CRI Runtimes Deep-Dive: Who's Running My Pod!?

•

2 likes•636 views

A talk given at QCon NYC on Wednesday, June 27, 2018 in the Container track, focused on helping developers understand the inner workings of pluggable container runtimes in the Kubernetes world. The second half of this talk is not available in slide form, but should be available via QCon video. The non-slide talk content included hands-on-keyboard demonstrations of various tools which can be used to investigate and introspect kubelet and pod -> container runtime boundaries and details, all shown in IBM Cloud using the containerd runtime underneath a Kubernetes 1.11 cluster.

Software

@estesp
CRI Runtimes: Who
is running my pod?

@estesp
Hello!
I’m Phil Estes
Distinguished Engineer & CTO,
Linux OS & Container Architecture
IBM Watson & Cloud Platform
Docker Captain, containerd maintainer
@estesp

@estesp
Docker Containers
$ docker run redis
$ docker ps
$ docker stop redis
$ docker build -t myapp .

@estesp
(See the CNCF CCoC CoC)
You are using Kubernetes aren’t you?
?

@estesp
kubelet dockershim dockerd
containerd
runc
https://github.com/kubernetes/kubernetes/tree/release-1.4/pkg/kubelet/dockershim
Kubernetes doesn’t run your containers

@estesp
Kubernetes Container Runtime
CRI
▧ K8s API
▧ Storage
▧ Networking (CNI)
▧ Healthchecks
▧ Placement
▧ Custom resources
▧ Pod container
lifecycle
○ Start/stop/delete
▧ Image management
○ Push/pull/status
▧ Status
▧ Container interactions
○ attach, exec, ports, log

@estesp
kubelet
dockershim
dockerd
kubelet
cri-containerd
containerd
kubelet
cri-o
runc
kubelet
frakti
runV dockerd
kubelet --container-runtime {string}
--container-runtime-endpoint {string}
What Runtimes Exist?

@estesp
The benefits of runtime
pluggability are mostly focused on
operational concerns.

@estesp
What do I need?
▧ Performance
▧ Stability
▧ (Optional) Hypervisor Isolation
▧ Security Capabilities
▧ Broad Usage
▧ Multi-architecture Support

@estesp
Containerd: A Core Runtime
runc
containerd

@estesp
Containerd Benefits
● Designed with broad usage as a
core container runtime:
○ Docker, LinuxKit, Kubernetes
and embedded core runtime
use cases (OpenWhisk, Cloud
Foundry)
● Stress testing for stability and
performance guarantees 24/7
● Usable Go library (or gRPC) for ease
of embedding
● Compatibility guarantees; bug fix
backports for stable support

@estesp
Containerd + CRI
https://kubernetes.io/blog/2018/05/24/kubernetes-containerd-integration-goes-ga/

@estesp
Containerd in the Cloud(s)
▧ Kelsey Hightower’s “Kubernetes the Hard Way”
deploys containerd as the kubelet runtime
▧ GKE alpha: containerd-based K8s clusters
▧ IBM Cloud: containerd-based clusters in staging
▧ Azure: OSS acs-engine includes containerd; AKS
moving to containerd (but CRI-O for OpenShift)
▧ Amazon: still reviewing runtime options for EKS
▧ CloudFoundry: moving to containerd from runc

@estesp
Kubernetes 1.11 + contained 1.1.0

@estesp
Going Further
▧ crictl User’s Guide:
https://github.com/containerd/cri/blob/master/docs/crictl.md
▧ Stephen Day’s KubeCon 2018 containerd talk:
https://www.youtube.com/watch?v=3AynH3c0F8M
▧ Containerd project:
https://github.com/containerd/containerd

@estesp
Thanks!
Any questions?
You can find me at:
@estesp
estesp@gmail.com

@estesp
Credits
Special thanks to all the people who made and
released these awesome resources for free:
▧ Presentation template by SlidesCarnival
▧ Photographs by Unsplash
▧ Backgrounds by Pixeden

What's hot

Containerd Internals: Building a Core Container Runtime

Phil Estes

A talk given at Craft Conf in Budapest, Hungary on May 10th, 2019. In this talk, Phil walked through the history of the need for a Container Runtime Interface (CRI) in Kubernetes, followed by an overview of all available CRI implementations, focusing on containerd, the CNCF core container runtime used in many clouds and projects. Phil demonstrated the "layers" of interaction from Kubernetes API, to CRI API to a container runtime's native API using an IBM Cloud Kubernetes cluster using containerd 1.2.6.

CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?

Phil Estes

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc. containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users.

The State of containerd

Moby Project

CRI-containerd

Moby Project

rkt is a modern container runtime, built for security, efficiency, and composability. Kubernetes is a modern cluster orchestration system allowing users. Kubernetes doesn't directly execute application containers but instead delegate to a container runtime, which is integrated at the kubelet (node) level. When Kubernetes first launched, the only supported container runtime was Docker - but in recent months, we've been hard at work integrating rkt as an alternative container runtime, aka "rktnetes". The goal of "rktnetes" is to have first-class integration between rkt and the kubelet, and allow Kubernetes users to take advantage of some of rkt's unique features. This talk will describe how rkt works, some of the features that make it unique as a container runtime, and some of the process of integrating an alternative container runtime with Kubernetes, as well as the latest state of "rktnetes."Introduction to rkt, including special/unique features. Sched Link: http://sched.co/6BY7

KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes

KubeAcademy

LinuxKit, a toolkit for building custom minimal, immutable Linux distributions. Secure defaults without compromising usability Everything is replaceable and customisable Immutable infrastructure applied to building Linux distributions Completely stateless, but persistent storage can be attached Easy tooling, with easy iteration Built with containers, for running containers Designed for building and running clustered applications, including but not limited to container orchestration such as Docker or Kubernetes Designed from the experience of building Docker Editions, but redesigned as a general-purpose toolkit Designed to be managed by external tooling, such as Infrakit or similar tools Includes a set of longer-term collaborative projects in various stages of development to innovate on kernel and userspace changes, particularly around security

LinuxKit

Moby Project

Docker London Meetup: Docker Engine Evolution

Phil Estes

Introduction kubernetes 2017_12_24

Sam Zheng

Virtualization inside kubernetes

inwin stack

Let's Try Every CRI Runtime Available for Kubernetes

Phil Estes

Moby Summit introduction

Moby Project

Enabling Security via Container Runtimes

Phil Estes

Kubernetes 架構與虛擬化之差異

inwin stack

Giving Back to Upstream | DockerCon 2019

Phil Estes

How to Achieve Canary Deployment on Kubernetes

HanLing Shen

Securing Containerized Applications: A Primer

Phil Estes

The Met Office Informatics Lab includes scientists, developers and designers. We build prototypes exploring new technologies to make environmental data useful. Here we describe a recent project to process multi-dimensional weather data to create a fully interactive 4D browser application. We used long-running containers to serve data and web pages and short-running processes to ingest and compress the data. Forecast data is issued every three hours so our data ingestion goes through regular and predictable bursts (i.e. perfect for autoscaling). We built a Kubernetes cluster in an AWS group which auto-scales based on load. We used replication controllers to process the data. Every three hours ingestion jobs are added to a queue and the number of ingestion containers are set in proportion to the queue length. Each worker completes exactly one ingestion job from the queue and then exits, at which point Kubernetes creates a new one to process the next message. This has allowed us to remove the lifespan logic from the containers and keep them light, fast and massively scalable. We are now in the process of using this in our production systems. Sched Link: http://sched.co/6BWQ

KubeCon EU 2016: Killing containers to make weather beautiful

KubeAcademy

Kubernetes is a container orchestrator platform, not the docker platform. It means we can switch to a different container solutions in the Kubernetes environment and the key point is the CRI, container runtime intface. We will talked about what is the CRI and how to use it in the Kubernetes world, we also introduce what is the OCI, the basic concept of the OCI, inclduing Runtime spec and Image spec.

Introduction to CRI and OCI

HungWei Chiu

Docker Summit 2016 - Kubernetes: Sweets and Bitters

smalltown

Docker e git lab

Gianluca Padovani

What's hot (20)

Containerd Internals: Building a Core Container Runtime

CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?

The State of containerd

CRI-containerd

KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes

LinuxKit

Docker London Meetup: Docker Engine Evolution

Introduction kubernetes 2017_12_24

Virtualization inside kubernetes

Let's Try Every CRI Runtime Available for Kubernetes

Moby Summit introduction

Enabling Security via Container Runtimes

Kubernetes 架構與虛擬化之差異

Giving Back to Upstream | DockerCon 2019

How to Achieve Canary Deployment on Kubernetes

Securing Containerized Applications: A Primer

KubeCon EU 2016: Killing containers to make weather beautiful

Introduction to CRI and OCI

Docker Summit 2016 - Kubernetes: Sweets and Bitters

Docker e git lab

Similar to CRI Runtimes Deep-Dive: Who's Running My Pod!?

