SlideShare a Scribd company logo
Docker Athens:
Docker Engine Evolution
& Containerd Use Cases
Hello!
Phil Estes
> Distinguished Engineer
Office of the CTO
IBM Watson & Cloud Platform
> Docker Captain
> Containerd and Moby Project
maintainer
2
1.
The Docker
Engine
“Established 2013.”
@estesp
Single statically-linked
binary comprised:
> Client
> Daemon
> Build tool
> Registry client
4
$ docker run ubuntu
$ docker --daemon
$ docker build -t estesp/myimg .
$ docker push estesp/myimg
$ docker pull estesp/myimg
(circa 2013-2015)
@estesp
{Single statically-linked
binary comprised:
> Client
> Daemon
> Build tool
> Registry client
HTTP/JSON
Docker API
gRPC
API
5
2.
The OCI & runc
Container execution grows up
into a standard
@estesp
& runC
> Announced June 20th, 2015
> Charter signed on
December 8th, 2015
> 44 member companies
> Both specifications
reached 1.0 June 2017
https://opencontainers.org
https://github.com/opencontainers
> runc is a client wrapper around libcontainer
> libcontainer is the OS level interface for containers
> OCI spec covers Solaris, Linux, & MS Windows
$ docker run -it --read-only 
-v /host:/hostpath 
alpine sh
/#
{
"ociVersion": "1.0.0",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": true,
"args": [
"sh"
],
"env": [
"PATH=/usr/sbin:/usr/local/bin:/bin”
config.json
• A Linux Foundation Collaborative Project
• Free from control by any particular vendor’s specific cloud stack or ecosystem
• Includes a specification, reference runtime* and now, a specified image format
*seeded with runc + libcontainer by Docker
7
@estesp
runC
Created in June 2015
> 16 releases (1.0.0-rc5 underway)
> 215 contributors
> OCI maintained/governance
> Used by Docker, containerd,
garden-runc/Guardian, many others
▪ Runc is a client wrapper around the pre-existing libcontainer
library project
▪ Runc is one implementation of the OCI runtime specification
▪ Scope of runc is clearly limited by OCI charter: no networking,
image handling/resolution, storage support
▪ Enablement of low-level OS features happen here: ambient
caps, rootless containers, new cgroup support, and so on
▪ Daemon-less operation; wrapping code must handle any
broader node and cluster level container mgmt.
8
3.
containerd
A boring base container runtime,
contributed by Docker to the
CNCF
@estesp
Created in December 2015
> 35 releases (1.1.0 currently)
> 127 contributors
> Docker created; now a CNCF project
> Used by Docker, K8s CRI; Cloud Foundry,
OpenWhisk (serverless), LinuxKit, BuildKit
▪ Launched December 2015 (used in Docker early 2016)
▪ Two streams of activity:
□ “0.2.x” branch: used in former Docker releases as a
simple runc manager (up until 17.11)
□ “1.0.0” branch: based on the December 2016
announcement, contributed to CNCF
▪ Executes containers using the OCI runc executor;
containerd manages state/metadata, image & registry
interactions, snapshot drivers (overlay, btrfs, others)
▪ Supports Linux on several architectures; Windows support
in 1.2 10
@estesp
runc
containerd
Why Containerd 1.0?
▪ Continue projects spun out
from monolithic Docker
engine
▪ Expected use beyond Docker
engine (Kubernetes CRI)
▪ Donation to foundation for
broad industry collaboration
□ Similar to runc/libcontainer
and the OCI
@estesp
Metadata Content Snapshotter
Runtime
Linux (shim)
OCI runC
IMAGE TASK CONTAINER
Client library (Golang)gRPC
Service
APIs
Vendor client library to embed containerd{ or }
▪ Metrics API &
Prometheus support
▪ OCI runtime and
image support
▪ Clean API and
abstractions
▪ Pluggable runtime
support (used by
VMWare impl.)
▪ Namespace support
(administrative/soft
multi-tenancy)
12
@estesp
Example: Pull an Image
Via ctr client:
$ export 
CONTAINERD_NAMESPACE=example
$ ctr pull 
docker.io/library/redis:alpine
$ ctr image ls
...
import (
"context"
"github.com/containerd/containerd"
"github.com/containerd/containerd/namespaces"
)
// connect to our containerd daemon
client, err := containerd.New("/run/containerd/containerd.sock")
defer client.Close()
// set our namespace to “example”:
ctx := namespaces.WithNamespace(context.Background(), "example")
// pull the alpine-based redis image from DockerHub:
image, err := client.Pull(ctx,
"docker.io/library/redis:alpine",
containerd.WithPullUnpack)
@estesp
Example: Run a Container
Via ctr client:
$ export 
CONTAINERD_NAMESPACE=example
$ ctr run -t 
docker.io/library/redis:alpine 
redis-server
$ ctr c ls
...
// create our container object and config
container, err := client.NewContainer(ctx,
"redis-server",
containerd.WithImage(image),
containerd.WithNewSpec(containerd.WithImageConfig(image)),
)
defer container.Delete()
// create a task from the container
task, err := container.NewTask(ctx, containerd.Stdio)
