Virtual Machines vs. Containers Revisited - Part 4
Oct 30, 2019•57 min•Ep. 84
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Support Mobycast
https://glow.fm/mobycast
In this episode, we cover the following topics:
- Container runtimes
- Responsible for:
- Setting up namespaces and cgroups for containers
- Running commands inside those namespaces and cgroups
- Types of runtimes
- Low-level
- Handles tasks related to containers such as:
- Creating a container
- Attaching a process to an existing container
- Handles tasks related to containers such as:
- High-level
- Handles "high level" tasks such as:
- Image creation
- Image management
- Defers container tasks to "low level" runtime
- Handles "high level" tasks such as:
- Low-level
- Responsible for:
- Container standards
- Open Container Initiative (OCI)
- Established in June 2015 by Docker and others
- Contains two specifications:
- Runtime Specification (runtime-spec)
- runc is an implementation of OCI runtime-spec
- Image Specification (image-spec)
- Runtime Specification (runtime-spec)
- Open Container Initiative (OCI)
- Runc
- Low-level container runtime
- CLI tool for spawning and running containers according to the OCI specification
- Container runtime originally developed as part of Docker
- Later lifted out as separate open source project
- Containerd
- High-level container runtime
- Provides abstraction layer for the syscalls and OS-specific functionality required to run container
- Platforms can build on top of abstraction layer without having to drop down to kernel
- Much nicer to work with abstractions (Container, Task, Snapshot) than to manage calls to clone() and mount()
- Available as daemon for Linux and Windows
- Designed to be embedded into a larger system (like Docker)
- Used by container platforms like Docker and Kubernetes
- Under the hood, containerd uses runc
- Only deals with core container management
- Push/pull functionality
- Image management
- Container lifecycle APIs
- Create, execute and manage containers and their tasks
- Snapshot management
- Out of scope
- Networking
- Very complicated, much more platform specific than abstracting Linux calls
- Instead, containerd exposes events so consumers can subscribe to events they care about
- E.g. hook events to add interfaces to network namespace
- Networking
- Exposes functionality via GRPC API
- Listens on Linux socket
- Runtime platforms
- Docker
- Uses containerd, plus shim
- Shim allows for daemon-less containers
- e.g. You can upgrade Docker daemon without restarting containers
- rkt
- Application container engine, part of CoreOS (RedHat)
- rkt has no centralized "init" daemon
- Instead it launches containers directly from client commands
- Was part of CNCF, but archived in August 2019
- Reasons cited by CNCF:
- "end user adoption has severely declined"
- "project activity and the number of contributors has also steadily declined over time"
- containerd and CRI-O are now the CNCF container runtime projects
- Reasons cited by CNCF:
- CRI-O
- Implementation of the Kubernetes CRI (Container Runtime Interface) to enable using OCI runtimes
- Lightweight alternative to using Docker, Moby or rkt as the runtime for k8s
- Allows k8s to use any OCI-compliant runtime as the container runtime for running pods
- Supports runc and Kata Containers
- Docker
- Revisit pseudo code example of creating a container
- Steps:
- Create root filesystem for container
- Spin up busybox in Docker container, and then export filesystem
- Run "launcher" process that sets up "child" namespace
- Launcher process forks new child process (now under new namespaces)
- Child process then forks new process for container
- chroot (to our root filesystem)
- mount any other FS
- set cgroups (e.g. apply CPU constraints)
- Child process then forks new process for container
- Create root filesystem for container
- Steps:
Links
End Song
Miquel Salla - All is Coming Back (Focalist Remix)
For a full transcription of this episode, please visit the episode webpage.
We'd love to hear from you! You can reach us at:
- Web: https://mobycast.fm
- Voicemail: 844-818-0993
- Email: [email protected]
- Twitter: https://twitter.com/hashtag/mobycast
Support Mobycast:
https://glow.fm/mobycast
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast