Wifi: DockerGuestPassword: containyourself
Containerd Internals
What is containerd?• It is a runc multiplexer• Manages container lifecycle operations
– signal– pause/resume– events
3
Why build it?• Decouple container lifecycle/execution management from Docker• Small and fast• runc integration
4
How is it built?
5
• Lock-free Events– start– signal– exit– SIGCHLD
How is it built?
6
• Concurrency– 200 containers + 200 workers = 54.5/s– 200 containers + 10 workers = 71.2/s
How is it built?
7
• containerd-shim– daemonless containers– 1 shim per container– report exit status
• fifos for STDIO• reparent to system init
Docker 1.11… and a glimpse of the future
Docker 1.11
• Relies entirely on containerd / runC for execution– No more direct dependency on libcontainer– Docker alone isn’t capable of running containers anymore ¯\_(ツ)_/¯
• What does it mean for the user?– Short answer: right now, nothing– Still pretty cool!
9
Docker 1.11
10
Docker Engine
> _� � �
containerd
runCshim
runCshim
runCshim
runCshim
Docker 1.11
• Focus on correctness– No regressions on the runtime– Without performance degradation
• Introduce the new binaries
• A first look at the new features this will enable
11
# ls -lah /usr/local/bin/docker*-rwxr-xr-x 1 root root 34M Apr 23 03:13 /usr/bin/docker-rwxr-xr-x 1 root root 14M Apr 23 03:12 /usr/bin/docker-containerd-rwxr-xr-x 1 root root 11M Apr 23 03:12 /usr/bin/docker-containerd-ctr-rwxr-xr-x 1 root root 7.0M Apr 23 03:12 /usr/bin/docker-containerd-shim-rwxr-xr-x 1 root root 9.1M Apr 23 03:11 /usr/bin/docker-runc
Choosing your execution backend
• Before: Docker had a hardcoded set of supported “execution drivers”
• Future plans– Specify your execution backend on a per-container basis– E.g., `docker run --exec-driver=custom redis`
• A whole ecosystem of OCI-compliant backends– runV, a hypervisor-based runtime– runZ, an ongoing effort from Oracle based on Solaris Zones– Clear Containers, an Intel project based on a lightweight hypervisor
12
Choosing your execution backend
13
Docker Engine
> _� � �
containerd
runCshim
runXshim
runYshim
runZshim
Resilience
• Container lifecycle should be independent of the daemon– Ultimate goal: Docker should never decide on stopping a container
• Not there yet, but we’re getting closer!
14
Resilience
15
Docker Engine
> _� � �
containerd
runCshim
runCshim
runCshim
runCshim
Resilience
16
> _� � �
containerd
runCshim
runCshim
runCshim
runCshim
Docker Engine
Resilience
17
Docker Engine
> _� � �
runCshim
runCshim
runCshim
runCshim
containerd
THANK YOU
Top Related