CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
4 likes625 views
The document discusses the various container runtimes compatible with Kubernetes, highlighting the roles of different projects like containerd, cri-o, and others in managing container lifecycles. It emphasizes the importance of runtime pluggability for operational efficiency, performance, and stability. Additionally, it provides resources for further exploration and understanding of container runtimes.
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
- 1. @estesp CRI Runtimes: Who is running my pod?
- 2. @estesp Hello! I’m Phil Estes Distinguished Engineer Linux OS & Container Architecture Strategy IBM Cloud, Office of the CTO CNCF Ambassador, containerd maintainer @estesp
- 3. @estesp I bet you’ve used Docker. You’re probably using Kubernetes?
- 5. @estesp kubelet dockershim dockerd containerd runc https://github.com/kubernetes/kubernetes/tree/release-1.4/pkg/kubelet/dockershim Kubernetes doesn’t run your containers
- 6. @estesp Runtime wars led to OCI specs OCI specifications Linux kernel Windows kernel Docker, containerd, cri-o, Kata, Firecracker, gVisor, Nabla, Singularity, ... DockerHub, OSS distribution project, Cloud registries, JFrog, ...
- 7. @estesp
- 8. @estesp Kubernetes Container Runtime CRI ▧ K8s API ▧ Storage ▧ Networking (CNI) ▧ Healthchecks ▧ Placement ▧ Custom resources ▧ Pod container lifecycle ○ Start/stop/delete ▧ Image management ○ Push/pull/status ▧ Status ▧ Container interactions ○ attach, exec, ports, log
- 9. @estesp kubelet --container-runtime {string} --container-runtime-endpoint {string} What Runtimes Exist? kubelet dockershim dockerd kubelet cri-containerd containerd kubelet cri-o runc kubelet containerd Kata Firecracker kubelet singularity-cri singularity *and Nabla, gVisor, ... *v2 shim
- 10. @estesp CRI Runtimes Overview • A stable, core, performant core container runtime for the cloud • Has a CRI implementation, and is a CNCF graduated project • “all the runtime Kubernetes needs and nothing more”; RH created • CRI implementation over runc and 2 open libraries; K8s incubator • Intel Clear Containers + Hyper.sh combined project • Lightweight virtualization (KVM/qemu) under cri-o and containerd • Amazon open source project announced Nov 2018; lightweight virt. • Uses Rust-based VMM instead of qemu; plugs into containerd • CRI implementation over Sylabs Singularity runtime project • Userbase traditionally from academia/HPC use cases
- 12. @estesp The benefits of runtime pluggability are mostly focused on operational concerns.
- 13. @estesp runtimes
- 14. @estesp What do I need? ▧ Performance ▧ Stability ▧ (Optional) Hypervisor Isolation ▧ Security Capabilities ▧ Broad Usage ▧ Multi-architecture Support
- 15. @estesp A Core Runtime runc containerd 20182016 March 2017 Feb 2019 containerd to CNCF containerd created 1.1, 1.2 major releases CNCF graduated proj.
- 18. @estesp Kubernetes 1.14.1 + contained 1.2.6
- 20. @estesp What is all this? $ kubectl kubelet cri-containerd containerd $ crictl $ ctr K8s API CRI API containerd API
- 21. @estesp Going Further ▧ crictl User’s Guide: https://github.com/containerd/cri/blob/master/docs/crictl.md ▧ Stephen Day’s KubeCon 2018 containerd talk: https://www.youtube.com/watch?v=3AynH3c0F8M ▧ Containerd project and website: https://github.com/containerd/containerd https://containerd.io ▧ My blog posts on the topic: https://integratedcode.us/tag/containerd
- 22. @estesp Thanks! Any questions? You can find me at: @estesp estesp@gmail.com
- 23. @estesp Credits Special thanks to all the people who made and released these awesome resources for free: ▧ Presentation template by SlidesCarnival ▧ Photographs by Unsplash ▧ Backgrounds by Pixeden