Talked at KubeCon + CloudNativeCon North America 2021 Virtual about lazy pulling of container images with eStargz and nydus (October 14, 2021).
https://kccncna2021.sched.com/event/lV2a
Starting up Containers Super Fast With Lazy Pulling of ImagesKohei Tokunaga
Talked at Container Plumbing Days about speeding up container startup by lazy pulling images on Kubernetes, containerd, BuildKit, Podman and CRI-O with eStargz and zstd:chunked.
eStargz and Stargz Snapshotter: https://github.com/containerd/stargz-snapshotter
zstd:chunked proposal: https://github.com/containers/storage/pull/775
Patch set to enable lazy pulling on Podman and CRI-O (a.k.a. Additional Layer Store): https://github.com/containers/storage/pull/795
https://github.com/containerd/stargz-snapshotter/pull/281
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
Talked at FOSDEM 2022 about IPFS-based P2P image distribution with containerd and nerdctl (Feburary 6, 2022).
https://fosdem.org/2022/schedule/event/container_ipfs_image/
nerdctl is a Docker-compatible CLI of containerd, developed as a subproject of containerd. nerdctl recently added support of P2P image distribution on IPFS. This enables to share container images among hosts without hosting or relying on the registry.
In this session, Kohei, one of the maintainers of nerdctl, will introduce IPFS-based P2P image distribution with containerd and nerdctl. This session will also show the combination of IPFS-based distribution with the existing image distribution techniques, focusing on lazy pulling (eStargz) and image encryption (OCIcrypt). The status of integration work with other tools including Kubernetes will also be shared.
Related blog post: "P2P Container Image Distribution on IPFS With Containerd" . https://medium.com/nttlabs/nerdctl-ipfs-975569520e3d
CloudNative Days Spring 2021 ONLINE キーノートでの発表資料です。
https://event.cloudnativedays.jp/cndo2021/talks/1071
本セッションでは、DockerとKubernetesのもつ基本的な機能の概要を、コンテナの仕組みをふまえつつイラストを用いて紹介していきます。一般にあまり焦点をあてて取り上げられることは多くありませんが、コンテナの作成や管理を担う低レベルなソフトウェア「コンテナランタイム」も本セッションの中心的なトピックのひとつです。
本セッションは、拙著「イラストで分かるDockerとKubernetes」(技術評論社)の内容を参考にしています。
https://www.amazon.co.jp/dp/4297118378
Starting up Containers Super Fast With Lazy Pulling of ImagesKohei Tokunaga
Talked at Container Plumbing Days about speeding up container startup by lazy pulling images on Kubernetes, containerd, BuildKit, Podman and CRI-O with eStargz and zstd:chunked.
eStargz and Stargz Snapshotter: https://github.com/containerd/stargz-snapshotter
zstd:chunked proposal: https://github.com/containers/storage/pull/775
Patch set to enable lazy pulling on Podman and CRI-O (a.k.a. Additional Layer Store): https://github.com/containers/storage/pull/795
https://github.com/containerd/stargz-snapshotter/pull/281
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
Talked at FOSDEM 2022 about IPFS-based P2P image distribution with containerd and nerdctl (Feburary 6, 2022).
https://fosdem.org/2022/schedule/event/container_ipfs_image/
nerdctl is a Docker-compatible CLI of containerd, developed as a subproject of containerd. nerdctl recently added support of P2P image distribution on IPFS. This enables to share container images among hosts without hosting or relying on the registry.
In this session, Kohei, one of the maintainers of nerdctl, will introduce IPFS-based P2P image distribution with containerd and nerdctl. This session will also show the combination of IPFS-based distribution with the existing image distribution techniques, focusing on lazy pulling (eStargz) and image encryption (OCIcrypt). The status of integration work with other tools including Kubernetes will also be shared.
