超個体型データセンターOSとOCIランタイム

Transcript

1. ͘͞ΒΠϯλʔωοτגࣜձࣾ (C) Copyright 1996-2019 SAKURA Internet Inc ͘͞ΒΠϯλʔωοτݚڀॴ ௒ݸମܕσʔληϯλʔOSͱOCIϥϯλΠϜ 2019/03/20

   ্ڃݚڀһ দຊ ྄հ ͸ͯͳ×͘͞Β͕ߟ͑ΔςΫϊϩδʔͷະདྷ ʙίϯςφɾ෼ࢄܕσʔληϯλʔʙ

2. 2 ɾ͘͞ΒΠϯλʔωοτݚڀॴ ্ڃݚڀһ ɾגࣜձࣾGrooves Forkewll ٕज़ސ໰ ɾϖύϘݚڀॴ ٬һݚڀһ ݚڀސ໰ ɾηΩϡϦςΟɾΩϟϯϓߨࢣ

   ɾ৘ใॲཧֶձ Πϯλʔωοτͱӡ༻ٕज़ݚڀձ ֤छҕһ ɾژ౎େֶത࢜ʢ৘ใֶʣ দຊ྄հ / ·ͭ΋ͱΓʔ / @matsumotory

3. 3 1. എܠͱ໨త 2. ௒ݸମܕσʔληϯλʔ 3. ௒ݸମܕσʔληϯλʔOSͱίϯςφ 4. ίϯςφͷOCIϥϯλΠϜͷαʔϕΠͱ࣮ݧ 5.

   ·ͱΊ ໨࣍ ※͜ͷݚڀʹج͍͍ͮͯ·͢: দຊ྄հ, ௶಺༎थ, ٶԼ߶ี, ෼ࢄܕσʔληϯλʔOSΛ໨ࢦͨ͠ϦΞΫςΟϒੑΛ࣋ͭίϯ ςφ࣮ߦج൫ٕज़, ৘ใॲཧֶձݚڀใࠂΠϯλʔωοτͱӡ༻ٕज़ʢIOTʣ, No.2019-IOT-44, Vol.27, pp.1-8, 2018೥3݄.

4. 1. എܠͱ໨త

5. 5 େن໛σʔληϯλʔͷूத • σʔληϯλʔͷେن໛Խͱूத • ίϯϐϡʔλϦιʔεͱίετͷޮ཰Խ • Ϋϥ΢υར༻͕͜͜਺೥Ͱਵ෼ͱଅਐ͞Ε͖ͯͨ • ٕज़എܠͷมԽʹ൐ͬͯOSS΍Ϋϥ΢υαʔϏε΋ٸ଎ʹมԽ

   • ιϑτ΢ΣΞ΍ϕϯμʔʹڧ͘ґଘ͠ͳ͍มԽʹڧ͍ઃܭ͕ٸ຿ • αʔϏεͷػೳͷந৅Խͱૄ݁߹ͳઃܭ͕ීٴ • Ϋϥ΢υωΠςΟϒɾϚϧνΫϥ΢υɾϚΠΫϩαʔϏεԽ

6. 6 σʔληϯλʔͷूத͔Β෼ࢄ • Ϋϥ΢υΛલఏʹϞϊϦγοΫͳαʔϏεઃܭ͔ΒϚΠΫϩαʔϏεԽ΁ • αʔϏεͷ֤ػೳΛখ͞ͳαʔϏεͱ࣮ͯ͠૷͠gRPC౳Ͱ࿈ܞ • ϚΠΫϩαʔϏε୯ҐͰͷଟ༷ͳνʔϜ։ൃ΍ӡ༻ͷޮ཰Խ • εέʔϦϯά΍ো֐࣌ͷӨڹͷہॴԽ

   • ϚΠΫϩαʔϏεؒͰͷଳҬෆ଍΍ϨΠςϯγʔͷ௿ݮ͕ٻΊΒΕΔ • େن໛σʔληϯλʔͷڑ཭ʢ౦ژͱੴङؒʣͰ΋ٞ࿦͕ੜ࢝͡ΊΔ • αʔό͚ͩͰͳ͘ηϯαʔ΍σόΠεͷߴ౓Խɾଟ਺ԽʹΑΔଳҬෆ଍

