Kubernetes on CRI-O

•

2 gostaram•1,409 visualizações

At Bangalore Kubernetes meetup April 2017. This is about running Kubernetes using alternative container runtime cri-o and runc. Event report for the meetup: suraj.io/post/blr-k8s-meetup-april-2017/

Software

Suraj Deshmukh
Bangalore Kubernetes Meetup - April 2017
on

About me:
● Contributor to Kompose, OpenCompose,
OpenShift, cri-o, etc.
● Red Hatter.
● OpenSource enthusiast.
● Find me:
○ Twitter: surajd_
○ IRC, slack, telegram: surajd
○ suraj.io
○ surajd.service@gmail.com & surajd@redhat.com

OCI - Open Container Initiative
The Open Container Initiative (OCI) is a lightweight, open governance structure (project), formed under the
auspices of the Linux Foundation, for the express purpose of creating open industry standards around
container formats and runtime. The OCI was launched on June 22nd 2015 by Docker, CoreOS and other
leaders in the container industry.

OCI
● It contains two specification, the container runtime specification and
container image specification.
● Runtime specification defines how to run a filesystem bundle that is
unpacked on the disk.
● Image specification defines container image format which has sufficient
information to run an application on target platform.

CRI - Container Runtime Interface
● Plugin API for container runtimes.
● These new clearly defined abstraction enables anyone to define container
runtime and plugin with kubernetes.
● This helps support for multiple runtimes without the need to recompile
code.
● There are many CRI runtimes in progress crio, rktlet, frakti, etc.

CRI
● docker and rkt integration was done by directly writing code in k8s repo.
● This code will be deprecated in k8s1.7
● Now docker integration is using docker CRI.
● Docker supported versions are 1.11 & 1.12

CRI-O
OCI-based implementation of Kubernetes Container Runtime Interface

CRI-O
● Any runtime that is OCI compliant can be plugged in to kubelet and that
glue is CRI-O
● CRI-O has runtime service and the image service
● All the runtime knows is how to start/stop/remove sandboxes, pod,
container
● Container process lifecycle
● Container image lifecycle

Components
● Server:
○ ocid server
○ conmon
○ image and storage
○ cni
○ OCI runtime
● Clients:
○ kubelet
○ ocic

ocid
● gRPC API
● ocid is the daemon listening on UNIX socket and takes request from client
● It does runtime and image management

conmon
● Standalone C application
● Sits in between ocid and runtime
● It is parent to container, this decouples the container from ocid daemon
● IO, logs, container exit codes, etc.

Image and storage
● containers/image
● containers/storage

CNI - networking
● The CNI (Container Network Interface) project consists of a specification
and libraries for writing plugins to configure network interfaces in Linux
containers, along with a number of supported plugins.
● CNI concerns itself only with network connectivity of containers and
removing allocated resources when the container is deleted.

OCI runtime
● Any OCI conformant runtime can be plugged in.
● cri-o's default is runc, which is the reference implementation for the OCI
runtime specification.
● runc can do all the things that docker or rkt can do except building image.

Demo
Setup: http://suraj.io/post/using-crio-with-k8s-single-node/

References
● OCI https://www.opencontainers.org/about
● Image spec https://github.com/opencontainers/image-spec
● Runtime spec https://github.com/opencontainers/runtime-spec
● CRIO project https://github.com/kubernetes-incubator/cri-o
● CRI: the Container Runtime Interface
https://github.com/kubernetes/community/blob/master/contributors/devel/container-runtime-interface.md
● Frakti https://github.com/kubernetes/frakti
● Intro to CRI http://blog.kubernetes.io/2016/12/container-runtime-interface-cri-in-kubernetes.html
● How CRI-O Would Put Kubernetes at the Center of the Container Ecosystem
https://thenewstack.io/cri-o-make-kubernetes-center-container-ecosystem
● CRI-O: A kubernetes runtime https://www.youtube.com/watch?v=R-p7BXhtodo

Mais conteúdo relacionado

Mais procurados

Containerd Project Update: FOSDEM 2018

Phil Estes

Moby Summit introduction

Moby Project

A talk given at All Thing Open's Open Source 101 event at NC State University, Raleigh, North Carolina on Saturday, 17th February, 2018. This talk covered some interesting history lessons of the Docker open source project and inter-vendor tensions. If you were not at this talk do not read intent into these slides as this was truly an attempt at a "blame-free" post-mortem of the important topics of open source, governance, and foundations as it related to the extremely popular Docker open source project.

