes Introduction
byMartin Danielsson
 
Demystifying the Nuts & Bolts of Kubernetes Architecture
byAjeet Singh Raina
 

Similar to Container Runtimes and Tooling

PDF
Container Runtimes and Tooling, v2
byKublr
 
PDF
Introduction to CRI and OCI
byHungWei Chiu
 
PDF
containerd and CRI
byDocker, Inc.
 
PDF
The relationship between Docker, Kubernetes and CRI
byHungWei Chiu
 
PPTX
Docker Container As A Service - JAX 2016
byPatrick Chanezon
 
PPTX
0507 057 01 98 * Adana Klima Tamir Servisi
byAdana Klima Servisi Bakım Montaj Taşıma Temizlik Tamir Arıza Teknik Servisleri
 
PDF
CRI, OCI, and CRI-O
byChe-Chia Chang
 
PDF
Container Runtimes: Comparing and Contrasting Today's Engines
byPhil Estes
 
PPTX
Introduction to docker and oci
byRomain Schlick
 
PDF
Kubernetes on CRI-O
bySuraj Deshmukh
 
PDF
Docker Intro
byRuben Taelman
 
PDF
16. Cncf meetup-docker
byJuraj Hantak
 
PPTX
Настройка окружения для кросскомпиляции проектов на основе docker'a
bycorehard_by
 
PDF
DCEU 18: Tips and Tricks of the Docker Captains
byDocker, Inc.
 
PDF
Build and run applications in a dockerless kubernetes world
byJorge Morales
 
PDF
A curtain-raiser to the container world Docker & Kubernetes
byzekeLabs Technologies
 
PDF
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
PPTX
Docker and kubernetes
byDongwon Kim
 
PPTX
Docker Starter Pack
bySaeed Hajizade
 
PDF
Accelerate your software development with Docker
byAndrey Hristov
 
Container Runtimes and Tooling, v2
byKublr
 
Introduction to CRI and OCI
byHungWei Chiu
 
containerd and CRI
byDocker, Inc.
 
The relationship between Docker, Kubernetes and CRI
byHungWei Chiu
 
Docker Container As A Service - JAX 2016
byPatrick Chanezon
 
0507 057 01 98 * Adana Klima Tamir Servisi
byAdana Klima Servisi Bakım Montaj Taşıma Temizlik Tamir Arıza Teknik Servisleri
 
CRI, OCI, and CRI-O
byChe-Chia Chang
 
Container Runtimes: Comparing and Contrasting Today's Engines
byPhil Estes
 
Introduction to docker and oci
byRomain Schlick
 
Kubernetes on CRI-O
bySuraj Deshmukh
 
Docker Intro
byRuben Taelman
 
16. Cncf meetup-docker
byJuraj Hantak
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
bycorehard_by
 
DCEU 18: Tips and Tricks of the Docker Captains
byDocker, Inc.
 
Build and run applications in a dockerless kubernetes world
byJorge Morales
 
A curtain-raiser to the container world Docker & Kubernetes
byzekeLabs Technologies
 
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
Docker and kubernetes
byDongwon Kim
 
Docker Starter Pack
bySaeed Hajizade
 
Accelerate your software development with Docker
byAndrey Hristov
 

More from Kublr

PDF
Hybrid architecture solutions with kubernetes and the cloud native stack
byKublr
 
PDF
Multi-cloud Kubernetes BCDR with Velero
byKublr
 
PDF
Kubernetes Networking 101
byKublr
 
PDF
Kubernetes Ingress 101
byKublr
 
PDF
Kubernetes persistence 101
byKublr
 
PDF
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
byKublr
 
PDF
Kubernetes 101
byKublr
 
PDF
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step
byKublr
 
PPTX
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
byKublr
 
PDF
How to Run Kubernetes in Restrictive Environments
byKublr
 
PPTX
Building Portable Applications with Kubernetes
byKublr
 
PDF
Introduction to Kubernetes RBAC
byKublr
 
PDF
How Self-Healing Nodes and Infrastructure Management Impact Reliability
byKublr
 