defer task.Delete(ctx)
// make sure we wait before calling start
exitStatusC, err := task.Wait(ctx)
// call start on the task to execute the redis server
if err := task.Start(ctx); err != nil {
return err
}
@estesp
Example: Kill a Task
Via ctr client:
$ export 
CONTAINERD_NAMESPACE=example
$ ctr t kill redis-server
$ ctr t ls
...
// make sure we wait before calling start
exitStatusC, err := task.Wait(ctx)
time.Sleep(3 * time.Second)
if err := task.Kill(ctx, syscall.SIGTERM); err != nil {
return err
}
// retrieve the process exit status from the channel
status := <-exitStatusC
code, exitedAt, err := status.Result()
if err != nil {
return err
}
// print out the exit code from the process
fmt.Printf("redis-server exited with status: %dn", code)
@estesp
Example: Customize OCI Configuration
// WithHtop configures a container to monitor the host via `htop`
func WithHtop(s *specs.Spec) error {
// make sure we are in the host pid namespace
if err := containerd.WithHostNamespace(specs.PIDNamespace)(s); err != nil {
return err
}
// make sure we set htop as our arg
s.Process.Args = []string{"htop"}
// make sure we have a tty set for htop
if err := containerd.WithTTY(s); err != nil {
return err
}
return nil
}
With{func} functions cleanly separate modifiers
4.
Use Cases
Putting it all together.
@estesp
{
HTTP/JSON
Docker API
gRPC
API
18
http://github.com/docker/cli
http://github.com/moby/moby
http://github.com/containerd/containerd
http://github.com/opencontainers/runc
http://github.com/docker/docker-ce
@estesp
▪ LinuxKit is a minimal, secure Linux OS
image creator/toolkit
▪ LinuxKit uses containerd as the core
container runtime for running system
services (distro images are a kernel +
small init; all else runs as container
processes)
19
https://github.com/linuxkit/linuxkit/
@estesp
BuildKit
▪ Introduction:
https://blog.mobyproject.org/introducing-buildkit-17e056cc5317
▪ BuildKit uses containerd snapshot,
execution and image libraries
▪ Allows building to depend on a local
containerd daemon and shares storage
with other clients
▪ BuildKit merging into Moby project soon
20
https://github.com/moby/buildkit
@estesp
▪ CloudFoundry container execution layer
initially built around OCI spec + runC
executor
▪ CF guardian project wrote management
code similar to containerd around runC
▪ Currently working on a branch which
removes their custom runC management
layer and uses containerd directly
21
https://github.com/cloudfoundry/guardian/tree/containerd-spike
@estesp
▪ Open source FaaS project created by IBM
▪ Basis of IBM Cloud Functions offering
▪ Uses containers as the native execution
unit for functions
▪ Built using Docker engine for execution
▪ Testing use of containerd instead of full
Docker engine
22
https://github.com/apache/incubator-openwhisk
Apache OpenWhisk
@estesp
Kubernetes Orchestrator
▪ Kubernetes has no code to execute or run
containers on Linux or Windows
▪ Initially the Kubernetes pod manager
(called “kubelet”) had direct linkage to the
Docker engine
23
kubelet dockershim dockerd
containerd
runc
https://github.com/kubernetes/kubernetes/tree/release-1.4/pkg/kubelet/dockershim
@estesp
kubelet
kubelet
dockershim (CRI)
Docker engine
containerd
containerd-shim
containerd-shim
containerd-shim
runc
runc
runc
containerd
containerd-shim
containerd-shim
containerd-shim
runc
runc
runc
cri plugin
containerd
cri-containerd
ttrpc: very lightweight
gRPC protocol format
Kubernetes CRI Runtimes:
Docker vs. cri-containerd
( **NOTE: Cri-container project merged into containerd
GitHub project in January 2018; now a plugin within
the containerd binary )
**
24
@estesp
25
@estesp
Containerd Benefits
● Designed and implemented with broad
usage as a core container runtime in mind:
○ Docker, LinuxKit, Kubernetes and
embedded core runtime use cases
(OpenWhisk, Cloud Foundry)
● Stress testing validating stability and
performance guarantees 24/7
● Attention to detail re: Go/gRPC APIs for
usability and ease of embedding
● Focus on compatibility guarantees; bug
fix backports for high level of support on
major version levels
@estesp
Going further with containerd
▪ Contributing:
https://github.com/containerd/containerd
□ Bug fixes, adding tests, improving docs, validation
▪ Using: See the getting started documentation in the
docs folder of the repo
▪ Porting/testing: Other architectures & OSs, stress
testing (see bucketbench, containerd-stress):
□ git clone <repo>, make binaries, sudo make install
▪ K8s CRI: implementation of K8s CRI using containerd
□ CRI project is now a plugin to the main containerd project.
Similar needs for interested contributors, testing, etc.
28
Thanks!
@estesp
github.com/estesp
estesp@gmail.com
https://integratedcode.us
Slack/IRC: estesp

More Related Content

What's hot

The State of containerd
The State of containerdThe State of containerd
The State of containerd
Moby Project
 
What's Running My Containers? A review of runtimes and standards.
What's Running My Containers? A review of runtimes and standards.What's Running My Containers? A review of runtimes and standards.
What's Running My Containers? A review of runtimes and standards.
Phil Estes
 
Docker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine EvolutionDocker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine Evolution
Phil Estes
 
CRI-containerd
CRI-containerdCRI-containerd
CRI-containerd
Moby Project
 
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeAcademy
 
Quantifying Container Runtime Performance: OSCON 2017 Open Container Day
Quantifying Container Runtime Performance: OSCON 2017 Open Container DayQuantifying Container Runtime Performance: OSCON 2017 Open Container Day
Quantifying Container Runtime Performance: OSCON 2017 Open Container Day
Phil Estes
 
Enabling Security via Container Runtimes
Enabling Security via Container RuntimesEnabling Security via Container Runtimes
Enabling Security via Container Runtimes
Phil Estes
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developers
Suraj Deshmukh
 
Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24
Sam Zheng
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
HungWei Chiu
 
Fabric8 CI/CD
Fabric8 CI/CDFabric8 CI/CD
Fabric8 CI/CD
Izzet Mustafaiev
 
Docker 101 2015-05-28
Docker 101 2015-05-28Docker 101 2015-05-28
Docker 101 2015-05-28
Adrian Otto
 
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
CraftConf 2019:  CRI Runtimes Deep Dive: Who Is Running My Pod?CraftConf 2019:  CRI Runtimes Deep Dive: Who Is Running My Pod?
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
Phil Estes
 
Ansible docker
Ansible dockerAnsible docker
Ansible docker
QNIB Solutions
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
Gianluca Padovani
 
LinuxKit
LinuxKitLinuxKit
LinuxKit
Moby Project
 
Intro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and WindowsIntro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and Windows
Thomas Chacko
 
Moby Summit introduction
Moby Summit introductionMoby Summit introduction
Moby Summit introduction
Moby Project
 
Devoxx 2016: A Developer's Guide to OCI and runC
Devoxx 2016: A Developer's Guide to OCI and runCDevoxx 2016: A Developer's Guide to OCI and runC
Devoxx 2016: A Developer's Guide to OCI and runC
Phil Estes
 
Docker 102 - Immutable Infrastructure
Docker 102 - Immutable InfrastructureDocker 102 - Immutable Infrastructure
Docker 102 - Immutable Infrastructure
Adrian Otto
 

What's hot (20)

The State of containerd
The State of containerdThe State of containerd
The State of containerd
 
What's Running My Containers? A review of runtimes and standards.
What's Running My Containers? A review of runtimes and standards.What's Running My Containers? A review of runtimes and standards.
What's Running My Containers? A review of runtimes and standards.
 
