Moby Project, profile picture
Uploaded byMoby Project
PPTX, PDF962 views

CRI-containerd

This document discusses CRI-Containerd, which is a CRI implementation that allows Kubernetes to use Containerd as its container runtime. It provides an overview of CRI and how it enables Kubernetes to work with different runtimes. It then discusses how Containerd's scope aligns well with CRI's requirements. It introduces CRI-Containerd and its architecture, and notes that it is now feature complete and passing all CRI and Kubernetes tests. Upcoming work includes additional testing, integration with kube-up.sh, and a 1.0.0-beta.0 release by the end of 2017. It concludes with a demo of CRI-Containerd in action.

Embed presentation

Downloaded 28 times
CRI-Containerd Kubernetes Containerd Integration
CRI-Containerd Status Update CRI-Containerd Demo Add picture here Lantao Liu Google Software Engineer Abhinandan Prativadi Docker Software Engineer
Agenda Container Runtime Interface (CRI) CRI & Containerd CRI-Containerd Demo Q & A
Container Runtime Interface (CRI)
Container Runtime Interface What is Container Runtime Interface - CRI ? - A gRPC interface and a group of libraries - Enables Kubernetes to use a wide variety of container runtimes - Introduced in Kubernetes 1.5 Kubelet CRI gRPC client CRI shim CRI gRPC server container runtime container container container container container
Container Runtime Interface CRI Runtimes - cri-containerd: https://github.com/kubernetes-incubator/cri-containerd - cri-o: https://github.com/kubernetes-incubator/cri-o - Docker (Upstream): https://github.com/kubernetes/kubernetes/tree/master/pkg/kubelet/dockershi m - frakti: https://github.com/kubernetes/frakti - rktlet: https://github.com/kubernetes-incubator/rktlet - virtlet: https://github.com/Mirantis/virtlet
Container Runtime Interface CRI Tools - https://github.com/kubernetes-incubator/cri-tools - critest: CRI Validation Test Suite - crictl: CRI Command Line Tool
CRI & Containerd
Containerd scope is just right for Kubernetes. Containerd Scope (In/Out) CRI Requirement Container Lifecycle Management In Container Create/Start/Stop/Delete/List/Inspect (✔) Image Management In Pull/List/Inspect (✔) Networking Out. Network namespace. Just enough. (✔) CRI & Containerd Containerd scope is just right for Kubernetes.
Containerd Scope (In/Out) CRI Requirement Volumes Out. Host path mount. Just enough. (✔) Persistent Container Logging Out. STDIO as FIFOs. Decorate to CRI log format. (✔) Metrics In. Container memory/cpu usage; image filesystem disk/inode usage. (✔) CRI & Containerd
CRI & Containerd Other alignments with Kubernetes: - Decentralized container management - containerd-shim. - Live restore. - Overhead charge back to pod. - Decoupled image and container management. - Support other image formats (e.g. tarball). - Support OCI image/runtime spec. - CNCF project. - ... Other alignments with Kubernetes: - Decentralized container management - containerd-shim. - Live restore. - Overhead charge back to pod. - Decoupled image and container management. - Support other image formats (e.g. tarball). - Support OCI image/runtime spec. - CNCF project. - ...
CRI-Containerd
CRI-Containerd cri-containerd: A CRI implementation for containerd. - https://github.com/kubernetes-incubator/cri-containerd - Kubernetes incubator project. - Started in April 2017. container containerKubelet dockershim docker containerd container container CRI container container Kubelet cri-containerd containerd container container CRI dockershim cri-containerd
CRI-Containerd Architecture Pod B Pod A Cgroups Pod A Namespaces cri-containerd sandbox container containerd shim image service runtime service Kubelet CR I Client containerd shim container A ocicni
CRI-Containerd Status CRI-Containerd 1.0.0-alpha.0 - Kubernetes 1.7+, Containerd v1.0.0-beta.1, CNI Spec v0.3.1. - Feature Complete. - 57/57 CRI validation tests passing. - 188/188 regular node e2e tests passing. - Use kubeadm to bring up Kubernetes cri-containerd cluster. (ansible, custom) - Kubernetes the hard way. - Contributors from Google, IBM, Docker, ZTE, ZJU etc.
CRI-Containerd Roadmap Q4: Additional testing, bug fixes and usability. - FULL SET of e2e test in Kubernetes test infrastructure. - Upstream Kubernetes kube-up.sh integration. - Debug CLI crictl. - 1.0.0-beta.0 by the end of 2017.
Demo
Demo ● Kubernetes cluster with CRI-Containerd and containerd ● Sample micro services deployment ● Serverless
Moby Store cart catalogue cart-db catalogue-db linuxkit builder
Recap CRI is the standard way to integrate Container Runtime with Kubernetes. Containerd matches CRI and Kubernetes’ requirement very well. CRI-Containerd is 1.0.0-alpha.0.
Links - Github: https://github.com/kubernetes-incubator/cri-containerd - Slack: https://kubernetes.slack.com/messages/sig-node - Mailing List: https://groups.google.com/forum/#!forum/kubernetes- sig-node - Maintainers: - Lantao Liu <lantaol@google.com> Ramdom-Liu@github - Abhi Prativadi <abhi@docker.com> abhi@github - Mike Brown <brownwm@us.ibm.com> mikebrow@github
Q&A