PDF
Kubernetes as Infrastructure Abstraction
byKublr
 
PDF
Centralizing Kubernetes Management in Restrictive Environments
byKublr
 
PPTX
Kubernetes in Highly Restrictive Environments
byKublr
 
PPTX
The Evolution of your Kubernetes Cluster
byKublr
 
PPTX
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
byKublr
 
PPTX
Centralizing Kubernetes and Container Operations
byKublr
 
PPTX
Kubernetes data science and machine learning
byKublr
 
Hybrid architecture solutions with kubernetes and the cloud native stack
byKublr
 
Multi-cloud Kubernetes BCDR with Velero
byKublr
 
Kubernetes Networking 101
byKublr
 
Kubernetes Ingress 101
byKublr
 
Kubernetes persistence 101
byKublr
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
byKublr
 
Kubernetes 101
byKublr
 
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step
byKublr
 
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
byKublr
 
How to Run Kubernetes in Restrictive Environments
byKublr
 
Building Portable Applications with Kubernetes
byKublr
 
Introduction to Kubernetes RBAC
byKublr
 
How Self-Healing Nodes and Infrastructure Management Impact Reliability
byKublr
 
Kubernetes as Infrastructure Abstraction
byKublr
 
Centralizing Kubernetes Management in Restrictive Environments
byKublr
 
Kubernetes in Highly Restrictive Environments
byKublr
 
The Evolution of your Kubernetes Cluster
byKublr
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
byKublr
 
Centralizing Kubernetes and Container Operations
byKublr
 
Kubernetes data science and machine learning
byKublr
 

Recently uploaded

PDF
2025-CB-NCAE-slide-deck.pptx-1-83.pdf Virtual Orientation on the Administrati...
byNelizabethEsplaguera1
 
PDF
P6 Presentation basics for project control managers and planners
byNebojsaPavlovic9
 
PPTX
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
PDF
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
PDF
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
PPTX
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
PPTX
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
PDF
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
PDF
Mercury Computer Systems & The Cell Broadband Engine
bySlide_N
 
PDF
Pervasive Encryption - Keeping Data Secure.pdf
byPrecisely
 
PDF
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
PDF
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
PPTX
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
PPTX
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
PPTX
Microsoft Azure News - January 2026 - BAUG
byDaniel Toomey
 
PDF
Zniber Partners. Audience Foresight for Confident Decisions
bySamuel Zniber
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PDF
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
2025-CB-NCAE-slide-deck.pptx-1-83.pdf Virtual Orientation on the Administrati...
byNelizabethEsplaguera1
 
P6 Presentation basics for project control managers and planners
byNebojsaPavlovic9
 
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
Mercury Computer Systems & The Cell Broadband Engine
bySlide_N
 
Pervasive Encryption - Keeping Data Secure.pdf
byPrecisely
 
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
Microsoft Azure News - January 2026 - BAUG
byDaniel Toomey
 
Zniber Partners. Audience Foresight for Confident Decisions
bySamuel Zniber
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 