Related blog post: "P2P Container Image Distribution on IPFS With Containerd" . https://medium.com/nttlabs/nerdctl-ipfs-975569520e3d
CloudNative Days Spring 2021 ONLINE キーノートでの発表資料です。
https://event.cloudnativedays.jp/cndo2021/talks/1071
本セッションでは、DockerとKubernetesのもつ基本的な機能の概要を、コンテナの仕組みをふまえつつイラストを用いて紹介していきます。一般にあまり焦点をあてて取り上げられることは多くありませんが、コンテナの作成や管理を担う低レベルなソフトウェア「コンテナランタイム」も本セッションの中心的なトピックのひとつです。
本セッションは、拙著「イラストで分かるDockerとKubernetes」(技術評論社)の内容を参考にしています。
https://www.amazon.co.jp/dp/4297118378
This talk outlines the features in containerd 1.1 smart client: I/O redirection from the client side, containerd namespaces to leverage a single runtime instance with a logical isolation from multiple clients (Kubernetes, Docker Engine, other systems), and containers as types in Golang when using containerd Go client library.
Additionally, it explains all the performance improvements brought by BuildKit, and the capabilities that it opens up because of it's modular architecture, enabling open source developers who create new build systems using BuildKit directly to create new front ends.
CloudNative Days Tokyo 2020での、lazypullに関する発表資料です。https://event.cloudnativedays.jp/cndt2020/talks/16
Stargz Snapshotterのリポジトリ:
https://github.com/containerd/stargz-snapshotter
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
Rootless Containers means running the container runtimes (e.g. runc, containerd, and kubelet) as well as the containers without the host root privileges. The most significant advantage of Rootless Containers is that it can mitigate potential container-breakout vulnerability of the runtimes, but it is also useful for isolating multi-user environments on HPC hosts. This talk will contain the introduction to rootless containers and deep-dive topics about the recent updates such as Seccomp User Notification. The main focus will be on containerd (CNCF Graduated Project) and its consumer projects including Kubernetes and Docker/Moby, but topics about other runtimes will be discussed as well.
https://sched.co/fGWc
Comparing Next-Generation Container Image Building ToolsAkihiro Suda
http://sched.co/EaYe
Until recently, running `docker build` against Dockerfile had been the only way to build container images.
However, lots of opensource software are being proposed as successors/alternatives to `docker build`:
- BuildKit (Moby Project / Docker)
- img (Jessica Frazelle / Microsoft)
- Buildah (Project Atomic / Red Hat)
- umoci & Orca (SUSE)
- Bazel (Google)
- OpenShift S2I (Red Hat)
Akihiro Suda compares these new tools' advantages and disadvantages.
His evaluation basis would include but not be limited to:
- Performance (Cache efficiency, Concurrency, Distributed Execution)
- Secret management, e.g. SSH and AWS keys
- Support for non-Dockerfile
- Non-root execution
- UI & UX
- Governance of the community
He also proposes a unified interface for using these tools with Kubernetes in a vendor-neutral way.
High-Performance Networking Using eBPF, XDP, and io_uringScyllaDB
In the networking world there are a number of ways to increase performance over naive use of basic Berkeley sockets. These techniques have ranged from polling blocking sockets, non-blocking sockets controlled by Epoll, all the way through completely bypassing the Linux kernel for maximum network performance where you talk directly to the network interface card by using something like DPDK or Netmap. All these tools have their place, and generally occupy a space from convenience to performance. But in recent years, that landscape has changed massively.. The tools available to the average Linux systems developer have improved from the creation of io_uring, to the expansion of bpf from a simple filtering language to a full-on programming environment embedded directly in the kernel. Along with that came something called XDP (express datapath). This was Linux kernel's answer to kernel-bypass networking. AF_XDP is the new socket type created by this feature, and generally works very similarly to something like DPDK. History lessons out of the way, this talk will look into, and discuss the merits of this technology, it's place in the broader ecosystem and how it can be used to attain the highest level of performance possible. This talk will dive into crucial details, such as how AF_XDP works, how it can be integrated into a larger system and finally more advanced topics such as request sharding/load balancing. There will be detailed look at the design of AF_XDP, the eBpf code used, as well as the userspace code required to drive it all. It will also include performance numbers from this setup compared to regular kernel networking. And most importantly how to put all this together to handle as much data as possible on a single modern multi-core system.
