looking under the hood: containerd
TRANSCRIPT
![Page 1: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/1.jpg)
Looking under the hood: containerd
Scott CoultonPrincipal software engineer @ Puppet
![Page 2: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/2.jpg)
The talk should have been called?containerd, What does it mean for me ?
![Page 3: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/3.jpg)
About me ...
@scotty-c
@scottcoulton
![Page 4: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/4.jpg)
Agenda● What is containerd?● Why is containerd a critical part of the container
ecosystem ? ● What upstream projects use containerd● How is containerd changing the way we build
container products
![Page 5: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/5.jpg)
What is containerd?
![Page 6: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/6.jpg)
“containerd is an industry-standard core container runtime with an emphasis on simplicity, robustness and portability.
containerd can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments.”
![Page 7: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/7.jpg)
Let’s breakdown containerd● CTR (containerd CLI)● A daemon exposing gRPC API over a
local UNIX socket● Protobuf specs between components
![Page 8: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/8.jpg)
Runtimes
Metadata
ContainersContent DiffSnapshot Tasks EventsImages
GRPC Metrics
Runtimes
Storage
OS
![Page 9: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/9.jpg)
![Page 10: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/10.jpg)
containerd gives us
● OCI Image Spec support● OCI Runtime Spec support (aka runC)● Image push and pull support● Management of namespaces
![Page 11: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/11.jpg)
![Page 12: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/12.jpg)
What upstream projects use containerd
![Page 13: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/13.jpg)
How does containerd architecture allow other projects to interact with it
containerd
OS (Storage, FS, Networking Runtimes
API Client (moby, cri-containerd, etc.)
![Page 14: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/14.jpg)
How does containerd architecture allow other projects to interact with it
![Page 15: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/15.jpg)
containerd is used in ● Moby● Moby linux kit (I want to talk about this separately)
● Kubernetes
![Page 16: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/16.jpg)
The Moby Project
![Page 17: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/17.jpg)
The Moby project is made up of
● The Docker Engine● SwarmKit● HyperKit● RunC● Also LinuxKit (I want to cover that
separately)
![Page 18: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/18.jpg)
How does containerd interact with Moby
![Page 19: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/19.jpg)
How is ContainerD different from Docker
![Page 20: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/20.jpg)
![Page 21: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/21.jpg)
LinuxKit
![Page 22: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/22.jpg)
What is LinuxKit ?● Lean OS. Minimal size, minimal boot
time● 4.9 Kernel● Allows you to run any container
runtime● Batteries included but can be
replaced● All system services are containers
![Page 23: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/23.jpg)
Why is it different to a traditional OS ?● Smaller attack surface● Immutable infrastructure● Sandboxed system services● Specialized patches and configurations● You have full control over the build● The configuration is all yaml
![Page 24: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/24.jpg)
How is containerd integrated with LinuxKit ?init:
- linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b
- linuxkit/runc:2649198589ef0020d99f613adaeda45ce0093a38
- linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b
- linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288
![Page 25: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/25.jpg)
Every containerd demo we have done has run in LinuxKit
![Page 26: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/26.jpg)
![Page 27: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/27.jpg)
![Page 28: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/28.jpg)
Kubernetes
![Page 29: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/29.jpg)
How does containerd and Kubernetes interact ?
![Page 30: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/30.jpg)
To follow this project
![Page 31: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/31.jpg)
Yesterdays news
![Page 32: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/32.jpg)
Questions ?
![Page 33: Looking Under The Hood: containerD](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a6477237f8b9afc4d8b46f7/html5/thumbnails/33.jpg)
Thank you