7. 7 σʔληϯλʔػೳ͕ࣾձʹ༹͚ࠐΉະདྷ • ֤ίϯϐϡʔςΟϯάػೳ͕ݸମͱͯ͠ػೳͭͭ͠૯ମͱͯ͠͸౷཰ • ϥοΫϨϕϧͷίϯϐϡʔλ܈ɼEdge/FogίϯϐϡʔςΟϯάͳͲ • খɾதن໛σʔληϯλʔ͕ϋϒͱͳͬͯ݁Ռతʹશମ͕઀ଓɾߏ੒ • ੜ׆ͷதͰਓʑ͕ίϯϐϡʔλͷΞγετΛৗʹड͚Δ࣌୅Λ໨ࢦ͢

   • ͍·͔ͩͭͯͳ͍ϚγϯύϫʔͱΠϯςϦδΣϯεͳػೳΛఏڙ • ࣾձʹ༹͚ࠐΉσʔληϯλʔػೳ͓ΑͼΫϥ΢υͷϚγϯύϫʔ • ௒ݸମܕσʔληϯλʔ͓ΑͼOSͱίϯηϓτΛఆΊΔ

8. 8 ຊൃද • ௒ݸମܕσʔληϯλʔʹ͓͚ΔίϯηϓτͱϏδϣϯͷ঺հ • ௒ݸମܕσʔληϯλʔOSʹඞཁͳཁ݅ͱ͸ • ݱ࣮తͳWebΞϓϦέʔγϣϯΛѻ͏ίϯςΩετͰ·ͣ͸ݕ౼ • ίϯϐϡʔςΟϯάϦιʔε͕෼ࢄԽͨ͠ࡍͷίϯςφͷ͋Γํ

   • σʔληϯλʔOSΛʹ͓͚Δϓϩηε΍εϨουͱͯ͠ͷίϯςφ • ίϯςφͷϦΞΫςΟϒੑͷॏཁੑΛٞ࿦ • ݱࡏͷ֤ۀքͷऔΓ૊Έ΍ίϯςφϥϯλΠϜͷ෼ྨͯ͠੔ཧ

9. 2. ௒ݸମܕσʔληϯλʔ

10. 10 ͘͞ΒΠϯλʔωοτݚڀॴͷϑΥʔΧε 
      T TF T AS T A

    A P A P R T T T RI V

11. 11 ݱࡏͷΫϥ΢υ͚ͩͰ໰୊͕ղܾͰ͖ΔΘ͚Ͱ͸ͳ͍ • ΑΓҰ૚ந৅ԽͷਐΜͩΠϯλʔωοτͷ༷૬ͷมԽ • Ϋϥ΢υωΠςΟϒʹΑͬͯ͞ΒͳΔσʔληϯλʔͷڊେԽ • தԝूݖతͳίϯϐϡʔςΟϯάͰ͸೉͍͠έʔε • ϨΠςϯγ͕େ͖ͯ͘൑அ͕ؒʹ߹Θͳ͍ϦΞϧλΠϜ͕ཁٻ͞ΕΔέʔε

    • ͋Δ͍͸σʔλ͕๲େͰଳҬ͕ෆ଍͢Δέʔε • ࠓޙΫϥ΢υͷϚγϯύϫʔΛͲͷΑ͏ʹ׆༻Ͱ͖ΔੈքΛ໨ࢦ͢΂͖͔ʁ • ͘͞ΒΠϯλʔωοτݚڀॴͷίϯηϓτͱϏδϣϯΛ࠶ఆٛ

