Containerd: Building a Container Supervisor by Michael Crosby
5 likes19,781 views
The document discusses the development and functionality of 'containerd', a fast and lightweight container supervisor that decouples execution from the filesystem and supports multiple runtime integration. It covers container lifecycle operations, event management, and system behaviors such as re-parenting and handling out-of-memory (OOM) notifications. The author highlights the efficient design aimed at making it easier for new developers to work with container systems.
![Benchmarks
> ./benchmark -count 100
INFO[0001] 1.149902846 seconds](https://image.slidesharecdn.com/creatingcontainerd-160627174425/85/Containerd-Building-a-Container-Supervisor-by-Michael-Crosby-6-320.jpg)
![Restore
> containerd --debug
DEBU[0000] containerd: container restored id=0
DEBU[0000] containerd: container restored id=1
DEBU[0000] containerd: container restored id=2
DEBU[0000] containerd: container restored id=3
DEBU[0000] containerd: container restored id=4
DEBU[0000] containerd: container restored id=5
DEBU[0000] containerd: container restored id=6
...](https://image.slidesharecdn.com/creatingcontainerd-160627174425/85/Containerd-Building-a-Container-Supervisor-by-Michael-Crosby-8-320.jpg)
Containerd: Building a Container Supervisor by Michael Crosby
- 1. Building a Container Supervisor Michael Crosby
- 2. Docker since 0.3 - maintainer dockerui - author libcontainer - author nsinit - author runc - author OCI - maintainer containerd - author > whoami
- 3. containerd ● Fast, lightweight container supervisor ● runc (OCI) multiplexer ● Container lifecycle operations ● rm -rf docker/daemon/execdrivers > man containerd
- 4. ● runc integration ● Multiple runtime support ● Execution v2 ● Decouple Execution from filesystem ● daemonless containers ● cleaner development > why
- 5. ● lock free event loop ● concurrency control ○ 10 > 100 at a time ● easier to new developers > events
- 6. Benchmarks > ./benchmark -count 100 INFO[0001] 1.149902846 seconds
- 7. Managing state is easy when you don’t have any. Don’t keep anything in memory. > container state
- 8. Restore > containerd --debug DEBU[0000] containerd: container restored id=0 DEBU[0000] containerd: container restored id=1 DEBU[0000] containerd: container restored id=2 DEBU[0000] containerd: container restored id=3 DEBU[0000] containerd: container restored id=4 DEBU[0000] containerd: container restored id=5 DEBU[0000] containerd: container restored id=6 ...
- 9. ● Exit code ● TTY / STDIO ● Reparenting to sysinit > shim
- 10. ● Pipe + File ● O_CLOEXEC ● Multiple subscribers > exit status
- 11. O_CLOEXEC if (mkfifo("exit-fifo", 0666) != 0) { printf("%sn", strerror(errno)); exit(EXIT_FAILURE); } int fd = open("exit-fifo", O_WRONLY | O_CLOEXEC, 0);
- 12. ● FIFOs - the good, bad, and the stupid ● open() never blocks :trollface: ● fifos have a buffer ○ /proc/sys/fs/pipe-max-size > stdio reattach
- 13. ● prctl - PR_SET_CHILD_SUBREAPER ● system init > re-parenting
- 14. 1. Your parent is the process that forked you, your mommy 2. If your parent dies, your new parent is PID 1*, the creator 3. If the parent(s) of your parent has the subreaper set, they will become your parent not PID 1, your nana 4. If you die then your parent dies before doing a wait4(), you’re a zombie > re-parenting rules
- 15. PR_SET_CHILD_SUBREAPER > ./parent main() parent 27538 child process 27540 with parent 27539 parent 27539 exiting child process 27540 with new parent 2391 > ps x | grep 2391 2391 ? Ss 0:00 /sbin/upstart --user
- 16. PR_SET_CHILD_SUBREAPER > ./parent --subreaper main() parent 27543 child process 27545 with parent 27544 parent 27544 exiting child process 27545 with new parent 27543
- 17. How do you connect to OOM notifications before the user process starts? > The OOM Problem
- 18. ● create ○ initialize namespaces and config ● start ○ exec the user’s process ● delete ○ destroy the container > runtime workflow
- 19. 1. Create container 2. Register OOM handler 3. Exec the user's process > runtime workflow
- 21. Thank you!