Container Runtimes and Tooling

  • 1.
    Container Runtimes andTooling Oleg Chunikhin | CTO, Kublr
  • 2.
    Oleg Chunikhin CTO, Kublr •25 years in software architecture & development • Working w/ Kubernetes since its release in 2015 • Software architect behind Kublr—an enterprise ready container management platform • @olgch Introductions
  • 3.
    Automation Ingress Custom Clusters Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM AirGap TLS Certificate Rotation Audit Storage Networking Container Registry CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE
  • 4.
    Timeline ● Mar 2013:Docker released as open-source, uses LXC ath the time ● Mar 2014: Docker 0.9 released switching to libcontainer written in Go ● Oct 2014: Microsoft announced Docker integration ● Jun 2015: OCI Created by Docker, Coreos, Google, Microsoft and others ● Jul 2015: Kubernetes 1.0 released as open source ● Dec 2016: Kubernetes 1.5 introduces CRI ● Aug 2017: Moby project created for open R&D and upstream for Docker CE and EE ● Oct 2017: RedHat introduces CRI-O 1.0 ● Apr 2018: Docker Registry HTTP API V2 was adopted by OCI as the distribution spec ● May 2021: OCI Distribution Spec reaches 1.0 ● Aug 2021: Docker Desktop (NOT Docker CE) is not free for enterprise users
  • 5.
    Container Management Landscape ●Specifications: OCI - Open Container Initiative ○ Image, Runtime, Distribution ● Container Runtimes and Engines ○ Docker, moby, containerd, runc, CRI-O ● Container Orchestration, CRI ○ Kubernetes, CRI, docker shim, CRI-O ● Tools ○ docker, ctr, nerdctl, podman, buildah, bazel
  • 6.
    OCI - OpenContainer Initiative OCI Specs OCI Runtime Spec Container Lifecycle OCI Image Spec
  • 7.
    Docker/Containerd - containerimplementation Container runtime Container engine/tools OCI-compliant tool creates and runs container processes Default OCI implementation OCI-compliant container process management library container runtime spec Basic container and image management tools Upstream open source container and image management and build tools Docker container and image management and build tools
  • 8.
    CRI-O - containerimplementation
  • 9.
    Kubernetes and containerruntimes CRI-O Containerd CRI-O
  • 10.
    Docker tools docker containerps -a docker run --name cnt1 -it my-img:v1.0 docker stop cnt1 docker kill cnt1 docker rm cnt1 docker image build –-tag my-img:v1.0 . docker image ls docker image tag my-img:v1.0 my-repo.com/my-img:v1.0 docker image push my-repo.com/my-img:v1.0 docker image pull kublr/kublr:1.22.2 FROM ubuntu:20.04 ADD file1 file2 RUN apt install curl ENTRYPOINT ["/bin/bash"]
  • 11.
    containerd tools ctr -nmy-ns container list ctr -n my-ns container create docker.io/library/alpine:latest my-cnt echo Hi ctr -n my-ns task start my-cnt ctr -n my-ns task list ctr -n my-ns container remove my-cnt ctr namespaces list ctr namespaces create my-namespace ctr -n my-ns images pull docker.io/library/alpine:latest ctr -n my-ns images push docker.io/library/alpine:latest ctr -n my-ns images remove docker.io/library/alpine:latest ctr -n my-ns images mount docker.io/library/alpine:latest /root/m ctr -n my-ns images unmount /root/m Pros: 1. namespaces 2. labels 3. image mounts 4. content Cons: 1. No image build tools Different: 1. No docker hub default nerdctl ...
  • 12.
    Podman podman container ps-a podman run --name cnt1 -it my-img:v1.0 podman stop cnt1 podman kill cnt1 podman rm cnt1 # podman ~ docker # uses buildah podman image build –-tag my-img:v1.0 . podman image ls podman image tag my-img:v1.0 my-repo.com/my-img:v1.0 podman image push my-repo.com/my-img:v1.0 podman image pull kublr/kublr:1.22.2 # Containerfile/Dockerfile FROM ubuntu:20.04 ADD file1 file2 RUN apt install curl ENTRYPOINT ["/bin/bash"]
  • 13.
    Buildah container=$(buildah from fedora) buildahrun $container bash buildah run $container -- dnf -y install java buildah build -f Dockerfile -t fedora-httpd . # Containerfile/Dockerfile FROM ubuntu:20.04 ADD file1 file2 RUN apt install curl ENTRYPOINT ["/bin/bash"]
  • 14.
    Bazel # WORKSPACE container_pull( name ="kublr_alpine", registry = "cr.kublr.com", repository = "kublr/alpine", # tag = "3.14.2-6", digest = "sha256:5363....f164", ) # BUILD.bazel pkg_tar( name = "image-tar-svc", files = {":svc"}, mode = "0555", package_dir = "/opt", strip_prefix = strip_prefix.from_pkg(), ) container_image( name = "image", base = "@kublr_alpine//image", entrypoint = ["/opt/my-svc", "--port", "8080"], layers = [":image-layer-swagger"], ports = ["8080"], tars = [":image-tar-svc"], workdir = "/opt", )
  • 15.
    Buildah Tool Components /Focus / Limitations / Benefits libcontainer runtime (library) runc runtime containerd runtime, container, image, registry cri-o runtime, container, image, registry docker runtime, container, image, registry, build podman container, image, registry, build (client only, no daemon) buildah build, container, image, registry (client only, no daemon) bazel (docker rules) build, registry (limited, portable, hermetic)
  • 16.
    References @olgch; @kublr github.com/opencontainers/image-spec github.com/opencontainers/runtime-spec github.com/opencontainers/distribution-spec github.com/opencontainers/artifacts OCI Specifications(Alibaba Blog) https://mobyproject.org/ https://cri-o.io/ https://github.com/cri-o/cri-o https://podman.io/ https://buildah.io/ https://bazel.build/
  • 17.
    Beyond the Presentation ●Docker Swarm, Notary etc, … ● Image registries ● CRI-O CLI tools ● Windows Containers
  • 18.
  • 19.