深入了解：containerd

1 .containerd deep dive Kubecon Shanghai 2018 Derek McGowan (Docker) Mike Brown (IBM) 

2 .Containerd 1.2 Architecture 

3 .Client-Server Client - High level operations using client - New functionality, interfaces may change (rarely) Server - Low level interfaces to resources over GRPC - Stable API, guaranteed 1.x compatibility 

4 .Backend Services Service - Provides access to all components - Low level components wrapped by metadata store - Provides labeling - Provides namespacing 

5 .Namespacing Metadata - Support for multiple clients - Namespaced images - Namespaced container configurations - Namespaced snapshots and content - Namespaced labels 

6 . Metadata Deeper Look Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... reg.io/redis:latest sha256:3B87DCE... sha256:B5CC793... sha256:78CF547... Containers Redis + Alpine sha256:B5CC793... Redis Container Container Root OCI Manifest OCI Image OCI Layer (compressed tar) 

7 . Garbage Collection (delete image) Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... reg.io/redis:latest sha256:3B87DCE... sha256:B5CC793... sha256:78CF547... Containers Redis + Alpine sha256:B5CC793... Redis Container Container Root OCI Manifest OCI Image OCI Layer (compressed tar) 

8 . Garbage Collection (running) Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... sha256:3B87DCE... sha256:B5CC793... sha256:78CF547... Containers Redis + Alpine sha256:B5CC793... Redis Container Container Root OCI Manifest OCI Image OCI Layer (compressed tar) 

9 . Garbage Collection (after) Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... sha256:3B87DCE... Containers Redis + Alpine Redis Container Container Root OCI Manifest OCI Image OCI Layer (compressed tar) 

10 . Garbage Collection (delete container) Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... sha256:3B87DCE... Containers Redis + Alpine Redis Container Container Root OCI Manifest OCI Image OCI Layer (compressed tar) 

11 . Garbage Collection (running) Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... sha256:3B87DCE... Containers Redis + Alpine OCI Manifest OCI Image OCI Layer (compressed tar) 

12 . Garbage Collection (final) Images Content Snapshots reg.io/alpine:latest sha256:0F4145E... Alpine Base Layer sha256:6FE6021... sha256:3B87DCE... Containers OCI Manifest OCI Image OCI Layer (compressed tar) 

13 . Plugins (snapshots) Snapshotter Design type Snapshotter interface { - No data operations Stat(Context, string) (Info, error) - No mounting Update(Context, Info, ...string) (Info, error) - Immutable snapshots - Label support Usage(Context, string) (Usage, error) - Enumeration Mounts(Context, string) ([]mount.Mount, error) Prepare(Context, string, string, ...Opt) ([]mount.Mount, error) View(Context, string, string, ...Opt) ([]mount.Mount, error) Commit(Context, string, string, ...Opt) error Remove(Context, string) error Walk(Context, func(context.Context, Info) error) error Close() error } 

14 . Plugins (snapshots) Proxy Snapshotter 1 package main 1. Build as an external plugin import( 2. Configure Containerd to use "net" "log" proxy plugin "github.com/containerd/containerd/api/services/snapshots/v1" "github.com/containerd/containerd/contrib/snapshotservice" (/etc/containerd/config.toml) ) func main() { rpc := grpc.NewServer() 2 ... sn := CustomSnapshotter() service := snapshotservice.FromSnapshotter(sn) [proxy_plugins] snapshots.RegisterSnapshotsServer(rpc, service) [proxy_plugins.mysnapshotter] type = "snapshot" // Listen and serve address = "/tmp/sn.sock" l, err := net.Listen("unix", "/tmp/sn.sock") ... if err != nil { log.Fatalf("error: %v\n", err) } if err := rpc.Serve(l); err != nil { log.Fatalf("error: %v\n", err) } } 

15 . Plugins (runtime) Shim GRPC API service Task { rpc State(StateRequest) returns (StateResponse); - Low level rpc Create(CreateTaskRequest) returns (CreateTaskResponse); - Stats now included rpc Start(StartRequest) returns (StartResponse); - Stabilized in 1.2 rpc Delete(DeleteRequest) returns (DeleteResponse); rpc Pids(PidsRequest) returns (PidsResponse); rpc Pause(PauseRequest) returns (google.protobuf.Empty); Shim Processes rpc Resume(ResumeRequest) returns (google.protobuf.Empty); - At most 1 per container rpc Checkpoint(CheckpointTaskRequest) returns (google.protobuf.Empty); - Can be shared (id rpc Kill(KillRequest) returns (google.protobuf.Empty); passed to every request) rpc Exec(ExecProcessRequest) returns (google.protobuf.Empty); rpc ResizePty(ResizePtyRequest) returns (google.protobuf.Empty); rpc CloseIO(CloseIORequest) returns (google.protobuf.Empty); rpc Update(UpdateTaskRequest) returns (google.protobuf.Empty); rpc Wait(WaitRequest) returns (WaitResponse); rpc Stats(StatsRequest) returns (StatsResponse); rpc Connect(ConnectRequest) returns (ConnectResponse); rpc Shutdown(ShutdownRequest) returns (google.protobuf.Empty); } 

16 . Client Extensibility Use your own services with service options Customize push and pull with remote options 

17 .Flows (pull) Pull Remote Fetch Unpack Events Content Images Snapshots 

18 .Flow (push) Push Remote Events Images Content 

19 . Flow (container run) Run Initialize Setup Start Running Containers Events Images Snapshot Containers Tasks 

20 .CRI - Pod Namespaces daemon shim shim CRI API CRI Plugin containerd client containerd Services Pod (sandbox container) Container Pod Namespaces Pod Cgroups 

21 . CRI pod Flow (run pod) Run Pod (Sandbox/Pause Container) Initialize Setup Start Running Pod Events Pause Image Pause Snapshot Pause Container Pod Task 

22 . CRI pod Flow (run container) Run Container in Pod Initialize Setup Start Running Container Events Images Snapshot Container Task 

23 .Demo