Docker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine EvolutionDocker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine Evolution
 
CRI-containerd
CRI-containerdCRI-containerd
CRI-containerd
 
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
 
Quantifying Container Runtime Performance: OSCON 2017 Open Container Day
Quantifying Container Runtime Performance: OSCON 2017 Open Container DayQuantifying Container Runtime Performance: OSCON 2017 Open Container Day
Quantifying Container Runtime Performance: OSCON 2017 Open Container Day
 
Enabling Security via Container Runtimes
Enabling Security via Container RuntimesEnabling Security via Container Runtimes
Enabling Security via Container Runtimes
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developers
 
Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
 
Fabric8 CI/CD
Fabric8 CI/CDFabric8 CI/CD
Fabric8 CI/CD
 
Docker 101 2015-05-28
Docker 101 2015-05-28Docker 101 2015-05-28
Docker 101 2015-05-28
 
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
CraftConf 2019:  CRI Runtimes Deep Dive: Who Is Running My Pod?CraftConf 2019:  CRI Runtimes Deep Dive: Who Is Running My Pod?
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
 
Ansible docker
Ansible dockerAnsible docker
Ansible docker
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
 
LinuxKit
LinuxKitLinuxKit
LinuxKit
 
Intro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and WindowsIntro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and Windows
 
Moby Summit introduction
Moby Summit introductionMoby Summit introduction
Moby Summit introduction
 
Devoxx 2016: A Developer's Guide to OCI and runC
Devoxx 2016: A Developer's Guide to OCI and runCDevoxx 2016: A Developer's Guide to OCI and runC
Devoxx 2016: A Developer's Guide to OCI and runC
 
Docker 102 - Immutable Infrastructure
Docker 102 - Immutable InfrastructureDocker 102 - Immutable Infrastructure
Docker 102 - Immutable Infrastructure
 

Similar to Docker Athens: Docker Engine Evolution & Containerd Use Cases

Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group Cologne
D
 
DevOPS training - Day 2/2
DevOPS training - Day 2/2DevOPS training - Day 2/2
DevOPS training - Day 2/2
Vincent Mercier
 
Architecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based Deployments
Ben Hall
 
Docker Basics
Docker BasicsDocker Basics
Docker Basics
DuckDuckGo
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Phil Estes
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
Araf Karsh Hamid
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
kanedafromparis
 
containerD
containerDcontainerD
containerD
strikr .
 
Docker fundamentals
Docker fundamentalsDocker fundamentals
Docker fundamentals
Alper Unal
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
Phil Estes
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptx
IgnacioTamayo2
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
CloudHero
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
Liran Cohen
 
時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇
Philip Zheng
 
Docker From Scratch
Docker From ScratchDocker From Scratch
Docker From Scratch
Giacomo Vacca
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
Andrey Hristov
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
Andrey Hristov
 
containerd the universal container runtime
containerd the universal container runtimecontainerd the universal container runtime
containerd the universal container runtime
Docker, Inc.
 
Introduction of Docker and Docker Compose
Introduction of Docker and Docker ComposeIntroduction of Docker and Docker Compose
Introduction of Docker and Docker Compose
Dr. Ketan Parmar
 
Neues aus dem Docker-Universum
Neues aus dem Docker-UniversumNeues aus dem Docker-Universum
Neues aus dem Docker-Universum
Nicholas Dille
 

Similar to Docker Athens: Docker Engine Evolution & Containerd Use Cases (20)

Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group Cologne
 
DevOPS training - Day 2/2
DevOPS training - Day 2/2DevOPS training - Day 2/2
DevOPS training - Day 2/2
 
Architecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based Deployments
 
Docker Basics
Docker BasicsDocker Basics
Docker Basics
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
 
containerD
containerDcontainerD
containerD
 
Docker fundamentals
Docker fundamentalsDocker fundamentals
Docker fundamentals
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptx
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
 
時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇
 
Docker From Scratch
Docker From ScratchDocker From Scratch
Docker From Scratch
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 
containerd the universal container runtime
containerd the universal container runtimecontainerd the universal container runtime
containerd the universal container runtime
 
Introduction of Docker and Docker Compose
Introduction of Docker and Docker ComposeIntroduction of Docker and Docker Compose
Introduction of Docker and Docker Compose
 
Neues aus dem Docker-Universum
Neues aus dem Docker-UniversumNeues aus dem Docker-Universum
Neues aus dem Docker-Universum
 

More from Phil Estes

Extended and embedding: containerd update & project use cases
Extended and embedding: containerd update & project use casesExtended and embedding: containerd update & project use cases
Extended and embedding: containerd update & project use cases
Phil Estes
 
Cloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications PrimerCloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications Primer
Phil Estes
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A Primer
Phil Estes
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A Primer
Phil Estes
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for Kubernetes
Phil Estes
 