Startup Containers in Lightning Speed with Lazy Image DistributionKohei Tokunaga
Talked about lazy container image distribution technologies including containerd + Stargz Snapshotter ( https://github.com/containerd/stargz-snapshotter ) at KubeCon+CloudNativeCon Europe 2020 Virtual.
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...Kohei Tokunaga
Talked about lazy pulling of container images with eStargz and Stargz Snapshotter at FOSDEM 2021.
Details: https://fosdem.org/2021/schedule/event/containers_lazy_pull/
Stargz Snapshotter: https://github.com/containerd/stargz-snapshotter
This talk outlines the features in containerd 1.1 smart client: I/O redirection from the client side, containerd namespaces to leverage a single runtime instance with a logical isolation from multiple clients (Kubernetes, Docker Engine, other systems), and containers as types in Golang when using containerd Go client library.
Additionally, it explains all the performance improvements brought by BuildKit, and the capabilities that it opens up because of it's modular architecture, enabling open source developers who create new build systems using BuildKit directly to create new front ends.
CloudNative Days Tokyo 2020での、lazypullに関する発表資料です。https://event.cloudnativedays.jp/cndt2020/talks/16
Stargz Snapshotterのリポジトリ:
https://github.com/containerd/stargz-snapshotter
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
Rootless Containers means running the container runtimes (e.g. runc, containerd, and kubelet) as well as the containers without the host root privileges. The most significant advantage of Rootless Containers is that it can mitigate potential container-breakout vulnerability of the runtimes, but it is also useful for isolating multi-user environments on HPC hosts. This talk will contain the introduction to rootless containers and deep-dive topics about the recent updates such as Seccomp User Notification. The main focus will be on containerd (CNCF Graduated Project) and its consumer projects including Kubernetes and Docker/Moby, but topics about other runtimes will be discussed as well.
https://sched.co/fGWc
Comparing Next-Generation Container Image Building ToolsAkihiro Suda
http://sched.co/EaYe
Until recently, running `docker build` against Dockerfile had been the only way to build container images.
However, lots of opensource software are being proposed as successors/alternatives to `docker build`:
- BuildKit (Moby Project / Docker)
- img (Jessica Frazelle / Microsoft)
- Buildah (Project Atomic / Red Hat)
- umoci & Orca (SUSE)
- Bazel (Google)
- OpenShift S2I (Red Hat)
Akihiro Suda compares these new tools' advantages and disadvantages.
His evaluation basis would include but not be limited to:
- Performance (Cache efficiency, Concurrency, Distributed Execution)
- Secret management, e.g. SSH and AWS keys
- Support for non-Dockerfile
- Non-root execution
- UI & UX
- Governance of the community
He also proposes a unified interface for using these tools with Kubernetes in a vendor-neutral way.
High-Performance Networking Using eBPF, XDP, and io_uringScyllaDB
In the networking world there are a number of ways to increase performance over naive use of basic Berkeley sockets. These techniques have ranged from polling blocking sockets, non-blocking sockets controlled by Epoll, all the way through completely bypassing the Linux kernel for maximum network performance where you talk directly to the network interface card by using something like DPDK or Netmap. All these tools have their place, and generally occupy a space from convenience to performance. But in recent years, that landscape has changed massively.. The tools available to the average Linux systems developer have improved from the creation of io_uring, to the expansion of bpf from a simple filtering language to a full-on programming environment embedded directly in the kernel. Along with that came something called XDP (express datapath). This was Linux kernel's answer to kernel-bypass networking. AF_XDP is the new socket type created by this feature, and generally works very similarly to something like DPDK. History lessons out of the way, this talk will look into, and discuss the merits of this technology, it's place in the broader ecosystem and how it can be used to attain the highest level of performance possible. This talk will dive into crucial details, such as how AF_XDP works, how it can be integrated into a larger system and finally more advanced topics such as request sharding/load balancing. There will be detailed look at the design of AF_XDP, the eBpf code used, as well as the userspace code required to drive it all. It will also include performance numbers from this setup compared to regular kernel networking. And most importantly how to put all this together to handle as much data as possible on a single modern multi-core system.
