CRI-containerd
•Download as PPTX, PDF•
2 likes•942 views
Containerd-based implementation of Kubernetes Container Runtime Interface
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to CRI-containerd
Similar to CRI-containerd (20)
More from Moby Project
Recently uploaded
Recently uploaded (20)
CRI-containerd
- 2. CRI-Containerd Status Update CRI-Containerd Demo Add picture here Lantao Liu Google Software Engineer Abhinandan Prativadi Docker Software Engineer
- 4. Agenda Container Runtime Interface (CRI) CRI & Containerd CRI-Containerd Demo Q & A
- 6. Container Runtime Interface What is Container Runtime Interface - CRI ? - A gRPC interface and a group of libraries - Enables Kubernetes to use a wide variety of container runtimes - Introduced in Kubernetes 1.5 Kubelet CRI gRPC client CRI shim CRI gRPC server container runtime container container container container container
- 7. Container Runtime Interface CRI Runtimes - cri-containerd: https://github.com/kubernetes-incubator/cri-containerd - cri-o: https://github.com/kubernetes-incubator/cri-o - Docker (Upstream): https://github.com/kubernetes/kubernetes/tree/master/pkg/kubelet/dockershi m - frakti: https://github.com/kubernetes/frakti - rktlet: https://github.com/kubernetes-incubator/rktlet - virtlet: https://github.com/Mirantis/virtlet
- 8. Container Runtime Interface CRI Tools - https://github.com/kubernetes-incubator/cri-tools - critest: CRI Validation Test Suite - crictl: CRI Command Line Tool
- 10. Containerd scope is just right for Kubernetes. Containerd Scope (In/Out) CRI Requirement Container Lifecycle Management In Container Create/Start/Stop/Delete/List/Inspect (✔) Image Management In Pull/List/Inspect (✔) Networking Out. Network namespace. Just enough. (✔) CRI & Containerd Containerd scope is just right for Kubernetes.
- 11. Containerd Scope (In/Out) CRI Requirement Volumes Out. Host path mount. Just enough. (✔) Persistent Container Logging Out. STDIO as FIFOs. Decorate to CRI log format. (✔) Metrics In. Container memory/cpu usage; image filesystem disk/inode usage. (✔) CRI & Containerd
- 12. CRI & Containerd Other alignments with Kubernetes: - Decentralized container management - containerd-shim. - Live restore. - Overhead charge back to pod. - Decoupled image and container management. - Support other image formats (e.g. tarball). - Support OCI image/runtime spec. - CNCF project. - ... Other alignments with Kubernetes: - Decentralized container management - containerd-shim. - Live restore. - Overhead charge back to pod. - Decoupled image and container management. - Support other image formats (e.g. tarball). - Support OCI image/runtime spec. - CNCF project. - ...
- 13. CRI-Containerd
- 14. CRI-Containerd cri-containerd: A CRI implementation for containerd. - https://github.com/kubernetes-incubator/cri-containerd - Kubernetes incubator project. - Started in April 2017. container containerKubelet dockershim docker containerd container container CRI container container Kubelet cri-containerd containerd container container CRI dockershim cri-containerd
- 15. CRI-Containerd Architecture Pod B Pod A Cgroups Pod A Namespaces cri-containerd sandbox container containerd shim image service runtime service Kubelet CR I Client containerd shim container A ocicni
- 16. CRI-Containerd Status CRI-Containerd 1.0.0-alpha.0 - Kubernetes 1.7+, Containerd v1.0.0-beta.1, CNI Spec v0.3.1. - Feature Complete. - 57/57 CRI validation tests passing. - 188/188 regular node e2e tests passing. - Use kubeadm to bring up Kubernetes cri-containerd cluster. (ansible, custom) - Kubernetes the hard way. - Contributors from Google, IBM, Docker, ZTE, ZJU etc.
- 17. CRI-Containerd Roadmap Q4: Additional testing, bug fixes and usability. - FULL SET of e2e test in Kubernetes test infrastructure. - Upstream Kubernetes kube-up.sh integration. - Debug CLI crictl. - 1.0.0-beta.0 by the end of 2017.
- 18. Demo
- 19. Demo ● Kubernetes cluster with CRI-Containerd and containerd ● Sample micro services deployment ● Serverless
- 20. Moby Store cart catalogue cart-db catalogue-db linuxkit builder
- 21. Recap CRI is the standard way to integrate Container Runtime with Kubernetes. Containerd matches CRI and Kubernetes’ requirement very well. CRI-Containerd is 1.0.0-alpha.0.
- 22. Links - Github: https://github.com/kubernetes-incubator/cri-containerd - Slack: https://kubernetes.slack.com/messages/sig-node - Mailing List: https://groups.google.com/forum/#!forum/kubernetes- sig-node - Maintainers: - Lantao Liu <lantaol@google.com> Ramdom-Liu@github - Abhi Prativadi <abhi@docker.com> abhi@github - Mike Brown <brownwm@us.ibm.com> mikebrow@github
- 23. Q&A
Editor's Notes
- Hi, everyone! I’m Lantao from Google Kubernetes team. Today, I’m going to talk about our work to integrate containerd with Kubernetes. We call this project CRI-Containerd.