An Open Source Story: Open Containers & Open Communities

Phil Estes

Automated testing with Openshift

Oleg Popov

Are you bored of installing Virtual Machines(VM) every time, and waiting for the time to install one? Are you still doing all your Linux container management using an insecure, bloated daemon? In this era, we are using containers in the IT industry, there are many container tools present in the enterprise. I will be talking about the three daemon-less Linux Container tools i.e. Podman, Buildah, and Skepeo by Redhat. Presented as part of the Cloud Community Days

The world of Containers with Podman, Buildah, Skopeo by Seema - CCDays

CodeOps Technologies LLP

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc. containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users.

The State of containerd

Moby Project

Docker Introduction - DevOps Montreal Meetup

Colin Surprenant

OpenDataPlane Testing in Travis

Dmitry Baryshkov

NUS-ISS Learning Day 2017 - Bots-Managed CloudOps

NUS-ISS

How Docker didn't invent containers (Docker Meetup Brno #1)

Pavel Snajdr

Scaling Docker Registry

Mirantis IT Russia

Knowit study group örnsköldsvik - introduction to qt & qt creator

Mathias Westin

BKK16-407 AOSP Toolchain Evolution and experimental languages on AOSP

Linaro

PostgreSQL Setup Using Docker

Gilt Tech Talks

Libcontainer: joining forces under one roof

Andrey Vagin

SFO15-203: Linaro CI - git driven workflow & Jenkins advanced usage Speaker: Fathi Boudra Date: September 22, 2015 ★ Session Description ★ As part of Linaro CI v2 project, several improvements have been implemented and deployed in order to make CI at Linaro faster, more reliable and easier to use by the developers. The session will present the new workflow to setup and maintain CI loops, as well as the tools used by Linaro like Jenkins. ★ Resources ★ Video: https://www.youtube.com/watch?v=bWoAZVUXeAM Presentation: Etherpad: pad.linaro.org/p/sfo15-203 Pathable: https://sfo15.pathable.com/meetings/302834 ★ Event Details ★ Linaro Connect San Francisco 2015 - #SFO15 September 21-25, 2015 Hyatt Regency Hotel http://www.linaro.org http://connect.linaro.org

SFO15-203: Linaro CI - git driven workflow & Jenkins advanced usage

Linaro

Mais procurados (16)

Containerd Project Update: FOSDEM 2018

Moby Summit introduction

An Open Source Story: Open Containers & Open Communities

Automated testing with Openshift

The world of Containers with Podman, Buildah, Skopeo by Seema - CCDays

The State of containerd

Docker Introduction - DevOps Montreal Meetup

OpenDataPlane Testing in Travis

NUS-ISS Learning Day 2017 - Bots-Managed CloudOps

How Docker didn't invent containers (Docker Meetup Brno #1)

Scaling Docker Registry

Knowit study group örnsköldsvik - introduction to qt & qt creator

BKK16-407 AOSP Toolchain Evolution and experimental languages on AOSP

PostgreSQL Setup Using Docker

Libcontainer: joining forces under one roof

SFO15-203: Linaro CI - git driven workflow & Jenkins advanced usage

Semelhante a Kubernetes on CRI-O

As we move to our application units to containers most people are asking themselves the question about orchestrator choice. That is not the only choice that’s important, what about the underlying container runtime? In this talk, we will look at why you would use containerD with runC with both Swarm and Kubernetes, but other uses for ContainerD like container OS’s to ship immutable infrastructure.

Looking Under The Hood: containerD

Docker, Inc.

Docker London Meetup: Docker Engine Evolution

Phil Estes

Application containers are changing some of the fundamentals of how Linux is used in the server environment. rkt is a daemon-free container runtime with a focus on security. rkt is also an implementation of the App Container (appc) runtime specification, which defines the concept of a pod: a grouping of multiple containerized applications in a single execution unit. Pods are also used as the abstraction within Kubernetes, and having rkt work natively with pods makes it uniquely suited as a Kubernetes container runtime engine. With different application container runtimes on Linux to choose from (including Docker, kurma and rkt) this session will cover the differences. It will also dive into use cases for rkt under Kubernetes.