Startup Containers in Lightning Speed with Lazy Image DistributionKohei Tokunaga
Talked about lazy container image distribution technologies including containerd + Stargz Snapshotter ( https://github.com/containerd/stargz-snapshotter ) at KubeCon+CloudNativeCon Europe 2020 Virtual.
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...Kohei Tokunaga
Talked about lazy pulling of container images with eStargz and Stargz Snapshotter at FOSDEM 2021.
Details: https://fosdem.org/2021/schedule/event/containers_lazy_pull/
Stargz Snapshotter: https://github.com/containerd/stargz-snapshotter
[FOSDEM 2020] Lazy distribution of container imagesAkihiro Suda
https://fosdem.org/2020/schedule/event/containers_lazy_image_distribution/
The biggest problem of the OCI Image Spec is that a container cannot be started until all the tarball layers are downloaded, even though more than 90% of the tarball contents are often unneeded for the actual workload.
This session will show state-of-the-art alternative image formats, which allow runtime implementations to start a container without waiting for all its image contents to be locally available.
Especially, this session will put focus on CRFS/stargz and its implementation status in containerd (https://github.com/containerd/containerd/issues/3731). The plan for BuildKit integration will be shown as well.
Docker is the Open Source container engine. It lets you author, run, and manage software containers. Escape from dependency hell, and make deployment a breeze! This presentation includes the standard Docker intro (actualized for Docker 0.11) as well as some insights about how to perform orchestration and multi-host container linking.
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
Real-World Docker: 10 Things We've Learned RightScale
Docker has taken the world of software by storm, offering the promise of a portable way to build and ship software - including software running in the cloud. The RightScale development team has been diving into Docker for several projects, and we'll share our lessons learned on using Docker for our cloud-based applications.
Introduction to Docker, December 2014 "Tour de France" EditionJérôme Petazzoni
Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere.
This is the presentation which was shown in December 2014 for the "Tour de France" in Paris, Lille, Lyon, Nice...
Dockerizing Symfony2 application. Why Docker is so cool And what is Docker? And what are Containers? How they works? What are the ecosystem of Docker? And how to dockerize your web application (can be based on Symfony2 framework)?
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
Docker is a runtime for Linux Containers. It enables "separation of concern" between devs and ops, and solves the "matrix from hell" of software deployment. This presentation explains it all! It also explains the role of the storage backend and compares the various backends available. It gives multiple recipes to build Docker images, including integration with configuration management software like Chef, Puppet, Salt, Ansible. If you already watched other Docker presentations, this is an actualized version (as of mid-November 2013) of the thing!
Introduction to Docker and all things containers, Docker Meetup at RelateIQdotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionJérôme Petazzoni
Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere.
This is the presentation which was shown in December 2014 for the last stop of the "Tour de France" in Bordeaux. It is slightly different from the presentation which was shown in the other cities (http://www.slideshare.net/jpetazzo/introduction-to-docker-december-2014-tour-de-france-edition), and includes a detailed history of dotCloud and Docker and a few other differences.
Special thanks to https://twitter.com/LilliJane and https://twitter.com/zirkome, who gave me the necessary motivation to put together this slightly different presentation, since they had already seen the other presentation in Paris :-)
his workshop will shed light on a modern solution to solve application portability, building, delivery, packaging, and system dependency issues. Containers especially Docker have seen accelerated adoption in the web, cloud and recently the enterprise. HPC environments are seeing something similar to the introduction of HPC containers Singularity and Shifter. They provide a good use case for solving software portability, not to mention ensure repeatability of results. Not to mention their ECO system provides for the better development, delivery, testing workflows that were alien to most of HPC environments. This workshop will cover the Theory and hands-on of containers and Its ecosystem. Introducing Docker and singularity containers; Docker as a general-purpose container for almost any app, Singularity as the particular container technology for HPC. The workshop will go over the foundations of the containers platform, including an overview of the platform system components: images, containers, repositories, clustering, and orchestration. The strategy is to demonstrate through "live demo, and hands-on exercises." The reuse case of containers in building a portable distributed application cluster running a variety of workloads including HPC workload.
