深入了解:containerd

来了解使 containerd 具有可扩展性、高效性和稳定性的内部结构。我们将讨论用于与 containerd 通信的 gRPC API、智能客户端模型、可插入运行时接口以及所提供的可拖动、解包和运行容器映像的组件。对于容器运行环境供应商,了解 v2 运行环境填充层 API 并集成您自己的运行时环境。对于那些具有自定义存储需求的供应商,了解开发插件来构建自己的 snapshotter 和内容存储库。我们将包含 CRI、Docker 和 Moby 构建套件的示例。
展开查看详情

1.containerd deep dive Kubecon Shanghai 2018 Derek McGowan (Docker) Mike Brown (IBM)

2.Containerd 1.2 Architecture

3.Client-Server Client - High level operations using client - New functionality, interfaces may change (rarely) Server - Low level interfaces to resources over GRPC - Stable API, guaranteed 1.x compatibility

4.Backend Services Service - Provides access to all components - Low level components wrapped by metadata store - Provides labeling - Provides namespacing

5.Namespacing Metadata - Support for multiple clients - Namespaced images - Namespaced container configurations - Namespaced snapshots and content - Namespaced labels

6. Metadata Deeper Look Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... reg.io/redis:latest sha256:3B87DCE... sha256:B5CC793... sha256:78CF547... Containers Redis + Alpine sha256:B5CC793... Redis Container Container Root OCI Manifest OCI Image OCI Layer (compressed tar)

7. Garbage Collection (delete image) Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... reg.io/redis:latest sha256:3B87DCE... sha256:B5CC793... sha256:78CF547... Containers Redis + Alpine sha256:B5CC793... Redis Container Container Root OCI Manifest OCI Image OCI Layer (compressed tar)

8. Garbage Collection (running) Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... sha256:3B87DCE... sha256:B5CC793... sha256:78CF547... Containers Redis + Alpine sha256:B5CC793... Redis Container Container Root OCI Manifest OCI Image OCI Layer (compressed tar)

9. Garbage Collection (after) Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... sha256:3B87DCE... Containers Redis + Alpine Redis Container Container Root OCI Manifest OCI Image OCI Layer (compressed tar)

10. Garbage Collection (delete container) Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... sha256:3B87DCE... Containers Redis + Alpine Redis Container Container Root OCI Manifest OCI Image OCI Layer (compressed tar)

11. Garbage Collection (running) Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... sha256:3B87DCE... Containers Redis + Alpine OCI Manifest OCI Image OCI Layer (compressed tar)

12. Garbage Collection (final) Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... sha256:3B87DCE... Containers OCI Manifest OCI Image OCI Layer (compressed tar)

13. Plugins (snapshots) Snapshotter Design type Snapshotter interface { - No data operations Stat(Context, string) (Info, error) - No mounting Update(Context, Info, ...string) (Info, error) - Immutable snapshots - Label support Usage(Context, string) (Usage, error) - Enumeration Mounts(Context, string) ([]mount.Mount, error) Prepare(Context, string, string, ...Opt) ([]mount.Mount, error) View(Context, string, string, ...Opt) ([]mount.Mount, error) Commit(Context, string, string, ...Opt) error Remove(Context, string) error Walk(Context, func(context.Context, Info) error) error Close() error }

14. Plugins (snapshots) Proxy Snapshotter 1 package main 1. Build as an external plugin import( 2. Configure Containerd to use "net" "log" proxy plugin "github.com/containerd/containerd/api/services/snapshots/v1" "github.com/containerd/containerd/contrib/snapshotservice" (/etc/containerd/config.toml) ) func main() { rpc := grpc.NewServer() 2 ... sn := CustomSnapshotter() service := snapshotservice.FromSnapshotter(sn) [proxy_plugins] snapshots.RegisterSnapshotsServer(rpc, service) [proxy_plugins.mysnapshotter] type = "snapshot" // Listen and serve address = "/tmp/sn.sock" l, err := net.Listen("unix", "/tmp/sn.sock") ... if err != nil { log.Fatalf("error: %v\n", err) } if err := rpc.Serve(l); err != nil { log.Fatalf("error: %v\n", err) } }

15. Plugins (runtime) Shim GRPC API service Task { rpc State(StateRequest) returns (StateResponse); - Low level rpc Create(CreateTaskRequest) returns (CreateTaskResponse); - Stats now included rpc Start(StartRequest) returns (StartResponse); - Stabilized in 1.2 rpc Delete(DeleteRequest) returns (DeleteResponse); rpc Pids(PidsRequest) returns (PidsResponse); rpc Pause(PauseRequest) returns (google.protobuf.Empty); Shim Processes rpc Resume(ResumeRequest) returns (google.protobuf.Empty); - At most 1 per container rpc Checkpoint(CheckpointTaskRequest) returns (google.protobuf.Empty); - Can be shared (id rpc Kill(KillRequest) returns (google.protobuf.Empty); passed to every request) rpc Exec(ExecProcessRequest) returns (google.protobuf.Empty); rpc ResizePty(ResizePtyRequest) returns (google.protobuf.Empty); rpc CloseIO(CloseIORequest) returns (google.protobuf.Empty); rpc Update(UpdateTaskRequest) returns (google.protobuf.Empty); rpc Wait(WaitRequest) returns (WaitResponse); rpc Stats(StatsRequest) returns (StatsResponse); rpc Connect(ConnectRequest) returns (ConnectResponse); rpc Shutdown(ShutdownRequest) returns (google.protobuf.Empty); }

16. Client Extensibility Use your own services with service options Customize push and pull with remote options

17.Flows (pull) Pull Remote Fetch Unpack Events Content Images Snapshots

18.Flow (push) Push Remote Events Images Content

19. Flow (container run) Run Initialize Setup Start Running Containers Events Images Snapshot Containers Tasks

20.CRI - Pod Namespaces daemon shim shim CRI API CRI Plugin containerd client containerd Services Pod (sandbox container) Container Pod Namespaces Pod Cgroups

21. CRI pod Flow (run pod) Run Pod (Sandbox/Pause Container) Initialize Setup Start Running Pod Events Pause Image Pause Snapshot Pause Container Pod Task

22. CRI pod Flow (run container) Run Container in Pod Initialize Setup Start Running Container Events Images Snapshot Container Task

23.Demo