OSDC 2016 | rkt and Kubernetes: What’s new with Container Runtimes and Orches...

NETWAYS

OSDC 2016 - rkt and Kubernentes what's new with Container Runtimes and Orches...

NETWAYS

16. Cncf meetup-docker

Juraj Hantak

View the video of this webinar here: https://www.arangodb.com/arangodb-events/gvisor-kata-containers-firecracker-docker/ Containers* have revolutionized the IT landscape and for a long time. Docker seemed to be the default whenever people were talking about containerization technologies**. But traditional container technologies might not be suitable if strong isolation guarantees are required. So recently new technologies such as gVisor, Kata Container, or firecracker have been introduced to close the gap between the strong isolation of virtual machines and the small resource footprint of containers. In this talk, we will provide an overview of the different containerization technologies, discuss their tradeoffs, and provide guidance for different use cases. * We will define the term container in more detailed during the talk ** and yes we will also cover some of the pre-docker container space!

gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?

ArangoDB Database

Fabric8 CI/CD

Izzet Mustafaiev

Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...

Ambassador Labs

Future of Microservices - Jakub Hadvig

WEBtlak

Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies

Daniel Oh

Join containerd maintainers and reviewers in a combined introduction and deep dive session. They will discuss the overview and the recent updates of containerd as well as how it is being used by Kubernetes, Docker and other container-based systems. The brief introduction about its architecture and service design will be included. The talk will also deep dive into how to leverage contained by extending and customizing it for your use case with low-level plugins like remote snapshotters, as well as by implementing your own containerd client. Upcoming features and recent discussion in containerd community will also be covered. - - - https://kccnceu2021.sched.com/event/iE6v/introduction-and-deep-dive-into-containerd-kohei-tokunaga-akihiro-suda-ntt-corporation?iframe=no

[KubeCon EU 2021] Introduction and Deep Dive Into Containerd

Akihiro Suda

Introduction and Deep Dive Into Containerd

Kohei Tokunaga

Docker Birtday #5

Mehmet Ali Aydın

rkt is a modern container runtime, built for security, efficiency, and composability. Kubernetes is a modern cluster orchestration system allowing users. Kubernetes doesn't directly execute application containers but instead delegate to a container runtime, which is integrated at the kubelet (node) level. When Kubernetes first launched, the only supported container runtime was Docker - but in recent months, we've been hard at work integrating rkt as an alternative container runtime, aka "rktnetes". The goal of "rktnetes" is to have first-class integration between rkt and the kubelet, and allow Kubernetes users to take advantage of some of rkt's unique features. This talk will describe how rkt works, some of the features that make it unique as a container runtime, and some of the process of integrating an alternative container runtime with Kubernetes, as well as the latest state of "rktnetes."Introduction to rkt, including special/unique features. Sched Link: http://sched.co/6BY7

KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes

KubeAcademy

Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26

Brian Rosmaita

[Global logic] container runtimes and kubernetes

GlobalLogic Ukraine

Developer workflow with docker

Lalatendu Mohanty

Docker introduction for Carbon IT

yannick grenzinger

Continuous compliance is rooted into Linaro's everyday activities, whether the target is kernel development, a SOC Yocto SDK, an SDV, or consumer electronics project. Open source is at the center of today's software innovation, ubiquitous across products and services and, as such open source needs to evolve from a mere innovation into a production-grade engine. Linaro, one of the leading linux kernel contributors, is perfectly positioned to support our customers and the entire open source community throughout this transition. This talk will showcase Linaro's continuous compliance and production-grade processes, artifacts, and best practices and shed some light on what's happening under the hood of one of the world leading open source organizations and contributors.

Davide Ricci - Continuos compliance @ Linaro.pdf

South Tyrol Free Software Conference

CodiLime Tech Talk - Dawid Trzebiatowski i Wojciech Urbański: Opening the Flo...

CodiLime

Semelhante a Kubernetes on CRI-O (20)

Looking Under The Hood: containerD

Docker London Meetup: Docker Engine Evolution

OSDC 2016 | rkt and Kubernetes: What’s new with Container Runtimes and Orches...

OSDC 2016 - rkt and Kubernentes what's new with Container Runtimes and Orches...

16. Cncf meetup-docker

gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?

