Docker Engine Evolution: From Monolith to Discrete Components
6 likes961 views
The Docker Engine evolved from a monolithic binary into discrete components. Initially, the Docker Engine was a single statically-linked binary that provided the client, daemon, build tool, and registry client functionality. It has since been decomposed, with container execution handled by OCI and runc, image management by containerd, and the various components integrated together by Docker CE and Moby. This decomposition allows the components to be reused independently by other systems like Kubernetes, which uses cri-containerd to integrate with containerd and runc for container execution instead of directly integrating with Docker.
![@estesp
& runC
> Announced June 20th, 2015
> Charter signed on
December 8th, 2015
> 44 member companies
> Both specifications
reached 1.0 June 2017
https://opencontainers.org
https://github.com/opencontainers
> runc is a client wrapper around libcontainer
> libcontainer is the OS level interface for containers
> OCI spec covers Solaris, Linux, & MS Windows
$ docker run -it --read-only
-v /host:/hostpath
alpine sh
/#
{
"ociVersion": "1.0.0",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": true,
"args": [
"sh"
],
"env": [
"PATH=/usr/sbin:/usr/local/bin:/bin”
config.json
• A Linux Foundation Collaborative Project
• Free from control by any particular vendor’s specific cloud stack or ecosystem
• Includes a specification, reference runtime* and now, a specified image format
*seeded with runc + libcontainer by Docker
7](https://image.slidesharecdn.com/dockerengineevolutionfrommonolithtodiscretecomponents-180301060722/85/Docker-Engine-Evolution-From-Monolith-to-Discrete-Components-7-320.jpg)
Docker Engine Evolution: From Monolith to Discrete Components
- 1. Docker Engine Evolution: From a Monolith to Discrete Components
- 2. Hello! Phil Estes > Office of the CTO > IBM Watson & Cloud Platform > Docker Captain > Containerd and Moby Project maintainer 2
- 4. @estesp /usr/bin/docker Single statically-linked binary comprised: > Client > Daemon > Build tool > Registry client 4 $ docker run ubuntu $ docker --daemon $ docker build -t estesp/myimg . $ docker push estesp/myimg $ docker pull estesp/myimg (circa 2013-2015)
- 5. @estesp libnetwork VolumeAPI AuthZ ctr-shim runc { /usr/bin/docker /usr/bin/dockerd /usr/bin/dockerd /usr/bin/docker Single statically-linked binary comprised: > Client > Daemon > Build tool > Registry client HTTP/JSON Docker API gRPC API 5
- 6. 2. The OCI & runc Container execution grows up into a standard
- 7. @estesp & runC > Announced June 20th, 2015 > Charter signed on December 8th, 2015 > 44 member companies > Both specifications reached 1.0 June 2017 https://opencontainers.org https://github.com/opencontainers > runc is a client wrapper around libcontainer > libcontainer is the OS level interface for containers > OCI spec covers Solaris, Linux, & MS Windows $ docker run -it --read-only -v /host:/hostpath alpine sh /# { "ociVersion": "1.0.0", "platform": { "os": "linux", "arch": "amd64" }, "process": { "terminal": true, "args": [ "sh" ], "env": [ "PATH=/usr/sbin:/usr/local/bin:/bin” config.json • A Linux Foundation Collaborative Project • Free from control by any particular vendor’s specific cloud stack or ecosystem • Includes a specification, reference runtime* and now, a specified image format *seeded with runc + libcontainer by Docker 7
- 8. @estesp runC Created in June 2015 > 16 releases (1.0.0-rc5 underway) > 215 contributors > OCI maintained/governance > Used by Docker, containerd, garden-runc/Guardian, many others ▪ Runc is a client wrapper around the pre-existing libcontainer library project ▪ Runc is one implementation of the OCI runtime specification ▪ Scope of runc is clearly limited by OCI charter: no networking, image handling/resolution, storage support ▪ Enablement of low-level OS features happen here: ambient caps, rootless containers, new cgroup support, and so on ▪ Daemon-less operation; wrapping code must handle any broader node and cluster level container mgmt. 8
- 9. 3. containerd A boring base container runtime, contributed to the CNCF
- 10. @estesp Created in December 2015 > 33 releases (1.0.2 currently) > 120 contributors > Docker created; now a CNCF project > Used by Docker, cri-containerd; (soon OpenWhisk, Cloud Foundry, Puppet, etc.) ▪ Launched initially in December 2015 (in Docker early 2016) ▪ Two streams of activity: □ “0.2.x” branch: used in former Docker releases as a simple runc manager (up until 17.11) □ “1.0.0” branch: based on the December 2016 announcement, contributed to CNCF ▪ Executes containers using the OCI runc executor; containerd manages state/metadata, image & registry interactions, snapshot drivers (overlay, btrfs) ▪ Supports Linux on several architectures; Windows support in 1.1 10
- 11. @estesp Metadata Content Snapshotter Runtime Linux (shim) OCI runC IMAGE TASK CONTAINER Client library (Golang)gRPC Service APIs Vendor client library to embed containerd{ or } ▪ Metrics API & Prometheus support ▪ OCI runtime and image support ▪ Clean API and abstractions ▪ Pluggable runtime support (used by VMWare impl.) ▪ Namespace support (administrative/soft multi-tenancy) 11
- 12. 4. Docker CE and Moby Putting it all together.
- 13. @estesp 13 > Separated from Docker OSS product > Umbrella for open source innovations
- 14. @estesp 14 Docker Innovation Model: > Moby open source feeds into products > Products for both developer community, > And commercial/enterprise community
- 16. 5. Other Uses Components Enable Reuse
- 17. @estesp Users runC CYCLE https://cycle.io http://cri-o.io - OCI SPEC IMPLEMENTERS - Hyper.sh - Intel Clear Containers - (now combined as Kata containers) - Others?
- 18. @estesp Users - CURRENT - Docker (moby) - Kubernetes (cri-containerd) - SwarmKit - LinuxKit - BuildKit - PLANNING/DEVELOPING - CloudFoundry (Garden-runC) - Apache OpenWhisk - Puppet R&D - {your project here}
- 19. @estesp Kubernetes; Container Orchestrator ▪ Kubernetes has no code to execute or run containers on Linux or Windows ▪ Initially the Kubernetes pod manager (called “kubelet”) had direct linkage to the Docker engine 19 kubelet dockershim dockerd containerd runc https://github.com/kubernetes/kubernetes/tree/release-1.4/pkg/kubelet/dockershim
- 20. @estesp kubelet kubelet dockershim (CRI) Docker engine containerd containerd-shim containerd-shim containerd-shim runc runc runc containerd containerd-shim containerd-shim containerd-shim runc runc runc cri plugin containerd cri-containerd ttrpc: very lightweight gRPC protocol format Kubernetes CRI Runtimes: Docker vs. cri-containerd ( **NOTE: Cri-container project merged into containerd GitHub project in January 2018; will become a plugin within the containerd binary ) ** 20