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
Phil Estes
 
Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019
Phil Estes
 
FOSDEM 2019: A containerd Project Update
FOSDEM 2019: A containerd Project UpdateFOSDEM 2019: A containerd Project Update
FOSDEM 2019: A containerd Project Update
Phil Estes
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime Performance
Phil Estes
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's Engines
Phil Estes
 
AtlanTEC 2017: Containers! Why Docker, Why NOW?
AtlanTEC 2017: Containers! Why Docker, Why NOW?AtlanTEC 2017: Containers! Why Docker, Why NOW?
AtlanTEC 2017: Containers! Why Docker, Why NOW?
Phil Estes
 
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinEmpower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Phil Estes
 
Containerize, PaaS, or Go Serverless!?
Containerize, PaaS, or Go Serverless!?Containerize, PaaS, or Go Serverless!?
Containerize, PaaS, or Go Serverless!?
Phil Estes
 
Container Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingContainer Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're Going
Phil Estes
 
Live Container Migration: OpenStack Summit Barcelona 2016
Live Container Migration: OpenStack Summit Barcelona 2016Live Container Migration: OpenStack Summit Barcelona 2016
Live Container Migration: OpenStack Summit Barcelona 2016
Phil Estes
 

More from Phil Estes (15)

Extended and embedding: containerd update & project use cases
Extended and embedding: containerd update & project use casesExtended and embedding: containerd update & project use cases
Extended and embedding: containerd update & project use cases
 
Cloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications PrimerCloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications Primer
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A Primer
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A Primer
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for Kubernetes
 
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
 
Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019
 
FOSDEM 2019: A containerd Project Update
FOSDEM 2019: A containerd Project UpdateFOSDEM 2019: A containerd Project Update
FOSDEM 2019: A containerd Project Update
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime Performance
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's Engines
 
AtlanTEC 2017: Containers! Why Docker, Why NOW?
AtlanTEC 2017: Containers! Why Docker, Why NOW?AtlanTEC 2017: Containers! Why Docker, Why NOW?
AtlanTEC 2017: Containers! Why Docker, Why NOW?
 
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinEmpower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
 
Containerize, PaaS, or Go Serverless!?
Containerize, PaaS, or Go Serverless!?Containerize, PaaS, or Go Serverless!?
Containerize, PaaS, or Go Serverless!?
 
Container Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingContainer Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're Going
 
Live Container Migration: OpenStack Summit Barcelona 2016
Live Container Migration: OpenStack Summit Barcelona 2016Live Container Migration: OpenStack Summit Barcelona 2016
Live Container Migration: OpenStack Summit Barcelona 2016
 

Recently uploaded

Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
rachitkumar09887
 
React Native vs Flutter - SSTech System
React Native vs Flutter  - SSTech SystemReact Native vs Flutter  - SSTech System
React Native vs Flutter - SSTech System
SSTech System
 
Splunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptxSplunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptx
sudsdeep
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...
karim wahed
 
Folding Cheat Sheet #7 - seventh in a series
Folding Cheat Sheet #7 - seventh in a seriesFolding Cheat Sheet #7 - seventh in a series
Folding Cheat Sheet #7 - seventh in a series
Philip Schwarz
 
The Ultimate Guide to Phone Spy Apps: Everything You Need to Know
The Ultimate Guide to Phone Spy Apps: Everything You Need to KnowThe Ultimate Guide to Phone Spy Apps: Everything You Need to Know
The Ultimate Guide to Phone Spy Apps: Everything You Need to Know
onemonitarsoftware
 
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdfdachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
DNUG e.V.
 
Attendance Tracking From Paper To Digital
Attendance Tracking From Paper To DigitalAttendance Tracking From Paper To Digital
Attendance Tracking From Paper To Digital
Task Tracker
 
Leading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptxLeading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptx
taskroupseo
 
dachnug51 - All you ever wanted to know about domino licensing.pdf
dachnug51 - All you ever wanted to know about domino licensing.pdfdachnug51 - All you ever wanted to know about domino licensing.pdf
dachnug51 - All you ever wanted to know about domino licensing.pdf
DNUG e.V.
 