12. 12 ͘͞ΒΠϯλʔωοτݚڀॴͷϏδϣϯ

13. ௒ݸମܕσʔληϯλʔ

14. 14 ௒ݸମܕσʔληϯλʔͷ੔ཧ 1. ݱࡏ͸σʔληϯλʔʹڊେͳίϯϐϡʔςΟϯάϦιʔε͕ଘࡏ͍ͯ͠·͕͢ɺ ࠓޙ͸ϨΠςϯγʗηΩϡϦςΟʗίετ౳ͷཁ͔݅Βɺ͋ΒΏΔ৔ॴ΍ࣾձɺ૊ ৫ʹίϯϐϡʔςΟϯάϦιʔε༹͕͚ࠐΜͰ͍͘͜ͱʹͳΓ·͢ɻ 2. ͦΕΒ෼ࢄͨ͠ίϯϐϡʔςΟϯάϦιʔε͸ɺ୯ಠͰίϯϐϡʔςΟϯάύϫʔ Λఏڙ͢Δʹཹ·Βͣɺͦͷ৔ॴ΍ࣾձͷཁٻʹԠͯ͡ɺࣗ཯తʹɺ෼ࢄ͋Δ͍͸ ༗ػతʹ݁߹͠ɺݱ৔ɾΫϥ΢υͦΕͧΕ͕ॎԣʹ݁ͼ͍ͭͨϋΠϒϦουߏ଄Λ

    ࠾ΔΑ͏ʹػೳ͠·͢ɻ 3. ͜ͷΑ͏ͳγεςϜʹΑΓ࣮ݱ͞ΕΔ΋ͷ͸ɺਓʑͷ਎ۙʹଘࡏ͠ɺϦΞϧλΠϜ ͔ͭΠϯςϦδΣϯεʹϢʔβΛࢧ͑ͳ͕Βɺ͔͠͠ಉ࣌ʹόοΫΤϯυଆ͕༗ػ తʹ݁߹͢Δ͜ͱʹΑΓɺ͔ͭͯͳ͍ϚγϯύϫʔͱϦιʔεྔΛಈһ͢Δ͜ͱͰ ݱ৔࠷ద͔ͭશମ࠷దΛ΋࣮ݱ͢ΔSuper Organized WorldͰ͢ɻ

15. 3. ௒ݸମܕσʔληϯλʔOSͱίϯςφ

16. 16 দຊͷઐ໳ྖҬʹ͓͚Δ௒ݸମσʔληϯλʔ • ௒ݸମܕσʔληϯλʔʹ޲͚ͨσʔληϯλʔOSͱίϯςφ • ࣮༻తͳWebAppɼWordPressͱ͔ɼΛ͏·͘ಈ͔͍ͨ͠ͱ͍͏είʔϓ • ComputeͱDataͷ͏ͪCompute-Intensiveʹ·ͣ͸ண໨ • ෼ࢄͨ͠σʔληϯλʔ্ʹಁաతʹ෼ࢄىಈ͢Δίϯςφ܈͕ඞཁ

    • ߴ౓ʹ෼ࢄͨ͠σʔληϯλʔ্ʹOSͷΑ͏ͳബ͍ϨΠϠʔ͕ඞཁ • ௒ݸମܕσʔληϯλʔOS্ʹϓϩηεͱεϨου͕ଘࡏ

17. 17 ಁաੑͱίϯςφͷϦΞΫςΟϒੑ • σʔληϯλʔΛಁաత͔ͭ༗ػతʹίϯςφ͕ॲཧΛߦ͏ඞཁ͕͋Δ • ༷ʑͳίϯςφϥϯλΠϜΛϓϩηε΍εϨουͱݟཱͯΔ • ίϯςφ͕ϦΞΫςΟϒʹঢ়ଶΛม͑ΒΕΔΑ͏ʹ͢Δඞཁ͕͋Δ • ࣄલ༧ଌతͰ͸ͳ͘൓ԠతʹΞΫηεมԽͱϦιʔεׂ౰ΛҰகͤ͞Δ

    • ௒ݸମతʹߴ౓ʹ෼ࢄͨ͠σʔληϯλʔΛލ͍ͩ༗ػతͳ࿈ܞ • ίϯςφؒͷ࿈ܞ΍αʔό΍σʔληϯλʔؒΛߴ଎Ҡಈ͢Δඞཁ͕͋Δ • ϓϩηε΍εϨουͷΑ͏ͳOSΛʹ͓͚ΔϦΞΫςΟϒੑ͕ٻΊΒΕ͍ͯ͘