Containerize! Between Docker and Jube.

Henryk Konsek

Kubernetes Architecture and Introduction – Paris Kubernetes Meetup

Stefan Schimanski

Kubernetes Architecture and Introduction

Stefan Schimanski

Kubernetes (/ˌk(j)uːbərˈnɛtɪs, -ˈneɪtɪs, -ˈneɪtiːz, -ˈnɛtiːz/, commonly stylized as K8s[3]) is an open-source container orchestration system for automating software deployment, scaling, and management.[4][5] Google originally designed Kubernetes, but the Cloud Native Computing Foundation now maintains the project. Kubernetes works with Docker, Containerd, and CRI-O.[6] Originally, it interfaced exclusively with the Docker runtime[7] through a "Dockershim"; however, from 2016[citation needed] up to April 2022, Kubernetes has deprecated the shim in favor of directly interfacing with the container through Containerd, or replacing Docker with a runtime that is compliant with the Container Runtime Interface (CRI).[8][9][10] With the release of v1.24 in May 2022, "Dockershim" has been removed entirely.[11] Amazon, Google, IBM, Microsoft, Oracle, Red Hat, SUSE, and VMware offer Kubernetes-based platforms or infrastructure as a service (IaaS) that deploy Kubernetes.[12][13]

Kubernetes I Deep Dive.pptx

ssuser368371

The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration

Erica Windisch

Building Clustered Applications with Kubernetes and Docker

Steve Watt

Docker, Atomic Host and Kubernetes.

Jooho Lee

Docker Support

HPCC Systems

Docker Oxford launch - Introduction to Docker

jonatanblue

Kubernetes Introduction

Martin Danielsson

Kubernetes Intro @HaufeDev

Haufe-Lexware GmbH & Co KG

Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!

smalltown

Docker Kubernetes Istio

Araf Karsh Hamid

Container Runtimes: Comparing and Contrasting Today's Engines

Phil Estes

Docker Meetup Rosenheim: Container Runtimes

Nico Meisenzahl

Managing Container Clusters in OpenStack Native Way

Qiming Teng

In this talk Ben will walk you through running Cassandra in a docker environment to give you a flexible development environment that uses only a very small set of resources, both locally and with your favorite cloud provider. Lessons learned running Cassandra with a very small set of resources are applicable to both your local development environment and larger, less constrained production deployments.

Cassandra and Docker Lessons Learned

DataStax Academy

In less than two years Docker went from first line of code to major Open Source project with contributions from all the big names in IT. Everyone is excited, but what's in for me - as a Dev or Ops? In short, Docker makes creating Development, Test and even Production environments an order of magnitude simpler, faster and completely portable across both local and cloud infrastructure. We will start from Docker main concepts: how to create a Linux Container from base images, run your application in it, and version your runtimes as you would with source code, and finish with a concrete example.

Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...

Codemotion

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2mV7h6c. Phil Estes talks about CRI implementations, and gives a hands-on demonstration of how Kubernetes, the CRI, and CRI-supporting runtimes work together to handle the container lifecycle within their K8s pods. He digs into the useful capabilities of the CRI and how to understand the inner workings between Kubernetes and the CRI container runtimes that support it. Filmed at qconnewyork.com. Phil Estes is a Distinguished Engineer & CTO, Container and Linux OS Architecture Strategy for the IBM Watson and Cloud Platform division. He is currently an OSS maintainer in the Docker engine project, the CNCF container project, and is a member of both the Open Container Initiative Technical Oversight Board and the Moby Technical Steering Committee.

CRI Runtimes Deep Dive: Who's Running My Kubernetes Pod!?

C4Media

Containers #101 Meetup: Containers and OpenStack

Codefresh

Similar to CRI Runtimes Deep-Dive: Who's Running My Pod!? (20)

Containerize! Between Docker and Jube.

Kubernetes Architecture and Introduction – Paris Kubernetes Meetup

Kubernetes Architecture and Introduction

Kubernetes I Deep Dive.pptx

The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration

Building Clustered Applications with Kubernetes and Docker

Docker, Atomic Host and Kubernetes.

Docker Support

Docker Oxford launch - Introduction to Docker

Kubernetes Introduction

Kubernetes Intro @HaufeDev

Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!