Настройка окружения для кросскомпиляции проектов на основе docker'acorehard_by
Как быстро и легко настраивать/обновлять окружения для кросскомпиляции проектов под различные платформы(на основе docker), как быстро переключаться между ними, как используя эти кирпичики организовать CI и тестирование(на основе GitLab и Docker).
Similar to Faster Container Image Distribution on a Variety of Tools with Lazy Pulling (20)
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
AI Genie Review: World’s First Open AI WordPress Website CreatorGoogle
AI Genie Review: World’s First Open AI WordPress Website Creator
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-genie-review
AI Genie Review: Key Features
✅Creates Limitless Real-Time Unique Content, auto-publishing Posts, Pages & Images directly from Chat GPT & Open AI on WordPress in any Niche
✅First & Only Google Bard Approved Software That Publishes 100% Original, SEO Friendly Content using Open AI
✅Publish Automated Posts and Pages using AI Genie directly on Your website
✅50 DFY Websites Included Without Adding Any Images, Content Or Doing Anything Yourself
✅Integrated Chat GPT Bot gives Instant Answers on Your Website to Visitors
✅Just Enter the title, and your Content for Pages and Posts will be ready on your website
✅Automatically insert visually appealing images into posts based on keywords and titles.
✅Choose the temperature of the content and control its randomness.
✅Control the length of the content to be generated.
✅Never Worry About Paying Huge Money Monthly To Top Content Creation Platforms
✅100% Easy-to-Use, Newbie-Friendly Technology
✅30-Days Money-Back Guarantee
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIGenieApp #AIGenieBonus #AIGenieBonuses #AIGenieDemo #AIGenieDownload #AIGenieLegit #AIGenieLiveDemo #AIGenieOTO #AIGeniePreview #AIGenieReview #AIGenieReviewandBonus #AIGenieScamorLegit #AIGenieSoftware #AIGenieUpgrades #AIGenieUpsells #HowDoesAlGenie #HowtoBuyAIGenie #HowtoMakeMoneywithAIGenie #MakeMoneyOnline #MakeMoneywithAIGenie
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
1. Kohei Tokunaga, NTT Corporation
Tao Peng, Ant Group
Faster Container Image Distribution on
a Variety of Tools with Lazy Pulling
2. Pull is time-consuming
pulling packages accounts for 76% of container start time,
but only 6.4% of that data is read [Harter et al. 2016]
[Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast Distribution with Lazy Docker Containers".
14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA
● Large images speeds down cold start of containers
● Build takes long if base images are large
● Not all images are minimizable e.g. language runtimes, frameworks, ..