18. 18 দຊͷݚڀʹ͓͚Δ௒ݸମܕOSͷείʔϓ 1. ௒ݸମܕσʔληϯλʔOSͷϓϩηε΍εϨουͱͯ͠ͷίϯςφΛఆٛ 2. ϓϩηε΍εϨουͱͯ͠ͷίϯςφΛϦΞΫςΟϒʹૢ࡞Մೳ 3. ௒ݸମܕσʔληϯλʔOSͷίϯςφΛಁաతʹ؅ཧ͢Δػೳͷ੔උ → OSػೳʹ͓͚Δεέδϡʔϥ΍ϓϩηεʹѻ͍ʹࠓճ͸ண໨

    → ίϯςφϥϯλΠϜͷOCIϥϯλΠϜʹؔ࿈ͷਂ͍ཁ݅

19. 19 ίϯςφ࣌୅ͷWebαʔϏεج൫Ϟσϧ দຊ྄հ, ۙ౻Ӊஐ࿕, ࡾ୐༔հ, ྗ෢݈࣍, ܀ྛ݈ଠ࿠, FastContainer: ࣮ߦ؀ڥͷมԽʹૉૣ͘దԠͰ͖Δ߃ৗੑΛ࣋ͭγεςϜΞʔΩςΫνϟ, Πϯλʔωοτͱӡ༻ٕज़γϯϙδ΢Ϝ2017࿦จूɼ2017ɼ89-97ʢ2017-11-30ʣ,

    2017೥12݄. ← ͜͜Λߋʹਂ۷Γ 0SDIFTUSBUJPO
    -BZFS
    (,&
    &$4
    .BSBUIPO
    ,VCFSOFUFT
    %PDLFS
    4XBSN 4USBUFHZ
    -BZFS
    3BODIFS
    'BTU$POUBJOFS 4FSWJDF
    -BZFS
    8FC
    "QQMJDBUJPO
    PS
    4FSWJDF
    PO
    $POUBJOFST *OGSBTUSVDUVSF
    -BZFS
    ($1
    "[VSF
    "84
    0QFO4UBDL
    .FTPT
    #BSF
    .FUBM
    -JOVY,JU $POUBJOFS
    3VOUJNF
    -BZFS
    %PDLFS
    DPOUBJOFSE
    -9$
    )BDPOJXB
    H7JTPS
    ,BUB
    $POUBJOFST $POUBJOFS
    3VOUJNF
    *OUFSGBDF $3*

20. 20 ίϯςφϥϯλΠϜͷϨΠϠʔϞσϧԽ CRI ίϯςφϥϯλΠϜ ϥϯλΠϜ ্هͷΑ͏ʹఆٛ͞ΕΔ͜ͱ͕ଟ͍͕ɺ ίϯςφϥϯλΠϜͷதʹruncͳͲͷ ϥϯλΠϜ͕͋Δͱ͍͏ͷ͸গ͠Θ͔ Γʹ͍͘ɻ CRI

    CRIϥϯλΠϜ OCI OCIϥϯλΠϜ ίϯςφϥϯλΠϜ ΛϥϯλΠϜͷ໾ׂ ͰϨΠϠʔϞσϧԽ CRIϥϯλΠϜͱOCIϥϯλΠϜͱఆٛ※1ɻ͜ͷ2ͭ ͷϥϯλΠϜΛ·ͱΊͯίϯςφϥϯλΠϜͱ͢Δɻ CRI : Container Runtime Interface OCI: Open Container Initiative Runtime/Image Format Specification ※1 Google CloudͷIan Lewisࢯ͸CRIϥϯλΠϜΛHigh-Level RuntimeɺOCIϥϯλΠϜΛLow-Level Runtimesͱఆٛ https://www.ianlewis.org/en/container-runtimes-part-1-introduction-container-r