Docker Kubernetes Istio

Container Runtimes: Comparing and Contrasting Today's Engines

Docker Meetup Rosenheim: Container Runtimes

Managing Container Clusters in OpenStack Native Way

Cassandra and Docker Lessons Learned

Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...

CRI Runtimes Deep Dive: Who's Running My Kubernetes Pod!?

Containers #101 Meetup: Containers and OpenStack

More from Phil Estes

Extended and embedding: containerd update & project use cases

Phil Estes

Cloud Native TLV Meetup: Securing Containerized Applications Primer

Phil Estes

Securing Containerized Applications: A Primer

Phil Estes

A keynote given at JAX Con 2019 on May 7th in Mainz, Germany. In this keynote address, Phil presented four "buzzwords": containers, cloud, microservices, and open source and compared those technology areas against three main needs--speed, security, and efficiency--which seem to be common among enterprises today. Phil gives real world examples from IBM Cloud customers as well as detailing IBM's own transformation to a cloud native, container first approach to our own service delivery.

JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...

Phil Estes

FOSDEM 2019: A containerd Project Update

Phil Estes

A talk presented at the Moby Summit, Los Angeles (a co-located event with the Open Source Summit North America) on Thursday, September 14, 2017. In this talk, an open source tool, bucketbench, was presented as a way to benchmark container runtimes to compare performance impacts of changes in the runtime or changes to the configuration of Docker, runC, or containerd, the three runtimes currently supported in the bucketbench project.

Bucketbench: Benchmarking Container Runtime Performance

Phil Estes

AtlanTEC 2017: Containers! Why Docker, Why NOW?

Phil Estes

A talk given at Open Container Day at O'Reilly's OSCON convention in Austin, Texas on May 9th, 2017. This talk describes an open source project, bucketbench, which can be used to compare performance, stability, and throughput of various container engines. Bucketbench currently supports docker, containerd, and runc, but can be extended to support any container runtime. This work was done in response to performance investigations by the Apache OpenWhisk team in using containers as the execution vehicle for functions in their "Functions-as-a-Service" runtime. Find out more about bucketbench here: https://github.com/estesp/bucketbench

Quantifying Container Runtime Performance: OSCON 2017 Open Container Day

Phil Estes

Empower Your Docker Containers with Watson - DockerCon 2017 Austin

Phil Estes

This talk, a case study in application deployment models, was given at IBM InterConnect 2017 in Las Vegas, NV on March 21, 2017 by Lin Sun & Phil Estes of IBM Cloud. In this talk, Lin & Phil provided a background of IBM Bluemix compute offerings across Cloud Foundry, Containers + Kubernetes, and FaaS/serverless via OpenWhisk and then used a demo application to describe the tradeoffs between using the various deployment models and technology. The application is open source and available at https://github.com/estesp/flightassist

Containerize, PaaS, or Go Serverless!?

Phil Estes

Diving Through The Layers: Investigating runc, containerd, and the Docker eng...

Phil Estes

Container Security: How We Got Here and Where We're Going

Phil Estes

Devoxx 2016: A Developer's Guide to OCI and runC

Phil Estes

A talk presented by Phil Estes & Shaun Murakami, IBM Cloud Open Technologies, at the Barcelona OpenStack Summit on October 25, 2016. This talk covers a new feature that will be available in the Docker 1.13 engine for using the CRIU project to checkpoint and restore container processes on Linux. Phil & Shaun present details of this new capability and then demonstrate a proof-of-concept "live migration" of containers across nova compute hosts.

Live Container Migration: OpenStack Summit Barcelona 2016

Phil Estes

More from Phil Estes (14)

Extended and embedding: containerd update & project use cases

Cloud Native TLV Meetup: Securing Containerized Applications Primer

Securing Containerized Applications: A Primer

JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...

FOSDEM 2019: A containerd Project Update

Bucketbench: Benchmarking Container Runtime Performance

AtlanTEC 2017: Containers! Why Docker, Why NOW?

Quantifying Container Runtime Performance: OSCON 2017 Open Container Day

Empower Your Docker Containers with Watson - DockerCon 2017 Austin

Containerize, PaaS, or Go Serverless!?

Diving Through The Layers: Investigating runc, containerd, and the Docker eng...

Container Security: How We Got Here and Where We're Going

Devoxx 2016: A Developer's Guide to OCI and runC

Live Container Migration: OpenStack Summit Barcelona 2016

Recently uploaded

Migrating your customer service data from Zendesk to Re:amaze can significantly enhance your support operations, but it requires careful planning and execution. "A Guideline to Zendesk to Re:amaze Data Migration" is designed to assist businesses in managing this transition smoothly and efficiently. This comprehensive guide covers all aspects of the data migration process, ensuring that your data is transferred accurately and effectively.