More Related Content

PDF
The State of containerd
byMoby Project
 
PPTX
Moby Summit introduction
byMoby Project
 
PDF
Libnetwork updates
byMoby Project
 
PDF
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
byPhil Estes
 
PDF
Docker London Meetup: Docker Engine Evolution
byPhil Estes
 
PDF
An Open Source Story: Open Containers & Open Communities
byPhil Estes
 
PDF
Containerd Project Update: FOSDEM 2018
byPhil Estes
 
PDF
Docker Engine Evolution: From Monolith to Discrete Components
byPhil Estes
 
The State of containerd
byMoby Project
 
Moby Summit introduction
byMoby Project
 
Libnetwork updates
byMoby Project
 
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
byPhil Estes
 
Docker London Meetup: Docker Engine Evolution
byPhil Estes
 
An Open Source Story: Open Containers & Open Communities
byPhil Estes
 
Containerd Project Update: FOSDEM 2018
byPhil Estes
 
Docker Engine Evolution: From Monolith to Discrete Components
byPhil Estes
 

What's hot

PPTX
Notary - container signing
byMoby Project
 
PDF
What's Running My Containers? A review of runtimes and standards.
byPhil Estes
 
PDF
Let's Try Every CRI Runtime Available for Kubernetes
byPhil Estes
 
PPTX
LinuxKit
byMoby Project
 
PDF
Docker Athens: Docker Engine Evolution & Containerd Use Cases
byPhil Estes
 
PDF
CRI Runtimes Deep-Dive: Who's Running My Pod!?
byPhil Estes
 
PDF
Embedding Containerd For Fun and Profit
byPhil Estes
 
PPTX
Kubernetes CRI containerd integration by Lantao Liu (Google)
byDocker, Inc.
 
PDF
It's 2018. Are My Containers Secure Yet!?
byPhil Estes
 
PDF
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
byPhil Estes
 
PDF
Enabling Security via Container Runtimes
byPhil Estes
 
PDF
CRI, OCI, and CRI-O
byChe-Chia Chang
 
PPTX
State of Builder and Buildkit by Tonis Tiigi (Docker)
byDocker, Inc.
 
PDF
containerd and CRI
byDocker, Inc.
 
PDF
Extended and embedding: containerd update & project use cases
byPhil Estes
 
PDF
Securing Containerized Applications: A Primer
byPhil Estes
 
PDF
FOSDEM 2019: A containerd Project Update
byPhil Estes
 
PDF
The relationship between Docker, Kubernetes and CRI
byHungWei Chiu
 
PDF
Cloud Native TLV Meetup: Securing Containerized Applications Primer
byPhil Estes
 
PDF
Securing Containerized Applications: A Primer
byPhil Estes
 
Notary - container signing
byMoby Project
 
What's Running My Containers? A review of runtimes and standards.
byPhil Estes
 
Let's Try Every CRI Runtime Available for Kubernetes
byPhil Estes
 
LinuxKit
byMoby Project
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
byPhil Estes
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
byPhil Estes
 
Embedding Containerd For Fun and Profit
byPhil Estes
 
Kubernetes CRI containerd integration by Lantao Liu (Google)
byDocker, Inc.
 