21. 21 ίϯςφपลͷجຊϨΠϠʔϞσϧ ΦʔέετϨʔγϣϯ CRI CRIϥϯλΠϜ OCI OCIϥϯλΠϜ Podͱίϯςφ܈ CRIܦ༝ͰΦʔέετϨʔγϣϯʹجͮ ͖ίϯςφߏ੒৘ใΛड͚औͬͨΓίϯ

    ςφΠϝʔδΛ؅ཧ͢ΔCRIϥϯλΠϜ ʢcri-oɺcontainerdͳͲʣ ίϯςφͷߏ੒৘ใ΍ΠϝʔδͳͲ͔Β ίϯςφͷϦιʔεׂ౰΍ݖݶ෼཭Λߦͬ ͯίϯςφΛىಈͤ͞ΔOCIϥϯλΠϜ ʢrunCɺrunscɺrunncɺrunVɺkata- runtimeɺcc-runtimeͳͲʣ

22. 22 ྫɿίϯςφपลͷجຊϨΠϠʔϞσϧ kubelet CRI containerd OCI runC Podͱίϯςφ܈ ίϯςφͷߏ੒৘ใ΍ΠϝʔδͳͲ͔Β ίϯςφͷϦιʔεׂ౰΍ݖݶ෼཭Λߦͬ

    ͯίϯςφΛىಈͤ͞ΔOCIϥϯλΠϜ ʢrunCɺrunscɺrunncɺrunVɺkata- runtimeɺcc-runtimeͳͲʣ CRIͱOCIʹ४ڌ͍ͯ͠Ε͹ɺ ΦʔέετϨʔγϣϯ૚͸ kubernetesΛ࢖͍ͭͭɺ޷͖ʹ CRIϥϯλΠϜ΍OCIϥϯλΠϜ Λஔ͖׵͑Մೳ CRIܦ༝ͰΦʔέετϨʔγϣϯʹجͮ ͖ίϯςφߏ੒৘ใΛड͚औͬͨΓίϯ ςφΠϝʔδΛ؅ཧ͢ΔCRIϥϯλΠϜ ʢcri-oɺcontainerdͳͲʣ

23. 23 OCIϥϯλΠϜʹ͓͚ΔPodͱίϯςφ • kubernetes͸ΦʔέετϨʔγϣϯπʔϧͱͯ͠CNCFʹΑΔඪ४Խ͕ਐΉ • ૬ޓʹ઀ଓੑͷ͋Δෳ਺ͷίϯςφΛแׅ͢ΔPod • Podͱ͍͏ۭؒ୯ҐͰίϯςφΛͲͷΑ͏ʹσϓϩΠ͢Δ͔ • PodʹٻΊΒΕΔཁ݅

    • ηΩϡϦςΟɾੑೳɾαʔό΁ͷऩ༰ޮ཰ͳͲ • Pod΍ίϯςφͷ࣮ࡍతͳಈ࡞Λ࣮ݱ͢Δͷ͸OCIϥϯλΠϜ

24. 4. ίϯςφͷOCIϥϯλΠϜͷαʔϕΠͱ࣮ݧ

25. 25 OCIίϯςφϥϯλΠϜͷαʔϕΠͱ࣮ݧ • runCɼgVisorɼNabla-ContainersɼFirecrackerɼKata-Containersͷݱঢ়ௐࠪ • Hello Worldͱloop͢ΔDockerΠϝʔδΛ࡞੒ • ֤छOCIίϯςφϥϯλΠϜͰHello World(Cݴޠ)Λ࣮ߦ

    • TimeίϚϯυͰPodىಈ+ίϯςφىಈ+Hello worldͷ࣮ߦ࣌ؒΛܭଌ • loopίϯςφΛىಈͤͯ͞ϝϞϦαΠζʢRSSʣΛܭଌ • ࣮ݧϗετɿEC2 i3.metal Πϯελϯε, 72 vCPUsɼ512 GB ϝϞϦ