Fabric8 CI/CD

Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...

Future of Microservices - Jakub Hadvig

Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies

[KubeCon EU 2021] Introduction and Deep Dive Into Containerd

Introduction and Deep Dive Into Containerd

Docker Birtday #5

KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes

Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26

[Global logic] container runtimes and kubernetes

Developer workflow with docker

Docker introduction for Carbon IT

Davide Ricci - Continuos compliance @ Linaro.pdf

CodiLime Tech Talk - Dawid Trzebiatowski i Wojciech Urbański: Opening the Flo...

Mais de Suraj Deshmukh

Building Container Defence Executable at a Time.pdf

Suraj Deshmukh

Kubernetes psp and beyond

Suraj Deshmukh

This talk explains what what Pod Security Policy is and it's importance in Kubernetes Security. The talk also takes a look at the current situation of docker hub's popular images and helm charts repository. This talk stresses on the fact that having PSP enabled the right way is absolutely necessary for the real security of the cluster. Link to the demos: What is Pod Security Policy? https://www.youtube.com/watch?v=nrWRMP94vqc Kubernetes Hostpath exploit thrawted with Pod Security Policy https://www.youtube.com/watch?v=APS0CfD6DsE

Hardening Kubernetes by Securing Pods

Suraj Deshmukh

Kubernetes Security Updates from Kubecon 2018 Seattle

Suraj Deshmukh

Making kubernetes simple for developers

Suraj Deshmukh

Microservices on Kubernetes - The simple way

Suraj Deshmukh

Taking containers from development to production

Suraj Deshmukh

JSONSchema with golang

Suraj Deshmukh

What's new in kubernetes 1.3?

Suraj Deshmukh

Python testing using mock and pytest

Suraj Deshmukh

OpenShift meetup Bangalore

Suraj Deshmukh

macvlan and ipvlan

Suraj Deshmukh

Henge

Suraj Deshmukh

Mais de Suraj Deshmukh (13)

Building Container Defence Executable at a Time.pdf

Kubernetes psp and beyond

Hardening Kubernetes by Securing Pods

Kubernetes Security Updates from Kubecon 2018 Seattle

Making kubernetes simple for developers

Microservices on Kubernetes - The simple way

Taking containers from development to production

JSONSchema with golang

What's new in kubernetes 1.3?

Python testing using mock and pytest

OpenShift meetup Bangalore

macvlan and ipvlan

Henge

Último

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

VishalKumarJha10

Software Quality Assurance Interview Questions

Arshad QA

SHRMPro HRMS Software Solutions Presentation

Shrmpro

In the past six months, the AI landscape has undergone a massive transformation, ushering in a new era of productivity with the latest in Large Language Models (LLMs) and AI technology. This deep dive unlocks how to: Create CustomGPT Models: No coding needed to tailor AI for your unique projects. Integrate your own data, including PDFs and Excel sheets, making information handling a breeze. Plus, discover how to call your own actions/integrations for even more personalized utility. Navigate Advanced Prompting: Overcome AI's memory limits and utilize Retrieval-Augmented Generation for accessing your personalized data, streamlining how you interact with AI. Stay Ahead with AI Trends: Peek into the evolving world of LLMs, featuring newcomers like Google Gemini, Anthropic Claude, Open Sora, and Twitter Grok, and understand what their advancements mean for your productivity. Witness Real-Life Transformations: Through examples and prompt demonstrations, see firsthand how these AI strategies revolutionize routine tasks, from data analysis to content creation. Learn to leverage image output and input for advanced practical use cases, adding a new dimension to your productivity toolkit. No previous coding or AI experience is needed for this talk. Stay ahead in the fast-evolving world of work. Embrace the AI revolution and transform your workflow with advanced LLM techniques. Join us to ensure you're not left behind in the productivity race.

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

VictorSzoltysek

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

masabamasaba

In today's dynamic e-commerce landscape, the payment gateway emerges as a linchpin, ensuring smooth and secure transactions between buyers and sellers. In this discourse, we delve into the meticulous process of devising test cases tailored for scrutinizing payment gateways. Crafting precise test cases for payment gateways is a quintessential responsibility for testers operating within the service industry. This article meticulously explores pivotal scenarios integral to how to test payment gateways, coupled with essential guidelines for drafting effective test cases.