It's 2018. Are My Containers Secure Yet!?
byPhil Estes
 
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
byPhil Estes
 
Enabling Security via Container Runtimes
byPhil Estes
 
CRI, OCI, and CRI-O
byChe-Chia Chang
 
State of Builder and Buildkit by Tonis Tiigi (Docker)
byDocker, Inc.
 
containerd and CRI
byDocker, Inc.
 
Extended and embedding: containerd update & project use cases
byPhil Estes
 
Securing Containerized Applications: A Primer
byPhil Estes
 
FOSDEM 2019: A containerd Project Update
byPhil Estes
 
The relationship between Docker, Kubernetes and CRI
byHungWei Chiu
 
Cloud Native TLV Meetup: Securing Containerized Applications Primer
byPhil Estes
 
Securing Containerized Applications: A Primer
byPhil Estes
 

Similar to CRI-containerd

PDF
Introduction to CRI and OCI
byHungWei Chiu
 
PDF
Kubernetes on CRI-O
bySuraj Deshmukh
 
PPTX
containerd the universal container runtime
byDocker, Inc.
 
PDF
Introduction and Deep Dive Into Containerd
byKohei Tokunaga
 
PDF
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
byAkihiro Suda
 
PDF
20250617 [KubeCon JP 2025] containerd - Project Update and Deep Dive.pdf
byAkihiro Suda
 
PDF
Container Runtimes and Tooling
byKublr
 
PDF
[Japan Community Day at KubeCon JP 2025] Overview of containerd
byKohei Tokunaga
 
PDF
[KubeCon EU 2020] containerd Deep Dive
byAkihiro Suda
 
PDF
Docker meetup-20-apr-17-openshit
byYusuf Hadiwinata Sutandar
 
PDF
16. Cncf meetup-docker
byJuraj Hantak
 
PDF
20250403 [KubeCon EU] containerd - Project Update and Deep Dive.pdf
byAkihiro Suda
 
PDF
Container Runtimes and Tooling, v2
byKublr
 
PPTX
Interop 2018 - Understanding Kubernetes - Brian Gracely
byBrian Gracely
 
PPTX
Containers and Kubernetes -Notes Leo
byLéopold Gault
 
PDF
Intro to Kubernetes
bymatthewbrahms
 
PDF
Introduction to containers, k8s, Microservices & Cloud Native
byTerry Wang
 
PDF
Introduction to Containers - From Docker to Kubernetes and everything in between
byAll Things Open
 
PDF
Introduction to Kubernetes Workshop
byBob Killen
 
PDF
Introduction to kubernetes
byGabriel Carro
 
Introduction to CRI and OCI
byHungWei Chiu
 
Kubernetes on CRI-O
bySuraj Deshmukh
 
containerd the universal container runtime
byDocker, Inc.
 
Introduction and Deep Dive Into Containerd
byKohei Tokunaga
 
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
byAkihiro Suda
 
20250617 [KubeCon JP 2025] containerd - Project Update and Deep Dive.pdf
byAkihiro Suda
 
Container Runtimes and Tooling
byKublr
 
[Japan Community Day at KubeCon JP 2025] Overview of containerd
byKohei Tokunaga
 
[KubeCon EU 2020] containerd Deep Dive
byAkihiro Suda
 
Docker meetup-20-apr-17-openshit
byYusuf Hadiwinata Sutandar
 
16. Cncf meetup-docker
byJuraj Hantak
 
20250403 [KubeCon EU] containerd - Project Update and Deep Dive.pdf
byAkihiro Suda
 