Top 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your WebsiteTop 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your Website
e-Definers Technology
 
introduction of Ansys software and basic and advance knowledge of modelling s...
introduction of Ansys software and basic and advance knowledge of modelling s...introduction of Ansys software and basic and advance knowledge of modelling s...
introduction of Ansys software and basic and advance knowledge of modelling s...
sachin chaurasia
 
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
ThousandEyes
 
Google ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learningGoogle ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learning
VishrutGoyani1
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdfAWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
karim wahed
 
HIRE A HACKER FOR CHEATING HUSBAND/WIFE)
HIRE A HACKER FOR CHEATING HUSBAND/WIFE)HIRE A HACKER FOR CHEATING HUSBAND/WIFE)
HIRE A HACKER FOR CHEATING HUSBAND/WIFE)
josephinedrea942
 
NYGGS 360: A Complete ERP for Construction Innovation
NYGGS 360: A Complete ERP for Construction InnovationNYGGS 360: A Complete ERP for Construction Innovation
NYGGS 360: A Complete ERP for Construction Innovation
NYGGS Construction ERP Software
 
ThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and DjangoThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and Django
akshesh doshi
 
Artificial intelligence in customer services or chatbots
Artificial intelligence  in customer services or chatbotsArtificial intelligence  in customer services or chatbots
Artificial intelligence in customer services or chatbots
kayash1656
 
welcome to presentation on Google Apps
welcome to   presentation on Google Appswelcome to   presentation on Google Apps
welcome to presentation on Google Apps
AsifKarimJim
 

Recently uploaded (20)

Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
 
React Native vs Flutter - SSTech System
React Native vs Flutter  - SSTech SystemReact Native vs Flutter  - SSTech System
React Native vs Flutter - SSTech System
 
Splunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptxSplunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptx
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) Final Course Know...
 
Folding Cheat Sheet #7 - seventh in a series
Folding Cheat Sheet #7 - seventh in a seriesFolding Cheat Sheet #7 - seventh in a series
Folding Cheat Sheet #7 - seventh in a series
 
The Ultimate Guide to Phone Spy Apps: Everything You Need to Know
The Ultimate Guide to Phone Spy Apps: Everything You Need to KnowThe Ultimate Guide to Phone Spy Apps: Everything You Need to Know
The Ultimate Guide to Phone Spy Apps: Everything You Need to Know
 
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdfdachnug51 - HCL Sametime 12 as a Software Appliance.pdf
dachnug51 - HCL Sametime 12 as a Software Appliance.pdf
 
Attendance Tracking From Paper To Digital
Attendance Tracking From Paper To DigitalAttendance Tracking From Paper To Digital
Attendance Tracking From Paper To Digital
 
Leading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptxLeading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptx
 
dachnug51 - All you ever wanted to know about domino licensing.pdf
dachnug51 - All you ever wanted to know about domino licensing.pdfdachnug51 - All you ever wanted to know about domino licensing.pdf
dachnug51 - All you ever wanted to know about domino licensing.pdf
 
Top 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your WebsiteTop 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your Website
 
introduction of Ansys software and basic and advance knowledge of modelling s...
introduction of Ansys software and basic and advance knowledge of modelling s...introduction of Ansys software and basic and advance knowledge of modelling s...
introduction of Ansys software and basic and advance knowledge of modelling s...
 
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
 
Google ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learningGoogle ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learning
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdfAWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
 
HIRE A HACKER FOR CHEATING HUSBAND/WIFE)
HIRE A HACKER FOR CHEATING HUSBAND/WIFE)HIRE A HACKER FOR CHEATING HUSBAND/WIFE)
HIRE A HACKER FOR CHEATING HUSBAND/WIFE)
 
NYGGS 360: A Complete ERP for Construction Innovation
NYGGS 360: A Complete ERP for Construction InnovationNYGGS 360: A Complete ERP for Construction Innovation
NYGGS 360: A Complete ERP for Construction Innovation
 
ThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and DjangoThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and Django
 
Artificial intelligence in customer services or chatbots
Artificial intelligence  in customer services or chatbotsArtificial intelligence  in customer services or chatbots
Artificial intelligence in customer services or chatbots
 
welcome to presentation on Google Apps
welcome to   presentation on Google Appswelcome to   presentation on Google Apps
welcome to presentation on Google Apps
 