3. Problem on the current OCI image
bin/bash
bin/ls
etc/passwd
etc/group
usr/bin/apt
・・・
Image is a set of tar (+compression) layers
container can’t start before the all layers become locally available
● Non seekable
• Need to scan the entire blob even for
extracting single file entry
● No parallel extraction
• Need to scan sequentially
4. OCI-alternative accelerated images and lazy pulling
Lazy pulling:
Starting up containers without waiting for the pull completion
● eStargz
• Lazy pullable format with prefetch optimization + content verification
• Proposed as a backward-compatible extension to OCI Image Spec
● Nydus
• Lazy pullable format with prefetch, chunk dedup and e2e data integrity
• Compatible with OCI Distribution Spec and Artifacts Spec
• Proposed as OCI “v2” format (incompatible to current OCI Image Spec)
6. eStargz: Standard-compatible lazy pulling
● 100% OCI-compatible
• Lazy pullable from standard registries (ghcr.io, docker.io, …etc)
• Even legacy (lazy-pulling-agnostic) runtime can run eStargz
● Usable with a variety of tools (tracker https://github.com/containerd/stargz-snapshotter/issues/258)
• Kubernetes, k3s, containerd, CRI-O, Podman, BuildKit, Kaniko, ko, buildpacks.io, go-containerregistry…
● Performance optimization and content verification
• Important files can be prefetched to avoid NW overhead
• Each chunk comes with checksum
Standard Container Registry
eStargz-aware runtimes
BuildKit
Lazy pull
Lazy pull
legacy
ctr-remote
nerdctl
Kaniko
Image builders/convertes
eStargz
creates
eStargz
still runnable on
eStargz-agnostic tools (e.g. Docker)
etc…
etc…
legacy
7. eStargz image layer format
eStargz
bin/ls
usr/bin/apt
・・・
・・・
entrypoint.sh
bin/bash Prioritized files
Prefetched by a single Range Request
TOC(Table Of Contents) and footer
Files metadata, payload offset, etc…
Files fetched on demand
Downloaded in background as well
gzip member
per regular file/chunk
can be extracted per-file
using HTTP Range Request
stargz
bin/ls
usr/bin/apt
・・・
・・・
entrypoint.sh
bin/bash
For more details: https://github.com/containerd/stargz-snapshotter/blob/master/docs/stargz-estargz.md
● Discussed in Stargz Snapshotter of containerd: https://github.com/containerd/stargz-snapshotter
● Compatible to gzip = usable as a valid OCI/Docker image layer
● Based on stargz by CRFS (https://github.com/google/crfs)
• eStargz comes with performance optimization and content verification
8. Benchmarking result
[sec]
Waits for prefetch completion
during create
● Method based on Hello Bench [Harter, et al. 2016]
● Takes 95 percentile of 100 operations
● Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04)
● Registry: GitHub Container Registry (ghcr.io)
● Runtime: containerd
● Stargz Snapshotter commit: 7f45f7438617728dd06bc9853afb5e42c1d3d5a3
10. Lazy pulling on Kubernetes
Containerd Node
Stargz
Snapshotter
external process
gRPC API
kubelet
Lazy pull
Container Registry
eStargz
CRI-O Node
Stargz Store
external process
exposed on dir
kubelet
● CRI runtimes + plugins (discussed later) enable lazy pulling on Kubernetes
• Containerd + Stargz Snapshotter
• CRI-O + Stargz Store
● Real-world use-case at CERN for speeding up analysis pipeline [1] (13x faster pull for 5GB image)
[1] Ricardo Rocha & Spyridon Trigazis, CERN. “Speeding Up Analysis Pipelines with Remote Container Images”. KubeCon+CloudNativeCon 2020 NA. https://sched.co/ekDj
$ kind create cluster --name estargz-demo --image ghcr.io/stargz-containers/estargz-kind-node:0.8.0
● Lazy-pull-enabled KinD image is available on ghcr.io/stargz-containers repo
● k3s supports lazy pulling of eStargz (merged to the main, will be included in k3s v1.22)
$ k3s server --snapshotter=stargz
11. proc
Lazy pulling on containerd
Stargz
Snapshotter
Fetches files/chunks on demand
Mounts rootfs as FUSE
● Stargz Snapshotter plugin : https://github.com/containerd/stargz-snapshotter
• Implements remote snapshotter plugin interface
● nerdctl (Docker-compatible CLI for containerd) supports lazy pulling
• https://github.com/containerd/nerdctl
$ nerdctl --snapshotter=stargz run ghcr.io/stargz-containers/python:3.9-esgz
$ nerdctl --snapshotter=stargz compose -f docker-compose.stargz.yaml up
Node
Lazy pull
Container Registry
eStargz
container
12. proc
container
Lazy pulling on Podman/CRI-O
● Stargz Store plugin : https://github.com/containerd/stargz-snapshotter
• Developped in Stargz Snapshotter project
• Implements Additional Layer Store plugin
• Podman >= v3.3.0, CRI-O >= v1.22.0
Stargz Store
Provides layers
(mounted as FUSE)
Podman, CRI-O
Uses layers for rootfs
$ podman run ghcr.io/stargz-containers/python:3.9-esgz
Node
Lazy pull
Container Registry
eStargz
13. Lazy pulling on BuildKit
FROM ghcr.io/stargz-containers/golang:1.15.3-esgz as dev
COPY ./hello.go /hello.go
RUN go build -o hello /hello.go COPY and RUN without waiting for the pull completion
• /usr/local/go/bin/go
• /usr/local/go/src/fmt/…
etc...