Container Runtimes and Tooling, v2
byKublr
 
Interop 2018 - Understanding Kubernetes - Brian Gracely
byBrian Gracely
 
Containers and Kubernetes -Notes Leo
byLéopold Gault
 
Intro to Kubernetes
bymatthewbrahms
 
Introduction to containers, k8s, Microservices & Cloud Native
byTerry Wang
 
Introduction to Containers - From Docker to Kubernetes and everything in between
byAll Things Open
 
Introduction to Kubernetes Workshop
byBob Killen
 
Introduction to kubernetes
byGabriel Carro
 

More from Moby Project

PDF
FaaS-and-Furious
byMoby Project
 
PDF
Declare your infrastructure: InfraKit, LinuxKit and Moby
byMoby Project
 
PPTX
Moby and kubernetes entitlements
byMoby Project
 
PDF
Builder and BuildKit
byMoby Project
 
PDF
OpenWhisk and IBM cloud functions
byMoby Project
 
PDF
LinuxKit and OpenOverlay
byMoby Project
 
ODP
LinuxKit Swarm Nodes
byMoby Project
 
PDF
Using linuxKit to build custom rancherOS systems
byMoby Project
 
FaaS-and-Furious
byMoby Project
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
byMoby Project
 
Moby and kubernetes entitlements
byMoby Project
 
Builder and BuildKit
byMoby Project
 
OpenWhisk and IBM cloud functions
byMoby Project
 
LinuxKit and OpenOverlay
byMoby Project
 
LinuxKit Swarm Nodes
byMoby Project
 
Using linuxKit to build custom rancherOS systems
byMoby Project
 

Recently uploaded

PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
How to Evaluate a High Performance Database
byScyllaDB
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
API-First Architecture in Financial Systems
bycyy111112
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
How to Evaluate a High Performance Database
byScyllaDB
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 