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

kalichargn70th171

Craft an AI & Machine Learning Pitch with our Editable Professional PowerPoint Template. Ignite your AI & Machine Learning pitch with our cutting-edge PowerPoint template tailored for the industry. Perfect for AI conferences, investor presentations, sales pitches to tech-focused companies, training sessions, and educational programs. - 20+ editable slides: Get a variety of options to choose from for your presentation. - Time-saving solution: Download, replace text/images with a few clicks. - User-friendly customization: Easy to use and personalize. - Modern and attractive design: Captivating visuals, sleek layout. - Tailored to your requirements: Fully alterable for customization. - Well-organized slides: Complete control over content. - Thematic specificity: Reflects healthcare industry with relevant graphics. - Showcase your business idea: Communicate value proposition effectively.

AI & Machine Learning Presentation Template

Presentation.STUDIO

At TECUNIQUE, we're a stable and steadily growing Indian software services company with over 14 years of industry experience. Specializing in offshore software development and quality assurance services, we've built a reputation for delivering unique and effective solutions to start-ups, software development companies, enterprises, and digital agencies. We pride ourselves on our commitment to excellence and innovation. By blending insightful business domain knowledge with exceptional technical prowess, we craft tailor-made solutions that meet the unique needs of our clients. Our dedicated teams are adept in specific technologies, ensuring seamless integration of skills and delivering reliable, scalable, and high-quality software solutions aligned with our clients' preferences. Bespoke Dedicated Teams: Crafted to meet your specific needs and technology preferences, our dedicated teams are committed to delivering top-notch software solutions. Offshore Software Development: Accelerate your software development and scale up quickly with our 12+ years of expertise in offshore development. Quality Assurance Services: Ensure the quality of your software products with our dedicated teams of experienced QA professionals. IT Staff Augmentation: Overcome skill gaps with our client-centric software team, offering staff augmentation services. Expert Software Services: Unlock our capabilities in custom software development, product development, and quality assurance. Mission and Vision: Our mission at TECUNIQUE is to be the catalyst for our clients' success in the dynamic domain of software development. Rooted in our core values of respect, authenticity, and responsibility, we strive to ease the software outsourcing experience, reducing both time and cost to market for our clients. We envision ourselves as the leading Indian software services company, renowned for our unwavering commitment to excellence and innovation. www.tecunique.com

TECUNIQUE: Success Stories: IT Service provider

mohitmore19

VTU technical seminar 8Th Sem on Scikit-learn

AmarnathKambale

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

Philip Schwarz

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

Define the academic and professional writing..pdf

PearlKirahMaeRagusta1

Announcing Codolex 2.0 from GDK Software

Jim McKeeth

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

masabamasaba

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

masabamasaba

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

masabamasaba

Generic or specific? Making sensible software design decisions

Bert Jan Schrijver

The title is not connected to what is inside

shinachiaurasa2

Conference: Engage2024 in Antwerp Type: Workshop Speakers: Florian Vogler, Henning Kunz, Christoph Adler Title: Navigating the Future with The Hitchhiker's Guide to Notes and Domino 14 Abstract: Embark on an exhilarating journey with industry trailblazers Florian Vogler, Henning Kunz, and Christoph Adler in this not-to-be-missed workshop at the forefront of the tech universe. Get ready for a thrilling kick-off as we navigate the current state of the HCL universe, setting the stage for an exploration of the groundbreaking Notes and Domino 14. Discover the latest enhancements and revolutionary features that will redefine your experience. In this interactive session, unlock a treasure trove of tips and tricks to elevate your utilization of version 14, both with and without the game-changing panagenda MarvelClient. Brace yourself for also diving into Nomad, Nomad Web, and VoltMX, expanding your horizons in the expansive HCL landscape. Be a part of this exclusive opportunity to stay ahead in the ever-evolving world of HCL technologies. Your journey to mastering Notes and Domino 14 begins here. And remember, in the spirit of intergalactic exploration, don't forget to bring your towel!