26. 26 OCIίϯςφϥϯλΠϜίϚϯυͷ௚઀࣮ߦ time sudo runc run bundle time sudo runsc

    -log /dev/null run bundle time sudo kata-runtime run bundle cid=`sudo docker create mizzy/hello:latest` mkdir -p bundle/rootfs sudo docker export $cid | tar -C bundle/rootfs -xvf -

27. 27 OCIίϯςφϥϯλΠϜίϚϯυͷ௚઀࣮ߦ kubelet CRI containerd OCI runC Podͱίϯςφ܈

28. ϝοηʔδ ηΩϡϦςΟ ࣮૷ྫ helloworldੑೳ (Pod+ίϯςφىಈ଎౓) ऩ༰ޮ཰ (1ίϯςφ͋ͨΓͷϝϞ ϦͷϑοτϓϦϯτ) ϓϩηεܕ ωʔϜεϖʔεͷִ཭

    runC 0.159 s runc: 10216 KB ߹ܭ໿ 10 MB αϯυϘοΫεܕ ϢʔβϥϯυΧʔωϧ γεςϜίʔϧΞΫηε੍ޚ gVisor(runsc) 0.197 s runsc: 117748 KB runsc-gopher: 13028 KB runsc-sandbox: 18404 KB ߹ܭ໿ 150 MB ϢχΧʔωϧܕ ϢχΧʔωϧ෼཭ (ઐ༻appΠϝʔδͱ࠷௿ݶͷγ εςϜίʔϧ੍ݶ) Nabla-Containers(runnc) runncͷ࢓༷͕ίϯςφ࣮ߦ׬ ྃΛ଴ͨͳ͍ͨΊະܭଌ runncͷ࢓༷͕ίϯςφ࣮ߦ׬ ྃΛ଴ͨͳ͍ͨΊະܭଌ microVMܕ microVM (virtio-net,virtio-blockɼserial console, a 1-button key-board controller) Firecracker runc૬౰ͷίϚϯυͱݱ࣌఺Ͱ ௚઀࿈ܞͰ͖ͳ͍ͨΊະܭଌ runc૬౰ͷίϚϯυͱݱ࣌఺Ͱ ௚઀࿈ܞͰ͖ͳ͍ͨΊະܭଌ VMܕ VM Kata-Containers 1.392 s kata-runtime: 28424 KB qemu-lite-system-x86_64: 222208 KB kata-proxy: 6884 KB kata-shim: 19124 KB ߹ܭ໿ 280 MB

29. 29 containerdΛܦ༝࣮ͨ͠ߦ time sudo ctr run \ --rm --runtime io.containerd.runc.v1

    \ docker.io/mizzy/hello:latest \ foo /hellotime sudo ctr run \ --rm \ --runtime io.containerd.runsc.v1 docker.io/mizzy/hello:latest ba /hello time sudo ctr run \ --rm \ --runtime io.containerd.kata.v2 \ docker.io/mizzy/hello:latest baz /hello time sudo ctr run \ --rm \ --runtime io.containerd.runtime.v1.linux \ docker.io/mizzy/hello:latest foo /hello time sudo ctr run \ --rm \ --snapshotter firecracker-naive \ --runtime aws.firecracker \ docker.io/mizzy/hello:latest foo /hello

30. 30 containerdΛܦ༝࣮ͨ͠ߦ kubelet CRI containerd OCI runC Podͱίϯςφ܈

31. ϝοηʔδ ηΩϡϦςΟ ࣮૷ྫ helloworldੑೳ (Pod+ίϯςφىಈ଎౓) ऩ༰ޮ཰ (1ίϯςφ͋ͨΓͷϝϞϦͷ ϑοτϓϦϯτ) ϓϩηεܕ ωʔϜεϖʔεͷִ཭