Docker Athens: Docker Engine Evolution & Containerd Use Cases

  • 1. Docker Athens: Docker Engine Evolution & Containerd Use Cases
  • 2. Hello! Phil Estes > Distinguished Engineer Office of the CTO IBM Watson & Cloud Platform > Docker Captain > Containerd and Moby Project maintainer 2
  • 4. @estesp Single statically-linked binary comprised: > Client > Daemon > Build tool > Registry client 4 $ docker run ubuntu $ docker --daemon $ docker build -t estesp/myimg . $ docker push estesp/myimg $ docker pull estesp/myimg (circa 2013-2015)
  • 5. @estesp {Single statically-linked binary comprised: > Client > Daemon > Build tool > Registry client HTTP/JSON Docker API gRPC API 5
  • 6. 2. The OCI & runc Container execution grows up into a standard
  • 7. @estesp & runC > Announced June 20th, 2015 > Charter signed on December 8th, 2015 > 44 member companies > Both specifications reached 1.0 June 2017 https://opencontainers.org https://github.com/opencontainers > runc is a client wrapper around libcontainer > libcontainer is the OS level interface for containers > OCI spec covers Solaris, Linux, & MS Windows $ docker run -it --read-only -v /host:/hostpath alpine sh /# { "ociVersion": "1.0.0", "platform": { "os": "linux", "arch": "amd64" }, "process": { "terminal": true, "args": [ "sh" ], "env": [ "PATH=/usr/sbin:/usr/local/bin:/bin” config.json • A Linux Foundation Collaborative Project • Free from control by any particular vendor’s specific cloud stack or ecosystem • Includes a specification, reference runtime* and now, a specified image format *seeded with runc + libcontainer by Docker 7
  • 8. @estesp runC Created in June 2015 > 16 releases (1.0.0-rc5 underway) > 215 contributors > OCI maintained/governance > Used by Docker, containerd, garden-runc/Guardian, many others ▪ Runc is a client wrapper around the pre-existing libcontainer library project ▪ Runc is one implementation of the OCI runtime specification ▪ Scope of runc is clearly limited by OCI charter: no networking, image handling/resolution, storage support ▪ Enablement of low-level OS features happen here: ambient caps, rootless containers, new cgroup support, and so on ▪ Daemon-less operation; wrapping code must handle any broader node and cluster level container mgmt. 8
  • 9. 3. containerd A boring base container runtime, contributed by Docker to the CNCF
  • 10. @estesp Created in December 2015 > 35 releases (1.1.0 currently) > 127 contributors > Docker created; now a CNCF project > Used by Docker, K8s CRI; Cloud Foundry, OpenWhisk (serverless), LinuxKit, BuildKit ▪ Launched December 2015 (used in Docker early 2016) ▪ Two streams of activity: □ “0.2.x” branch: used in former Docker releases as a simple runc manager (up until 17.11) □ “1.0.0” branch: based on the December 2016 announcement, contributed to CNCF ▪ Executes containers using the OCI runc executor; containerd manages state/metadata, image & registry interactions, snapshot drivers (overlay, btrfs, others) ▪ Supports Linux on several architectures; Windows support in 1.2 10
  • 11. @estesp runc containerd Why Containerd 1.0? ▪ Continue projects spun out from monolithic Docker engine ▪ Expected use beyond Docker engine (Kubernetes CRI) ▪ Donation to foundation for broad industry collaboration □ Similar to runc/libcontainer and the OCI
  • 12. @estesp Metadata Content Snapshotter Runtime Linux (shim) OCI runC IMAGE TASK CONTAINER Client library (Golang)gRPC Service APIs Vendor client library to embed containerd{ or } ▪ Metrics API & Prometheus support ▪ OCI runtime and image support ▪ Clean API and abstractions ▪ Pluggable runtime support (used by VMWare impl.) ▪ Namespace support (administrative/soft multi-tenancy) 12
  • 13. @estesp Example: Pull an Image Via ctr client: $ export CONTAINERD_NAMESPACE=example $ ctr pull docker.io/library/redis:alpine $ ctr image ls ... import ( "context" "github.com/containerd/containerd" "github.com/containerd/containerd/namespaces" ) // connect to our containerd daemon client, err := containerd.New("/run/containerd/containerd.sock") defer client.Close() // set our namespace to “example”: ctx := namespaces.WithNamespace(context.Background(), "example") // pull the alpine-based redis image from DockerHub: image, err := client.Pull(ctx, "docker.io/library/redis:alpine", containerd.WithPullUnpack)