Fetch files/chunks on demand
Build on node
● Experimentally supports lazy pulling of base images since v0.8.0
● Can shorten the time of build that require pull
• e.g. on temporary (and fresh) CI instances
Lazy pull
Container Registry
eStargz
golang:1.15.3-esgz
More details at blog: https://medium.com/nttlabs/buildkit-lazypull-66c37690963f
$ docker buildx create --use --name lazy-builder
--driver docker-container --driver-opt image=moby/buildkit:master
--buildkitd-flags '--oci-worker-snapshotter=stargz'
$ docker buildx inspect --bootstrap lazy-builder
$ docker buildx build .
14. Building eStargz
BuildKit: https://github.com/moby/buildkit
● Building eStargz supported on the main branch, hope to come in v0.10.x
● eStargz is supported by Buildx or standalone BuildKit (buildctl + buildkitd)
● Docs: https://github.com/moby/buildkit/blob/master/docs/stargz-estargz.md#creating-stargzestargz-images
$ docker buildx build
-o type=registry,name=ktokunaga/hello:esgz,oci-mediatypes=true,compression=estargz .
Kaniko: https://github.com/GoogleContainerTools/kaniko
● Image builder runnable in containers and Kubernetes
● Requires GGCR_EXPERIMENT_ESTARGZ=1
● Base images need to be eStargz
$ docker run --rm -e GGCR_EXPERIMENT_ESTARGZ=1
-v /tmp/context:/workspace -v ~/.docker/config.json:/kaniko/.docker/config.json:ro
gcr.io/kaniko-project/executor:v1.6.0 --destination "ghcr.io/ktock/sample:esgz"
15. Converting an image into eStargz
ctr-remote: https://github.com/containerd/stargz-snapshotter/blob/v0.7.0/docs/ctr-remote.md
● CLI for containerd provided by Stargz Snapshotter project
● Supports prefetch optimization for eStargz
$ ctr-remote image optimize --oci ghcr.io/ktock/foo:1 ghcr.io/ktock/foo:1-esgz
go-containerregistry and crane CLI : https://github.com/google/go-containerregistry
● Library and CLI to interact with registries
● requires GGCR_EXPERIMENT_ESTARGZ=1
● downstream tools (e.g.Kaniko, ko and buildpacks.io) supports eStargz creation as well
$ go install github.com/google/go-containerregistry/cmd/crane@latest
$ GGCR_EXPERIMENT_ESTARGZ=1 crane optimize ghcr.io/ktock/foo:1 ghcr.io/ktock/foo:1-esgz
nerdctl: https://github.com/containerd/nerdctl/blob/v0.11.1/docs/stargz.md
● Docker-compatible CLI for containerd
● Can be combined with nerdctl build command
$ nerdctl image convert --estargz --oci ghcr.io/ktock/foo:1 ghcr.io/ktock/foo:1-esgz
16. Discussion toward OCIv1 extension
● eStargz is now widely usable on tools in the community
● Proposed to OCI Image Spec (discussion is on-going)
● Proposed as backward-compatible extensions
• Extension for the current gzip layer ( application/vnd.oci.image.layer.v1.tar+gz )
• Additional annotation for content verification: org.opencontainers.image.toc.digest
https://github.com/opencontainers/image-spec/issues/815
18. Nydus: Improved Lazy Pulling and More
● Standard lazy pulling with prefetch policies
• Lazy pullable from standard registries (cloud registries, docker registry, harbor, etc)
• Semantical prefetch, hinted prefetch, background prefetch all data
● Chunk level deduplication with layered build cache
• Speed up both image conversion and downloading
● End-to-end data integrity
• Runtime data integrity check
● Reproducible Image Building
• Build environment agnostic
● Compatible with OCI Distribution Spec and Artifacts Spec
• Usable with most existing container registry implementations
● Rich container ecosystem integration
