FOSDEM 2019: A containerd Project Update
1 like653 views
containerd is a core container runtime project aimed at providing stable infrastructure for running containers, widely used in Docker and Kubernetes. As of early 2019, containerd has gained significant adoption in public cloud managed Kubernetes offerings, boasting over 3,400 GitHub stars and numerous contributors. The project has met all graduation criteria set by the Cloud Native Computing Foundation (CNCF) and is recognized for its strong stability, extensibility, and performance.
![Metrics
Metric API
- Metrics exposed through Prometheus API
- Exposes metrics for containerd process AND container
level metrics
- Enabled in containerd config `/etc/containerd/config.toml`
[metrics]
address = "localhost:9090"](https://image.slidesharecdn.com/fosdem2019containerdprojectupdate-190203133349/85/FOSDEM-2019-A-containerd-Project-Update-12-320.jpg)
FOSDEM 2019: A containerd Project Update
- 1. containerd update FOSDEM 2019 - Containers Devroom Sunday, 3 February 2019 Phil Estes (IBM Cloud, Distinguished Engineer)
- 2. © 2018 Cloud Native Computing Foundation2 Containerd Overview • Project Goal: Provide a “{boring} core container runtime” for the industry, allowing Docker and Kubernetes to both have a strong base on which to innovate at higher layers ‘...but many platform builders and operators are looking for “boring infrastructure”: a basic component that provides the robust primitives for running containers on their system, bundled in a stable interface, and nothing else.’ - Docker Blog, containerd announcement KEY TENETS - Reliability/Stability - Clean/usable client API - Strong Compatibility Guarantees - Performance
- 3. © 2018 Cloud Native Computing Foundation3 Containerd Community • 3,418 GH stars (up 1000+) • 165 contributors (up 50+) • 12 maintainers, representing 8 organizations/vendors • 6 reviewers, representing 5 organizations/vendors • 720 Slack channel members • 3,441 Twitter followers (@containerd) Joined CNCF
- 4. © 2018 Cloud Native Computing Foundation4 Containerd Usage • Broad Usage: containerd receivs significant production usage as a core component of every release of Docker engine since early 2016. In 2018 we now see containerd used in two public cloud managed Kubernetes offerings (GKE and IBM Cloud IKS), and a long list of additional adopters found in the TOC graduation proposal PR Rio project
- 5. © 2018 Cloud Native Computing Foundation5 https://github.com/cncf/toc/pull/165
- 6. History of containerd Early 2017Early 2016 Late 2016 containerd 0.2 - Integrated in Docker 1.11 - Simple runtime manager on top of runc Container Runtime Interface (CRI) - Containerd scope increased to match needs of Kubernetes runtime containerd to CNCF - Goal of being a stable runtime with OCI image support - CRI implementation started - Plugin architecture built
- 7. History of containerd Late 2018Late 2017 Early 2018 containerd 1.0 - Released in December ‘17 - API stabilized - CRI implementation goes alpha in November Containerd 1.1 - Released in April 2018 - CRI implementation goes BETA - CRI added to containerd as built-in plugin containerd 1.2 - Released in October 2018 - Runtime shim API stabilized - Focus on stability and extensibility
- 8. Created in December 2015 > 55 releases (v1.2.2 latest release) > 165 contributors > Docker contributed to CNCF in 2017 > Significant and growing list of adopters ● Several major clouds adopting containerd as the Kubernetes CRI runtime ● Security audit performed in 4Q2018; extremely positive report of code quality and security posture ● Containerd presented to CNCF TOC for graduation in 4Q2018; all graduation criteria met; waiting on TOC vote ● Integration with and growth in broader array of use cases (HPC, AWS Firecracker VMM) proving out usefulness and capability of pluggable design and clean API 8 Current Status
- 10. Smart Client Design Smart client - Higher level interface provided by client library - Responsible for push and pull - Direct access to low level resources (e.g. snapshots) - Creates container OCI configuration
- 11. gRPC API gRPC API - Low level access to components - Mirrors internal component interfaces - Snapshots, Content, Containers, Task, Events, etc
- 12. Metrics Metric API - Metrics exposed through Prometheus API - Exposes metrics for containerd process AND container level metrics - Enabled in containerd config `/etc/containerd/config.toml` [metrics] address = "localhost:9090"
- 13. Kubernetes Support Kubernetes Runtime Support - CRI GRPC API exposed from containerd - Kubelet can be configured to use containerd as runtime
- 14. Plugins
- 15. Plugins (CRI) CRI Plugin - Built-in by default - GRPC service plugin
- 16. Plugins (Snapshotter) Snapshotter Plugin - Built-in (overlay, btrfs, aufs) - Supports custom plugins over GRPC in 1.2
- 17. Plugins (Runtime) Runtime plugin - Support for custom shims in 1.2 - Binary which implements runtime API - Useful for VM runtimes - Support for OCI runtimes - Install through `ctr install`
- 18. More Extensibility - Smart client model (Golang) - Resolver interface allows custom pull flow - Direct access to containerd interfaces - Server plugin architecture - All services are self registered - Custom gRPC services - CRI is a gRPC plugin - Direct access to internal services
- 19. containerd Adoption ▧ Kelsey Hightower’s “Kubernetes the Hard Way” deploys containerd as the kubelet runtime
- 20. Maturity and Integrations > CRI-containerd - A gRPC plugin, calls into containerd services > Docker - Use containerd’s client - Using runtime since 17.12+ - Using image backend in 2019 > Moby Buildkit - Using containerd’s client - Uses containerd interfaces directly for standalone mode > Alibaba Pouch - Uses containerd 1.0.x as container runtime, integrated with image and runtime > Other Examples - CloudFoundry Garden runtime - Kata containers; AWS Firecracker - Michael Crosby’s “boss” project - Evan Hazlett’s “stellar” project CNCF Maturity/Status > Security Review - Completed security review thanks to CNCF funding in Dec. ‘18 - Report is published online > CNCF Project Graduation - TOC proposal created Oct ‘18 - https://github.com/cncf/toc/pull/165 - Presented to TOC Nov ‘18 - Expect graduation vote early 2019