CRI-containerd

  • 1.
  • 2.
    CRI-Containerd Status Update CRI-Containerd Demo Add picture here Lantao Liu GoogleSoftware Engineer Abhinandan Prativadi Docker Software Engineer
  • 4.
    Agenda Container Runtime Interface(CRI) CRI & Containerd CRI-Containerd Demo Q & A
  • 5.
  • 6.
    Container Runtime Interface Whatis Container Runtime Interface - CRI ? - A gRPC interface and a group of libraries - Enables Kubernetes to use a wide variety of container runtimes - Introduced in Kubernetes 1.5 Kubelet CRI gRPC client CRI shim CRI gRPC server container runtime container container container container container
  • 7.
    Container Runtime Interface CRIRuntimes - cri-containerd: https://github.com/kubernetes-incubator/cri-containerd - cri-o: https://github.com/kubernetes-incubator/cri-o - Docker (Upstream): https://github.com/kubernetes/kubernetes/tree/master/pkg/kubelet/dockershi m - frakti: https://github.com/kubernetes/frakti - rktlet: https://github.com/kubernetes-incubator/rktlet - virtlet: https://github.com/Mirantis/virtlet
  • 8.
    Container Runtime Interface CRITools - https://github.com/kubernetes-incubator/cri-tools - critest: CRI Validation Test Suite - crictl: CRI Command Line Tool
  • 9.
  • 10.
    Containerd scope isjust right for Kubernetes. Containerd Scope (In/Out) CRI Requirement Container Lifecycle Management In Container Create/Start/Stop/Delete/List/Inspect (✔) Image Management In Pull/List/Inspect (✔) Networking Out. Network namespace. Just enough. (✔) CRI & Containerd Containerd scope is just right for Kubernetes.
  • 11.
    Containerd Scope (In/Out) CRI Requirement Volumes Out. Hostpath mount. Just enough. (✔) Persistent Container Logging Out. STDIO as FIFOs. Decorate to CRI log format. (✔) Metrics In. Container memory/cpu usage; image filesystem disk/inode usage. (✔) CRI & Containerd
  • 12.
    CRI & Containerd Otheralignments with Kubernetes: - Decentralized container management - containerd-shim. - Live restore. - Overhead charge back to pod. - Decoupled image and container management. - Support other image formats (e.g. tarball). - Support OCI image/runtime spec. - CNCF project. - ... Other alignments with Kubernetes: - Decentralized container management - containerd-shim. - Live restore. - Overhead charge back to pod. - Decoupled image and container management. - Support other image formats (e.g. tarball). - Support OCI image/runtime spec. - CNCF project. - ...
  • 13.
  • 14.
    CRI-Containerd cri-containerd: A CRIimplementation for containerd. - https://github.com/kubernetes-incubator/cri-containerd - Kubernetes incubator project. - Started in April 2017. container containerKubelet dockershim docker containerd container container CRI container container Kubelet cri-containerd containerd container container CRI dockershim cri-containerd
  • 15.
    CRI-Containerd Architecture Pod B PodA Cgroups Pod A Namespaces cri-containerd sandbox container containerd shim image service runtime service Kubelet CR I Client containerd shim container A ocicni
  • 16.
    CRI-Containerd Status CRI-Containerd 1.0.0-alpha.0 -Kubernetes 1.7+, Containerd v1.0.0-beta.1, CNI Spec v0.3.1. - Feature Complete. - 57/57 CRI validation tests passing. - 188/188 regular node e2e tests passing. - Use kubeadm to bring up Kubernetes cri-containerd cluster. (ansible, custom) - Kubernetes the hard way. - Contributors from Google, IBM, Docker, ZTE, ZJU etc.
  • 17.
    CRI-Containerd Roadmap Q4: Additionaltesting, bug fixes and usability. - FULL SET of e2e test in Kubernetes test infrastructure. - Upstream Kubernetes kube-up.sh integration. - Debug CLI crictl. - 1.0.0-beta.0 by the end of 2017.
  • 18.
  • 19.
    Demo ● Kubernetes clusterwith CRI-Containerd and containerd ● Sample micro services deployment ● Serverless
  • 20.
    Moby Store cart catalogue cart-dbcatalogue-db linuxkit builder
  • 21.
    Recap CRI is thestandard way to integrate Container Runtime with Kubernetes. Containerd matches CRI and Kubernetes’ requirement very well. CRI-Containerd is 1.0.0-alpha.0.
  • 22.
    Links - Github: https://github.com/kubernetes-incubator/cri-containerd -Slack: https://kubernetes.slack.com/messages/sig-node - Mailing List: https://groups.google.com/forum/#!forum/kubernetes- sig-node - Maintainers: - Lantao Liu <lantaol@google.com> Ramdom-Liu@github - Abhi Prativadi <abhi@docker.com> abhi@github - Mike Brown <brownwm@us.ibm.com> mikebrow@github
  • 23.

