CNI, CRI, and OCI - Oh My!

Similar documents
The Open Container Initiative Establishing standards for an open ecosystem

rkt and Kubernetes What's new (and coming) with Container Runtimes and Orchestration

Container mechanics in Linux and rkt FOSDEM 2016

MESOS A State-Of-The-Art Container Orchestrator Mesosphere, Inc. All Rights Reserved. 1

2016 Mesosphere, Inc. All Rights Reserved.

The Path to GPU as a Service in Kubernetes Renaud Gaubert Lead Kubernetes Engineer

Oh.. You got this? Attack the modern web

Red Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS

OCI Runtime Tools for Container Standardization

Kubernetes and the CNI: Where we are and What s Next Casey Callendrello RedHat / CoreOS

Setting up Kubernetes with Day 2 in Mind. Angela Chin, Senior Software Engineer, Pivotal Urvashi Reddy, Senior Software Engineer, Pivotal

Important DevOps Technologies (3+2+3days) for Deployment

Kubernetes. An open platform for container orchestration. Johannes M. Scheuermann. Karlsruhe,

How Container Runtimes matter in Kubernetes?

Bringing Security and Multitenancy. Lei (Harry) Zhang

Kubernetes and the CNI: Where we are and What s Next Casey Callendrello RedHat / CoreOS

How to build and run OCI containers

Docker and Oracle Everything You Wanted To Know

Singularity CRI User Documentation

The failure of Operating Systems,

Kubernetes The Path to Cloud Native

RUNNING VIRTUAL MACHINES ON KUBERNETES. Roman Mohr & Fabian Deutsch, Red Hat, KVM Forum, 2017

Code: Slides:

Kubernetes 101. Doug Davis, STSM September, 2017

BoF: Grafeas Using Artifact Metadata to Track and Govern Your Software Supply Chain

Hacking and Hardening Kubernetes

Kubernetes 1.9 Features and Future

High Performance Containers. Convergence of Hyperscale, Big Data and Big Compute

TEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist

CONTAINERS AND MICROSERVICES WITH CONTRAIL

Container Security and new container technologies. Dan

Container Pods with Docker Compose in Apache Mesos

Allowing Users to Run Services at the OLCF with Kubernetes

THE STATE OF CONTAINERS

Onto Petaflops with Kubernetes

Container-Native Storage

The speed of containers, the security of VMs

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project

MesosCon Qian Zhang (IBM China), Jie Yu (Mesosphere) OCI Support in Mesos Mesosphere, Inc. All Rights Reserved. 1

Who is Docker and how he can help us? Heino Talvik

Introduction to Containers

More Containers, More Problems

Securing Containers on the High Seas. Jack OWASP Belgium September 2018

GAVIN KING RED HAT CEYLON SWARM

OPENSTACK + KUBERNETES + HYPERCONTAINER. The Container Platform for NFV

Rootless Containers with runc. Aleksa Sarai Software Engineer

Unified Kubernetes CRI runtimes based on Kata Containers. Xu Wang hyper.sh

Cloud & container monitoring , Lars Michelsen Check_MK Conference #4

4 Effective Tools for Docker Monitoring. By Ranvijay Jamwal

Container Networking and Openstack. Fernando Sanchez Fawad Khaliq March, 2016

Introduction to the Open Service Broker API. Doug Davis

The speed of containers, the security of VMs. KataContainers.io

An Introduction to Kubernetes

SQUASH. Debugger for microservices. Idit Levine solo.io

Case Study: Aurea Software Goes Beyond the Limits of Amazon EBS to Run 200 Kubernetes Stateful Pods Per Host

Docker A FRAMEWORK FOR DATA INTENSIVE COMPUTING

Introduction to Kubernetes

Launching StarlingX. The Journey to Drive Compute to the Edge Pilot Project Supported by the OpenStack

One year of Deploying Applications for Docker, CoreOS, Kubernetes and Co.

Project Kuryr. Antoni Segura Puimedon (apuimedo) Gal Sagie (gsagie)

Infoblox Kubernetes1.0.0 IPAM Plugin

What s New in K8s 1.3

What s New in K8s 1.3

Scheduling in Kubernetes October, 2017

OS Containers. Michal Sekletár November 06, 2016

Next Generation Tools for container technology. Dan

Linux Containers Roadmap Red Hat Enterprise Linux 7 RC. Bhavna Sarathy Senior Technology Product Manager, Red Hat

OpenShift 3 Technical Architecture. Clayton Coleman, Dan McPherson Lead Engineers

AZURE CONTAINER INSTANCES

Investigating Containers for Future Services and User Application Support

Question: 2 Kubernetes changed the name of cluster members to "Nodes." What were they called before that? Choose the correct answer:

Multiple Networks and Isolation in Kubernetes. Haibin Michael Xie / Principal Architect Huawei

RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud

Getting Started with. Lite.

ovirt and Docker Integration


Building a Kubernetes on Bare-Metal Cluster to Serve Wikipedia. Alexandros Kosiaris Giuseppe Lavagetto

Docker Deep Dive. Daniel Klopp

STATUS OF PLANS TO USE CONTAINERS IN THE WORLDWIDE LHC COMPUTING GRID

Getting the Enterprise Ready for Digital Disruption Presented By: George Thadathil

Securing Microservices Containerized Security in AWS

Lightweight Containerization at Facebook

Container Detection and Forensics, Gotta catch them all!

What s New in Kubernetes 1.10

EPISODE 741 [00:00:00] JM:

IT S COMPLICATED: THE ENTERPRISE OPEN SOURCE VENDOR RELATIONSHIP. Red Hat s POV

Walkthrough OCCAM. Be on the lookout for this fellow: The callouts are ACTIONs for you to do!