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

panagenda

At the recent Microsoft Ignite 2023 conference, Microsoft unveiled a groundbreaking strategy that will redefine enterprise work management. The plan involves integrating Microsoft’s key planning tools, Microsoft To Do, Microsoft Planner, and Microsoft Project for the web into a unified experience called “Microsoft Planner.” What does this new strategy from Microsoft mean for current users? Join us and learn how best to take advantage of this announcement while gaining a clear path on how to elevate the current state of Microsoft Planner from a basic task manager to a comprehensive tool for Enterprise Work Management using OnePlan. Learn how OnePlan’s integration with Microsoft Planner allows for strategic alignment with business goals through advanced features like strategic planning, portfolio management, resource management, financial management, and more!

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution

OnePlan Solutions

Kubernetes on CRI-O

1. Suraj Deshmukh Bangalore Kubernetes Meetup - April 2017 on

2. About me: ● Contributor to Kompose, OpenCompose, OpenShift, cri-o, etc. ● Red Hatter. ● OpenSource enthusiast. ● Find me: ○ Twitter: surajd_ ○ IRC, slack, telegram: surajd ○ suraj.io ○ surajd.service@gmail.com & surajd@redhat.com

3. Some jargons

4. OCI - Open Container Initiative The Open Container Initiative (OCI) is a lightweight, open governance structure (project), formed under the auspices of the Linux Foundation, for the express purpose of creating open industry standards around container formats and runtime. The OCI was launched on June 22nd 2015 by Docker, CoreOS and other leaders in the container industry.

5. OCI ● It contains two specification, the container runtime specification and container image specification. ● Runtime specification defines how to run a filesystem bundle that is unpacked on the disk. ● Image specification defines container image format which has sufficient information to run an application on target platform.

6. CRI - Container Runtime Interface ● Plugin API for container runtimes. ● These new clearly defined abstraction enables anyone to define container runtime and plugin with kubernetes. ● This helps support for multiple runtimes without the need to recompile code. ● There are many CRI runtimes in progress crio, rktlet, frakti, etc.

7. CRI ● docker and rkt integration was done by directly writing code in k8s repo. ● This code will be deprecated in k8s1.7 ● Now docker integration is using docker CRI. ● Docker supported versions are 1.11 & 1.12

8. CRI-O OCI-based implementation of Kubernetes Container Runtime Interface

9. CRI-O ● Any runtime that is OCI compliant can be plugged in to kubelet and that glue is CRI-O ● CRI-O has runtime service and the image service ● All the runtime knows is how to start/stop/remove sandboxes, pod, container ● Container process lifecycle ● Container image lifecycle

10. Components ● Server: ○ ocid server ○ conmon ○ image and storage ○ cni ○ OCI runtime ● Clients: ○ kubelet ○ ocic

11. ocid ● gRPC API ● ocid is the daemon listening on UNIX socket and takes request from client ● It does runtime and image management

12. conmon ● Standalone C application ● Sits in between ocid and runtime ● It is parent to container, this decouples the container from ocid daemon ● IO, logs, container exit codes, etc.

13. Image and storage ● containers/image ● containers/storage

14. CNI - networking ● The CNI (Container Network Interface) project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. ● CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.

15. OCI runtime ● Any OCI conformant runtime can be plugged in. ● cri-o's default is runc, which is the reference implementation for the OCI runtime specification. ● runc can do all the things that docker or rkt can do except building image.

16. Demo Setup: http://suraj.io/post/using-crio-with-k8s-single-node/

17. References ● OCI https://www.opencontainers.org/about ● Image spec https://github.com/opencontainers/image-spec ● Runtime spec https://github.com/opencontainers/runtime-spec ● CRIO project https://github.com/kubernetes-incubator/cri-o ● CRI: the Container Runtime Interface https://github.com/kubernetes/community/blob/master/contributors/devel/container-runtime-interface.md ● Frakti https://github.com/kubernetes/frakti ● Intro to CRI http://blog.kubernetes.io/2016/12/container-runtime-interface-cri-in-kubernetes.html ● How CRI-O Would Put Kubernetes at the Center of the Container Ecosystem https://thenewstack.io/cri-o-make-kubernetes-center-container-ecosystem ● CRI-O: A kubernetes runtime https://www.youtube.com/watch?v=R-p7BXhtodo

18. Thank You

Kubernetes on CRI-O

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (16)

Semelhante a Kubernetes on CRI-O

Semelhante a Kubernetes on CRI-O (20)

Mais de Suraj Deshmukh

Mais de Suraj Deshmukh (13)

Último

Último (20)

Kubernetes on CRI-O