• Kubernetes, docker, containerd, buildkit, harbor, dragonfly, runc, kata-containers etc
● Resource efficient and production ready
• Large scale deployment at Ant and available via Alibaba Cloud services
19. FUSE/virtiofs Unified Architecture
● Native container runtime support
• One translation layer (FUSE or virtiofs) for both runc and kata containers
● Shared uncompressed local cache
• Download/uncompress once and use all the time
● Singleton mode with extremely low memory footprint
• ~5MB per instance
20. Registry Acceleration File System
● Merkle tree metadata layer
• self-verifiable
● Chunk-shared data layer
• enabling chunk level deduplication
21. OCI Spec Compatibility
● Metadata/data layers are OCI manifest layers
● New media type in the image manifest spec
● Compatible with OCI artifacts/distribution spec
● Compatible registry GC functionality
● Widely working with container registries
• cloud registries
• docker registry
• harbor
• etc.
23. Lazy Pulling with Variety of Tools
● Nydus Snapshotter plugin
• https://github.com/dragonflyoss/image-service/tree/master/contrib/nydus-sna
pshotter
● Usable for variety of container management tools
• kubernetes (kubelet)
• crictl
• nerdctl
• ctr-remote
24. Manual Image Conversion -- nydusify
● nydusify
• https://github.com/dragonflyoss/image-service/tree/master/contrib/nydusify
• download image from remote registry, convert it to nydus image, and push nydus
image to remote registry
• nydusify convert --source <registry>/<repo>:<tag>
--target <registry>/<repo>:<nydus-tag>
25. Manual Image Conversion -- buildkit
● buildkit
• https://github.com/moby/buildkit/pull/2045
• build nydus image directly from dockerfile and push it to remote registry
• buildctl build --frontend=dockerfile.v0
--local context=/build/dir
--local dockerfile=/build/DockerfileDir
--output type=nydus,name=<registry>/<repo>:<tag>
26. Automatic Conversion with Harbor
● https://github.com/goharbor/community/pull/167
● New image conversion service in harbor
● Started image acceleration working group
● Image format agnostic
• nydus
• estargz
• future more format
27. OCI Artifacts Manifest
● https://github.com/opencontainers/artifacts/pull/29
● Map OCI image manifest to artifact manifest, to
connect artifacts to images
● Beneficial to SBOM, Signatures, Nydus, Scan Results
etc.
● Nydus image as an artifact type
• cncf.nydus.v1-rc1
28. Community V2 Image Spec Requirements
● OCI community requirements on V2 Image format
• https://hackmd.io/@cyphar/ociv2-brainstorm
29. Recap
● OCI images are large and slow
● Image lazy pulling is important for starting containers quickly
● Prefetching is a good friend to lazy pulling
● Ecosystem adoption is crucial for new image formats
● eStargz
• Backward compatibility
• Extension to the existing OCI image spec
● Nydus
• Future looking
• Proposal to the next generation OCI image spec
30. eStargz Project Information
● 100% OCI-compatible image format for lazy pulling
● Subproject of CNCF graduated containerd
● github: https://github.com/containerd/stargz-snapshotter
● slack: https://slack.containerd.io/ (#containerd-dev channel at CNCF slack)
● Pre-converted images are available on ghcr.io/stargz-containers
31. Nydus Project Information
● Image acceleration service with various improvements
● CNCF incubator dragonfly sub-project
● github: https://github.com/dragonflyoss/image-service
● slack: https://tinyurl.com/nydus-slack
● tutorial: https://tinyurl.com/nydus-tutorial