A Guideline to Zendesk to Re:amaze Data Migration

Help Desk Migration

A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1

KnowledgeSeed

How to install and activate eGrabber JobGrabber

eGrabber

Discover the numerous advantages of utilizing employee monitoring software in your organization with our comprehensive PDF guide. Learn how this technology can enhance productivity, streamline operations, and improve overall efficiency in the workplace. Explore the benefits of employee monitoring software and unlock its potential to drive success for your business. Download our PDF to gain valuable insights into maximizing the benefits of this powerful tool.

Benefits of Employee Monitoring Software

Mera Monitor

Key takeaways: Challenges of building platforms and the benefits of platformless. Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience. How Choreo enables the platformless experience. How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo. Demo of an end-to-end app built and deployed on Choreo.

Accelerate Enterprise Software Engineering with Platformless

WSO2

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

WSO2

SaaS website Design is a process of developing a seamless platform for organizations to achieve their operational goals. This process requires awareness of the target audience, industry trends, design, organizational goals, and the business landscape to build a competitive product. SaaS UX design plays a significant role in the success of any SaaS application. A product is complete only when it is visually appealing and narrated well. This could be done through expert designs that catch every eye and bring user satisfaction. Well-organized UX design can completely transform how users engage with an organization’s services. Enterprises these days are looking for top SaaS website designers to promote their services and ideas.

How To Build a Successful SaaS Design.pdf

ayushiqss

Using IESVE for Room Loads Analysis - Australia & New Zealand

IES VE

Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...

Abortion Clinic

De mooiste recreatieve routes ontdekken met RouteYou en FME

Jelle | Nordend

Petr Matuska, Sales & Sales Engineering Lead, GraphAware Western Australia Police Force’s adoption of Neo4j and the GraphAware Hume graph analytics platform marks a significant advancement in data-driven policing. Facing the challenges of growing volumes of valuable data scattered in disconnected silos, the organisation successfully implemented Neo4j database and Hume, consolidating data from various sources into a dynamic knowledge graph. The result was a connected view of intelligence, making it easier for analysts to solve crime faster. The partnership between Neo4j and GraphAware in this project demonstrates the transformative impact of graph technology on law enforcement’s ability to leverage growing volumes of valuable data to prevent crime and protect communities.

GraphAware - Transforming policing with graph-based intelligence analysis

Neo4j

This is a classic migration case study (the past, current and the future) at scale from a world-wide company transitioning from Confluent Platform and Confluent Cloud to self-managed Apache Kafka on Kubernetes using Strimzi. At Maersk, we have been architecting, designing and implementing our 3rd generation Event Streaming Platform. This platform is based on Kubernetes in Azure and using Strimzi to operate Apache Kafka at large scale, highly reliable, segregating data based on isolated use cases. Our 2nd generation was based on OnPrem Confluent Platform and Confluent Cloud and this presentation is the story of this migration and reasoning behind it. Furthermore, we would get into details on how we monitor (Grafana, Prometheus), alert (GoAlert and alert as code), operate and provide self-service solutions on top of Strimzi to enable business critical application in Maersk, implemented in GoLang using the GitOps deployment model with Flux and Kustomization among others. Finally, if time allows we will end with a demo of an open-source self service tool to monitor and explore the cluster with most wanted features such as topic message browsing and configuring and restarting connectors.

StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi

steffenkarlsson2

Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload. Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.

Designing for Privacy in Amazon Web Services

KrzysztofKkol1

This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.

top nidhi software solution freedownload

vrstrong314

KLARNA - Language Models and Knowledge Graphs: A Systems Approach

Neo4j

Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.

TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR

Tier1 app

JustNaik Solution Deck (stage bus sector)

Max Lee

Breaking the Code : A Guide to WhatsApp Business API.pdf

Meon Technology

Top Mobile App Development Companies 2024

XongoLab Technologies LLP

How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?

XfilesPro

Recently uploaded (20)

A Guideline to Zendesk to Re:amaze Data Migration

A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1

How to install and activate eGrabber JobGrabber

Benefits of Employee Monitoring Software

Accelerate Enterprise Software Engineering with Platformless

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

How To Build a Successful SaaS Design.pdf

Using IESVE for Room Loads Analysis - Australia & New Zealand

Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...