- I’ll firstly give a status update of cri-containerd. And then abhi is going to give a demo. This is Abhi, he works in Docker, and he’s also a maintainer of cri-containerd.
- I believe you have seen this picture for several times during the Dockercon. Actually in this picture, there are 2 new things coming. The first one, of course, is that Docker is going to natively support Kubernetes. But actually there is a second one, that Kubernetes will be able to run on top of containerd directly, instead of the docker engine. And it’s cri-containerd making this happen.
- In this talk, we’ll firstly give a quick review of Kubernetes Container Runtime Interface, we call it CRI for short. It enables Kubernetes to support different container runtimes, including containerd. And then we’ll analyze the scope of containerd, and you’ll see that it matches CRI’s requirement pretty well. After that, we’ll give a status update of CRI-Containerd, and Abhi will give the demo.
- CRI is a gRPC interface with a group of libraries. It defines all the functionalities Kubernetes requires from the container runtime. In theory, any container runtime implements this interface could be used by Kubernetes. CRI was introduced from Kubernetes 1.5. Today when you bring up a cluster, it’s talking with Docker engine through CRI.
- There are several ongoing CRI container runtime work now. cri-containerd is the one we are talking today, it’s a CRI implementation based on containerd. Other than that, there is cri-o, a CRI implementation built directly from runC; Docker engine, the default one in upstream today; frakti, based on hyper, a VM-based container runtime solution; rktlet, based on rkt; virtlet, another VM based solution.
- We also have a CRI project called CRI tools. It contains a series of debugging and validation tools for CRI. Including the CRI Validation Test, which is a test suite validates whether a CRI runtime meets the requirement; the CRI Command Line Tool, which is a portable command line tool talking with CRI directly. It’s mainly for troubleshooting. And that’s the status of CRI today.
- In short word, the scope of containerd is just right for Kubernetes. As shown in the table, all required functionalities are provided, and no unnecessary functionalities are included.
- For example, for container logging. CRI has specific requirement on container log format and path. Today, Docker engine manages container logs in a way incompatible with Kubernetes. By contrast, containerd doesn’t persist container output, container output is provided as FIFOs, which could be easily redirected and decorated as required by CRI. Another example is metrics. Kubernetes expects container runtime to provide container metrics (cpu, memory usage) and image filesystem metrics (disk usage). Previously, we got these metrics from cadvisor for Docker. However, because different container runtimes have different cgroup hierarchy and disk layout, it’s hard to support them all. And for VM based container runtime and Windows container, it’s even harder. So we want container runtime itself to provide these information. Containerd provides all CRI required metrics as part of the API.
- Other than the ones mentioned above, there are many more alignments with Kubernetes, such as decentralized container management, decoupling image management and container management, support OCI, it’s a CNCF project and so on. Overall, technically, containerd is a very good alternative container runtime for Kubernetes.
- CRI-Containerd is the containerd-based CRI implementation. It uses containerd to implement CRI. It’s a Kubernetes incubator project now, started in April. Compared with today’s docker integration, we could see that `cri-containerd` eliminates one extra hop in the stack.
- This is the architecture of CRI-Containerd. Say now Kubernetes wants to create a new pod: Kubelet talks with CRI-Containerd though CRI to create a new sandbox and application containers inside; CRI-containerd handles the request, and talks to containerd with containerd client, to create the sandbox container, and application container, and make sure them in the right namespaces and cgroups; CRI-Containerd then calls CNI to configure the network namespace of the sandbox. After all those are done, we have a running pod. Please note that this is just a simplified process, just for demonstration, there are a lot of details not mentioned here.
- CRI-Containerd is 1.0.0-alpha.0 now. It supports kubernetes 1.7 and above, and is using containerd v1.0.0-beta.1. It is feature complete. It means that you could try all existing Kubernetes features with it. It has passed all CRI validation test, as is mentioned above, the test suite is used to validate whether a CRI implementation meets all the requirement. It has also passed all regular node e2e test, which is the test suite we use in upstream to validate the node level functionalities. We provide an ansible playbook to help you automatically bring up a Kubernetes cluster using cri-containerd as the container runtime. And we also have a document to help you customize you installation. Other than that, you could also checkout kelsey’s Kubernetes the hard way. It is using cri-containerd as the container runtime now. We have contributors from XXX. Thanks for the contribution!
- In Q4, we are going to focus on testing, bug fix and usability improvement. We’ll set up FULL SET of upstream e2e test in Kubernetes test infrastructure. We’ll also integrate cri-containerd with `kube-up.sh` and also kops in the future, so that user could bring up a production quality cluster using cri-containerd as the container runtime. We’ll also improve the debug CLI crictl, which should be the standard tool to trouble should CRI container runtime. We are going to release 1.0.0-beta.0 version by the end of this year. It will be production ready as long as containerd itself is ready for production. Show test grid. I am one of the authors/owners of CRI, we really want to make Kubernetes runtime portable, not only Kubelet itself. It also includes the whole pipeline, including the test infrastructure, cluster bootstrapping etc. Containerd is a very good opportunity for us to make the whole pipeline portable, e.g. for the node e2e test in the test grid I show, I need to make several upstream change to make it work. It will need more upstream change for cluster e2e test and cluster bootstrapping. As mentioned by steve, the design is targeting for the future 10 years, we want to do things right, thus we are not in a hurry.