  • 14. @estesp Example: Run a Container Via ctr client: $ export CONTAINERD_NAMESPACE=example $ ctr run -t docker.io/library/redis:alpine redis-server $ ctr c ls ... // create our container object and config container, err := client.NewContainer(ctx, "redis-server", containerd.WithImage(image), containerd.WithNewSpec(containerd.WithImageConfig(image)), ) defer container.Delete() // create a task from the container task, err := container.NewTask(ctx, containerd.Stdio) defer task.Delete(ctx) // make sure we wait before calling start exitStatusC, err := task.Wait(ctx) // call start on the task to execute the redis server if err := task.Start(ctx); err != nil { return err }
  • 15. @estesp Example: Kill a Task Via ctr client: $ export CONTAINERD_NAMESPACE=example $ ctr t kill redis-server $ ctr t ls ... // make sure we wait before calling start exitStatusC, err := task.Wait(ctx) time.Sleep(3 * time.Second) if err := task.Kill(ctx, syscall.SIGTERM); err != nil { return err } // retrieve the process exit status from the channel status := <-exitStatusC code, exitedAt, err := status.Result() if err != nil { return err } // print out the exit code from the process fmt.Printf("redis-server exited with status: %dn", code)
  • 16. @estesp Example: Customize OCI Configuration // WithHtop configures a container to monitor the host via `htop` func WithHtop(s *specs.Spec) error { // make sure we are in the host pid namespace if err := containerd.WithHostNamespace(specs.PIDNamespace)(s); err != nil { return err } // make sure we set htop as our arg s.Process.Args = []string{"htop"} // make sure we have a tty set for htop if err := containerd.WithTTY(s); err != nil { return err } return nil } With{func} functions cleanly separate modifiers
  • 17. 4. Use Cases Putting it all together.
  • 19. @estesp ▪ LinuxKit is a minimal, secure Linux OS image creator/toolkit ▪ LinuxKit uses containerd as the core container runtime for running system services (distro images are a kernel + small init; all else runs as container processes) 19 https://github.com/linuxkit/linuxkit/
  • 20. @estesp BuildKit ▪ Introduction: https://blog.mobyproject.org/introducing-buildkit-17e056cc5317 ▪ BuildKit uses containerd snapshot, execution and image libraries ▪ Allows building to depend on a local containerd daemon and shares storage with other clients ▪ BuildKit merging into Moby project soon 20 https://github.com/moby/buildkit
  • 21. @estesp ▪ CloudFoundry container execution layer initially built around OCI spec + runC executor ▪ CF guardian project wrote management code similar to containerd around runC ▪ Currently working on a branch which removes their custom runC management layer and uses containerd directly 21 https://github.com/cloudfoundry/guardian/tree/containerd-spike
  • 22. @estesp ▪ Open source FaaS project created by IBM ▪ Basis of IBM Cloud Functions offering ▪ Uses containers as the native execution unit for functions ▪ Built using Docker engine for execution ▪ Testing use of containerd instead of full Docker engine 22 https://github.com/apache/incubator-openwhisk Apache OpenWhisk
  • 23. @estesp Kubernetes Orchestrator ▪ Kubernetes has no code to execute or run containers on Linux or Windows ▪ Initially the Kubernetes pod manager (called “kubelet”) had direct linkage to the Docker engine 23 kubelet dockershim dockerd containerd runc https://github.com/kubernetes/kubernetes/tree/release-1.4/pkg/kubelet/dockershim
  • 24. @estesp kubelet kubelet dockershim (CRI) Docker engine containerd containerd-shim containerd-shim containerd-shim runc runc runc containerd containerd-shim containerd-shim containerd-shim runc runc runc cri plugin containerd cri-containerd ttrpc: very lightweight gRPC protocol format Kubernetes CRI Runtimes: Docker vs. cri-containerd ( **NOTE: Cri-container project merged into containerd GitHub project in January 2018; now a plugin within the containerd binary ) ** 24
  • 26. @estesp Containerd Benefits ● Designed and implemented with broad usage as a core container runtime in mind: ○ Docker, LinuxKit, Kubernetes and embedded core runtime use cases (OpenWhisk, Cloud Foundry) ● Stress testing validating stability and performance guarantees 24/7 ● Attention to detail re: Go/gRPC APIs for usability and ease of embedding ● Focus on compatibility guarantees; bug fix backports for high level of support on major version levels
  • 27. @estesp Going further with containerd ▪ Contributing: https://github.com/containerd/containerd □ Bug fixes, adding tests, improving docs, validation ▪ Using: See the getting started documentation in the docs folder of the repo ▪ Porting/testing: Other architectures & OSs, stress testing (see bucketbench, containerd-stress): □ git clone <repo>, make binaries, sudo make install ▪ K8s CRI: implementation of K8s CRI using containerd □ CRI project is now a plugin to the main containerd project. Similar needs for interested contributors, testing, etc.