De mooiste recreatieve routes ontdekken met RouteYou en FME

GraphAware - Transforming policing with graph-based intelligence analysis

StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi

Designing for Privacy in Amazon Web Services

top nidhi software solution freedownload

KLARNA - Language Models and Knowledge Graphs: A Systems Approach

TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR

JustNaik Solution Deck (stage bus sector)

Breaking the Code : A Guide to WhatsApp Business API.pdf

Top Mobile App Development Companies 2024

How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?

CRI Runtimes Deep-Dive: Who's Running My Pod!?

1. @estesp CRI Runtimes: Who is running my pod?

2. @estesp Hello! I’m Phil Estes Distinguished Engineer & CTO, Linux OS & Container Architecture IBM Watson & Cloud Platform Docker Captain, containerd maintainer @estesp

3. @estesp Docker Containers $ docker run redis $ docker ps $ docker stop redis $ docker build -t myapp .

4. @estesp (See the CNCF CCoC CoC) You are using Kubernetes aren’t you? ?

5. @estesp orchestrator Kubernetes is an

6. @estesp kubelet dockershim dockerd containerd runc https://github.com/kubernetes/kubernetes/tree/release-1.4/pkg/kubelet/dockershim Kubernetes doesn’t run your containers

7. @estesp

8. @estesp Kubernetes Container Runtime CRI ▧ K8s API ▧ Storage ▧ Networking (CNI) ▧ Healthchecks ▧ Placement ▧ Custom resources ▧ Pod container lifecycle ○ Start/stop/delete ▧ Image management ○ Push/pull/status ▧ Status ▧ Container interactions ○ attach, exec, ports, log

9. @estesp kubelet dockershim dockerd kubelet cri-containerd containerd kubelet cri-o runc kubelet frakti runV dockerd kubelet --container-runtime {string} --container-runtime-endpoint {string} What Runtimes Exist?

10. @estesp But... why should I care?

11. @estesp The benefits of runtime pluggability are mostly focused on operational concerns.

12. @estesp runtimes

13. @estesp What do I need? ▧ Performance ▧ Stability ▧ (Optional) Hypervisor Isolation ▧ Security Capabilities ▧ Broad Usage ▧ Multi-architecture Support

14. @estesp Containerd: A Core Runtime runc containerd

15. @estesp Containerd Benefits ● Designed with broad usage as a core container runtime: ○ Docker, LinuxKit, Kubernetes and embedded core runtime use cases (OpenWhisk, Cloud Foundry) ● Stress testing for stability and performance guarantees 24/7 ● Usable Go library (or gRPC) for ease of embedding ● Compatibility guarantees; bug fix backports for stable support

16. @estesp Containerd + CRI https://kubernetes.io/blog/2018/05/24/kubernetes-containerd-integration-goes-ga/

17. @estesp Containerd in the Cloud(s) ▧ Kelsey Hightower’s “Kubernetes the Hard Way” deploys containerd as the kubelet runtime ▧ GKE alpha: containerd-based K8s clusters ▧ IBM Cloud: containerd-based clusters in staging ▧ Azure: OSS acs-engine includes containerd; AKS moving to containerd (but CRI-O for OpenShift) ▧ Amazon: still reviewing runtime options for EKS ▧ CloudFoundry: moving to containerd from runc

18. @estesp Kubernetes 1.11 + contained 1.1.0

19. @estesp Demo time

20. @estesp Going Further ▧ crictl User’s Guide: https://github.com/containerd/cri/blob/master/docs/crictl.md ▧ Stephen Day’s KubeCon 2018 containerd talk: https://www.youtube.com/watch?v=3AynH3c0F8M ▧ Containerd project: https://github.com/containerd/containerd

21. @estesp Thanks! Any questions? You can find me at: @estesp estesp@gmail.com

22. @estesp Credits Special thanks to all the people who made and released these awesome resources for free: ▧ Presentation template by SlidesCarnival ▧ Photographs by Unsplash ▧ Backgrounds by Pixeden

CRI Runtimes Deep-Dive: Who's Running My Pod!?

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to CRI Runtimes Deep-Dive: Who's Running My Pod!?

Similar to CRI Runtimes Deep-Dive: Who's Running My Pod!? (20)

More from Phil Estes

More from Phil Estes (14)

Recently uploaded

Recently uploaded (20)

CRI Runtimes Deep-Dive: Who's Running My Pod!?