    runC 0.361 s ctr: 26592 KB ߹ܭ໿ 26 MB αϯυϘοΫεܕ ϢʔβϥϯυΧʔωϧ γεςϜίʔϧΞΫηε੍ޚ gVisor(runsc) 0.422 s ctr: 26600 KB runsc: 12296 KB containerd-shim-runsc-v1: 6908 KB runsc-gopher: 12296 KB runsc-sandbox: 18124 KB ߹ܭ໿ 75 MB ϢχΧʔωϧܕ ϢχΧʔωϧ෼཭ (ઐ༻appΠϝʔδͱ࠷௿ݶͷ γεςϜίʔϧ੍ݶ) Nabla-Containers(runnc) containerd shim API v2ʹରԠ͠ ͍ͯͳ͍ͨΊܭଌෆՄ containerd shim API v2ʹରԠ͍ͯ͠ ͳ͍ͨΊܭଌෆՄ microVMܕ microVM (virtio-net,virtio-blockɼ serial console, a 1-button key-board controller) Firecracker (naive snapshotter) 8.117 s ctr: 26120 KB containerd-shim-aws-firecracker: 13748 KB firecracker: 59152 KB ߹ܭ໿ 100 MB (native_snapshotter: 11400 KB) VMܕ VM Kata-Containers 1.570 s ctr: 26572 KB containerd-shim-kata-v2 : 19780 KB qemu-lite-system-x86_64: 195864 KB ߹ܭ໿ 241 MB

32. 32 dockerdΛܦ༝࣮ͨ͠ߦ time sudo docker run --rm mizzy/hello:latest /hello time

    sudo docker run --rm --runtime=runsc mizzy/ hello:latest /hello time sudo docker run --rm --runtime=kata-runtime mizzy/ hello:latest /hello time sudo docker run --rm --runtime=runnc mizzy/ hello:latest /hello.nabla time sudo docker run --rm --runtime=kata-fc mizzy/ hello:latest /hello

33. 33 dockerdΛܦ༝࣮ͨ͠ߦ dockerd docker-containerd OCI runC Podͱίϯςφ܈ docker

34. ϝοηʔδ ηΩϡϦςΟ ࣮૷ྫ helloworldੑೳ (Pod+ίϯςφىಈ଎౓) ऩ༰ޮ཰ (1ίϯςφ͋ͨΓͷϝϞϦͷ ϑοτϓϦϯτ) ϓϩηεܕ ωʔϜεϖʔεͷִ཭

    runC 0.847 s docker: 50356 KB containerd-shim: 6124 KB ߹ܭ໿ 56 MB αϯυϘοΫεܕ ϢʔβϥϯυΧʔωϧ γεςϜίʔϧΞΫηε੍ޚ gVisor(runsc) 1.034 s docker: 50532 KB cintainerd-shim: 5812 KB runsc-gopher: 12296 KB runsc-sandbox: 18124 KB ߹ܭ໿ 85 MB ϢχΧʔωϧܕ ϢχΧʔωϧ෼཭ (ઐ༻appΠϝʔδͱ࠷௿ݶͷ γεςϜίʔϧ੍ݶ) Nabla-Containers(runnc) 0.897 s docker: 50720 KB containerd-shim: 5512 KB nabla-run: 6684 KB ߹ܭ໿ 62 MB microVMܕ microVM (virtio-net,virtio-blockɼ serial console, a 1-button key-board controller) Firecracker (devmapper snapshotter) (Kata plugin) 3.889 s docker: 1170808 KB docker-containerd-shim: 9960 KB kata-shim: 455664 KB firecracker: 145952 KB ߹ܭ໿ 1700 MB VMܕ VM Kata-Containers 2.415 s docker: 51056 KB containerd-shim: 6060 KB qemu-lite-system-x86_64: 227316 KB kata-proxy: 6132 KB kata-shim: 19536 KB ߹ܭ໿ 310 MB

35. 35 Pod͓Αͼίϯςφͷىಈ࣌ؒͱAppੑೳ • VM΍MicroVMΞϓϩʔν͸Podىಈʹ͕͔͔࣌ؒΔ • Pod͕ىಈͯ͠͠·͑͹AppͷΞΫηε੍ޚ͸ݫີͰͳ͍ • ίϯςφ্ͷWebApp͸ൺֱతੑೳ͕ߴ͘ͳΔ • αϯυϘοΫ΍ϢχΧʔωϧͷΞϓϩʔν͸Podىಈ͸଎͍

    • AppͷγεςϜίʔϧ΍ϑΝΠϧΞΫηεΛ؂ࢹ͠ݫີʹΞΫηε੍ޚ • ίϯςφ্ͷWebApp͸ൺֱతੑೳ͕௿͘ͳΔ → ίϯςφͰಈ࡞͢ΔΞϓϦέʔγϣϯͷੑೳΛࠓޙ͸ܭଌ͍ͯ͘͠༧ఆ

36. 36 ௒ݸମܕσʔληϯλʔʹ͓͚Δίϯςφ • ඞཁͳͱ͖΍ཁ݅ʹ߹Θͤͯద੾ͳOCIϥϯλΠϜͰىಈ • OSʹ͓͚Δϓϩηε΍εϨουͷ࢖͍ํͱಉ༷ • ίϯςφىಈ଎౓ͱىಈޙͷΞϓϦέʔγϣϯ଎౓ͷτϨʔυΦϑΛٞ࿦ • ֎తͳΞΫηε܏޲΍༧ଌͰ͖ͳ͍มԽʹϦΞΫςΟϒʹରԠͤ͞Δ

    • ϓϩηε΍εϨουؒͷ࿈ܞʹ͓͍ͯ΋ϗετಁաతʹॲཧ͢Δ • ߴ଎ʹίϯςφͷঢ়ଶΛมԽͤͨ͞ΓҠಈ͢Δݚڀ͕ඞཁ[1] [1] দຊ྄հɾ௶಺༎थɾٶԼ߶ี, CRIUΛར༻ͨ͠HTTPϦΫΤετ୯ҐͰίϯςφΛ࠶഑ஔͰ͖Δ௿ίετͰߴ଎ͳεέ δϡʔϦϯάख๏, IOT44, 2019೥3݄.

37. 5. ·ͱΊ

38. 38 ௒ݸମܕσʔληϯλʔOSΛ໨ࢦͯ͠ • ௒ݸମܕσʔληϯλʔͷίϯηϓτΛ঺հ • σʔληϯλʔػೳ͕ࣾձʹ༹͚ࠐΈͳ͕ΒΫϥ΢υͷϚγϯύϫʔΛ׆༻ • ۩ମతͳϏδϣϯΛ঺հ • σʔληϯλʔͱίϯςφͷεέδϡʔϦϯάͷ؍఺Ͱٞ࿦

    • ϦΞΫςΟϒʹঢ়ଶΛมߋՄೳʹ͢Δॏཁੑʹ͍ͭͯݕ౼ • ֤ࣾͷίϯςφͷOCIϥϯλΠϜ࣮૷ͷ঺հͱݱঢ়ͷ࣮ݧతධՁ • ίϯςφΛεϨου΍ϓϩηεͱݟཱͯͨ৔߹ͷ෼ྨΛ੔ཧ

39. 39 ࠓޙͷ՝୊ͱݕ౼ • OCIϥϯλΠϜͷ෼ྨʹ͓͍ͯߋʹߟ࡯ • ΋ͬͱద੾ͳPodͱίϯςφͷ͋Γํ͕ͳ͍͔ • ूੵ཰ɾੑೳɾηΩϡϦςΟɾ࢖͍΍͢͞ͷόϥϯεΛ͞Βʹݕ౼͢Δ • Podͷىಈͷ଎౓ͱίϯςφͷΞΫηε੍ޚͷੑೳͷόϥϯεΛٞ࿦

    • ߴ౓ʹ෼ࢄ͞Εͨίϯςφͷ৘ใΛ؅ཧ͢Δ࿮૊Έͷઃܭͱ࣮૷ • ps΍topίϚϯυͷΑ͏ͳ΋ͷ͔ΒΑΓߴ౓ͳπʔϧ·Ͱ • ϓϩηε΍εϨουͷѻ͍Λศརʹ͢Δ֓೦ͳͲͷݕ౼

40. 40 ࣍ճ༧ࠂɿOCIϥϯλΠϜΛ΍͍ͬͯ͘