Editor's Notes

  • #2 Hi, everyone! I’m Lantao from Google Kubernetes team. Today, I’m going to talk about our work to integrate containerd with Kubernetes. We call this project CRI-Containerd.
  • #3 I’ll firstly give a status update of cri-containerd. And then abhi is going to give a demo. This is Abhi, he works in Docker, and he’s also a maintainer of cri-containerd.
  • #4 I believe you have seen this picture for several times during the Dockercon. Actually in this picture, there are 2 new things coming. The first one, of course, is that Docker is going to natively support Kubernetes. But actually there is a second one, that Kubernetes will be able to run on top of containerd directly, instead of the docker engine. And it’s cri-containerd making this happen.
  • #5 In this talk, we’ll firstly give a quick review of Kubernetes Container Runtime Interface, we call it CRI for short. It enables Kubernetes to support different container runtimes, including containerd. And then we’ll analyze the scope of containerd, and you’ll see that it matches CRI’s requirement pretty well. After that, we’ll give a status update of CRI-Containerd, and Abhi will give the demo.
  • #7 CRI is a gRPC interface with a group of libraries. It defines all the functionalities Kubernetes requires from the container runtime. In theory, any container runtime implements this interface could be used by Kubernetes. CRI was introduced from Kubernetes 1.5. Today when you bring up a cluster, it’s talking with Docker engine through CRI.
  • #8 There are several ongoing CRI container runtime work now. cri-containerd is the one we are talking today, it’s a CRI implementation based on containerd. Other than that, there is cri-o, a CRI implementation built directly from runC; Docker engine, the default one in upstream today; frakti, based on hyper, a VM-based container runtime solution; rktlet, based on rkt; virtlet, another VM based solution.
  • #9 We also have a CRI project called CRI tools. It contains a series of debugging and validation tools for CRI. Including the CRI Validation Test, which is a test suite validates whether a CRI runtime meets the requirement; the CRI Command Line Tool, which is a portable command line tool talking with CRI directly. It’s mainly for troubleshooting. And that’s the status of CRI today.
  • #11 In short word, the scope of containerd is just right for Kubernetes. As shown in the table, all required functionalities are provided, and no unnecessary functionalities are included.
  • #12 For example, for container logging. CRI has specific requirement on container log format and path. Today, Docker engine manages container logs in a way incompatible with Kubernetes. By contrast, containerd doesn’t persist container output, container output is provided as FIFOs, which could be easily redirected and decorated as required by CRI. Another example is metrics. Kubernetes expects container runtime to provide container metrics (cpu, memory usage) and image filesystem metrics (disk usage). Previously, we got these metrics from cadvisor for Docker. However, because different container runtimes have different cgroup hierarchy and disk layout, it’s hard to support them all. And for VM based container runtime and Windows container, it’s even harder. So we want container runtime itself to provide these information. Containerd provides all CRI required metrics as part of the API.
  • #13 Other than the ones mentioned above, there are many more alignments with Kubernetes, such as decentralized container management, decoupling image management and container management, support OCI, it’s a CNCF project and so on. Overall, technically, containerd is a very good alternative container runtime for Kubernetes.
  • #15 CRI-Containerd is the containerd-based CRI implementation. It uses containerd to implement CRI. It’s a Kubernetes incubator project now, started in April. Compared with today’s docker integration, we could see that `cri-containerd` eliminates one extra hop in the stack.
  • #16 This is the architecture of CRI-Containerd. Say now Kubernetes wants to create a new pod: Kubelet talks with CRI-Containerd though CRI to create a new sandbox and application containers inside; CRI-containerd handles the request, and talks to containerd with containerd client, to create the sandbox container, and application container, and make sure them in the right namespaces and cgroups; CRI-Containerd then calls CNI to configure the network namespace of the sandbox. After all those are done, we have a running pod. Please note that this is just a simplified process, just for demonstration, there are a lot of details not mentioned here.
  • #17 CRI-Containerd is 1.0.0-alpha.0 now. It supports kubernetes 1.7 and above, and is using containerd v1.0.0-beta.1. It is feature complete. It means that you could try all existing Kubernetes features with it. It has passed all CRI validation test, as is mentioned above, the test suite is used to validate whether a CRI implementation meets all the requirement. It has also passed all regular node e2e test, which is the test suite we use in upstream to validate the node level functionalities. We provide an ansible playbook to help you automatically bring up a Kubernetes cluster using cri-containerd as the container runtime. And we also have a document to help you customize you installation. Other than that, you could also checkout kelsey’s Kubernetes the hard way. It is using cri-containerd as the container runtime now. We have contributors from XXX. Thanks for the contribution!
  • #18 In Q4, we are going to focus on testing, bug fix and usability improvement. We’ll set up FULL SET of upstream e2e test in Kubernetes test infrastructure. We’ll also integrate cri-containerd with `kube-up.sh` and also kops in the future, so that user could bring up a production quality cluster using cri-containerd as the container runtime. We’ll also improve the debug CLI crictl, which should be the standard tool to trouble should CRI container runtime. We are going to release 1.0.0-beta.0 version by the end of this year. It will be production ready as long as containerd itself is ready for production. Show test grid. I am one of the authors/owners of CRI, we really want to make Kubernetes runtime portable, not only Kubelet itself. It also includes the whole pipeline, including the test infrastructure, cluster bootstrapping etc. Containerd is a very good opportunity for us to make the whole pipeline portable, e.g. for the node e2e test in the test grid I show, I need to make several upstream change to make it work. It will need more upstream change for cluster e2e test and cluster bootstrapping. As mentioned by steve, the design is targeting for the future 10 years, we want to do things right, thus we are not in a hurry.