Faculté Polytechnique

Monitor your containers with the Elastic Stack. Monica Sarbu

A Greybeard's Worst Nightmare

Red Hat Roadmap for Containers and DevOps

@briandorsey #kubernetes #GOTOber

Deploy Stuff, Run Stuff Jax Devops London Kris

LINUX CONTAINERS. Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER

Project Kuryr. Here comes advanced services for containers networking. Antoni Segura

Application Centric Microservices Ken Owens, CTO Cisco Intercloud Services. Redhat Summit 2015

Contrail Networking: Evolve your cloud with Containers

Infoblox IPAM Driver for Kubernetes User's Guide

OPENSTACK Building Block for Cloud. Ng Hwee Ming Principal Technologist (Telco) APAC Office of Technology

Kata Containers The way to run virtualized containers. Sebastien Boeuf, Linux Software Engineer Intel Corporation

Transcription:

CNI, CRI, and OCI - Oh My!

Who are we? Elsie Phillips Paul Burt

This talk is standards + containers

What s a standard?

Something those ISO folks make

Whatever the country, whatever the language, we are always ISO

A standard we know: Javascript

I hate javascript (Why would you use that as your example?)

You could hate JS so much more...

You could hate JS so much more

You would hate JS so much more...

The same way JS enables multiple browsers to thrive

What s a container?

What s a container? (Oh no, are these noobs really doing this at Kubecon?)

What is a container? It s a TAR file. AKA

Containers are... TAR files + Cgroups Chroot Unshare Nsenter Bind mounts

Linux Magic

For More on WHAT containers are Containers From Scratch By Eric Chiang Best Practices for Containerized Environments By Brian Redbeard

Why containers? idk, why do ducks float?

Hell is other people s development environment

CNI Container Network Interface

Zoom, Enhance!

CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.

CNI vs CNM Muhammad Ali vs Joe Frazier

...both are driver-based models, or plugin-based, for creating and managing network stacks for containers.

CNM is designed to support the Docker runtime engine only.

Kubernetes is a system that supports multiple container runtimes, of which Docker is just one.

voted to accept CNI (Container Networking Interface) as the 10th hosted project

TL;DR of how it works Ain t nobody got time to read specs

The runtime creates a network namespace

The runtime reads a JSON config

The runtime executes a plugin named by the config (with the ADD command)

The plugin finds out what to do from JSON streamed to stdin

The plugin does it s thing

If there s an error, the runtime tells the plugin to delete (DEL)

Otherwise, the runtime cleans up (DEL) at the end of the lifecycle

Notable developments this year - IPv6 support - plugin chaining - port-forwarding

CNI All the cool plugins are doing it

CRI Container Runtime Interface

CRI Container Runtime Interface

CRI Runtime Interface DockerContainer and rkt were integrated directly and deeply into the kubelet source code through an internal and volatile interface.

CRI Timeline Dec 12 1.5 alpha out 2017 Mar 28 1.6 Docker CRI gets beta + enabled by default Jun 30 1.7 Docker CRI goes GA

CRI Timeline Sep 29 1.8 CRI test suite + CLI tools. Dec?? 1.9 CRI stats stats stats!

That s exciting... In a Mom & Dad got me socks for X-mas kind of way

Demo

CRI We won t need a different software ecosystem for every container format? Thank goodness.

OCI

and the journey to standards

An image format A container runtime A log collection daemon An init system and process babysitter A container image build system A remote management API

An image format A container runtime A log collection daemon An init system and process babysitter A container image build system A remote management API

An image format... the thing we want to standardise

Mid 2014

Docker Image Format Circa 2014 Fluid format and evolution No specification, just implementation No guarantees of interoperability for other tool writers Not content-addressable No way to verify integrity or leverage CAS No name delegation/discovery (e.g. MX records) Centralised/siloed distribution No mechanism for signing No way to attest content

Dec 2014

App Container (appc)

appc image in a nutshell Image Format (ACI) what does an application consist of? Image Discovery how can an image be located? Content-addressability what is the cryptographic id of an image? Signing how is an image signed and verified?

April 2015

Docker v2.2 Image Format Circa 2015 Versioned v2.0, v2.1, v2.2 schema Still vendor-specific, but (mostly) documented! Content-addressable No name delegation/discovery Optional and separately-defined signing

Two separate worlds... aka the "Container Wars"

OCI June 2015-Present

Why does OCI exist? Define what a container is in an open way so everyone can implement it How to package, annotate, distribute, run,... Facilitate independent, interoperable tools

Why does OCI exist? Define what a container is in an open way so everyone can implement it How to package, annotate, distribute, run,... Facilitate independent, interoperable tools Unify the best ideas from Docker, appc, etc Content addressability, composability, signing End the so-called "Container Wars"

OCI Members

What makes up the standard?

The OCI standards Two separate but connected specifications image-spec: what's in a container runtime-spec: how to run a container

OCI Image Spec Portable archive format Composed of: image manifest image index (optional) filesystem layers configuration

OCI Runtime Spec On-disk layout of a container Extracted root filesystem and configuration, ready to run Lifecycle verbs create, start, kill, delete, state Multi-platform support Shared general configuration Windows/Solaris/Linux-specific bits

What happened to appc?

Image formats: a summarised history Docker v1 appc Docker v2.2 OCI Introduced 2013 December 2014 April 2015 April 2016 Contentaddressable No Yes Yes Yes Signable No Yes, optional Yes, optional Yes, optional Federated namespace Yes Yes Yes Yes Delegatable DNS namespace No Yes No Yes

So, that s it?

Lol, nope Lots to be done still

Standards will continue to evolve

Standards naturally lead to more options for users

And that s something worth being passionate about.

Check out Open Cloud Services on CoreOS.com/blog

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback