Rustとコンテナランタイム
 Rust 🤝 Container Runtime
 Rust.Tokyo 2021 September 18th
 うたもく(@utam0k)
 1

self‐introduction ● うたもく(@utam0k) ● I work for a web company and use Scala language ● I'm studying containers in earnest starting in 2021. ● Member of the containers 2

What I want you to know ● Youki, a container runtime written in Rust ● A brief description of container technology ○ What is container runtime? ○ Learning container technologies with youki's code ● Rust 🤝 Container Runtime 3

What is youki? ● I’m creator of youki ● A container runtime written in Rust ● Developed under containers, the organization that develop podman ● ★ 1.3K in github.com ● youki = 容器 = container (Meaning "container" in Japanese) 4

A container runtime … ?
 5

Kubelet(K8s)
 Linux etc...
 High-Level Runtime
 CRI
 Low-Level Runtime
 OCI
 CRI − Container Runtime Interface
 OCI − Open Container Initiative
 Container Runtime
 6

Kubelet(K8s)
 Linux etc...
 High-Level Runtime
 CRI
 Low-Level Runtime
 OCI
 ● runC
 ● youki
 ● crun
 Container Runtime
 7

What is a container? ● A process ≒ A container ○ Processes in which various resources are isolated Process Files Process Files Process Files OS 8

isolated？ ● pivot_root ○ Change the destination that the root directory of a process points to ● namespace ○ Ability to isolate resources that a process can manipulate ● cgroup ○ Allows configuration of resources available to processes 9

isolated？ ● pivot_root ○ Change the destination that the root directory of a process points to ● namespace ○ Ability to isolate resources that a process can manipulate ● cgroup ○ Allows configuration of resources available to processes 10

cgroup ● Create a group of processes and configure settings for that group ● For example... ○ Limit CPU usage time, specifying assigned CPUs ○ Device access control ○ Pause/resume tasks ● There are resource controllers for different types of resources 11

/sys/fs/cgroup
 CPU
 Memory
 Devices
 P P P P P P P P P P Represent tree with directories inherit 12

Let’s dive into youki 13

Rust 🤝 Container Runtime
 14

Rust × Container Runtime 👍 :+1: ● Performance ● Easy to handle system calls ● A Good fit between low layers and Rust community 15

Rust × Container Runtime 👍 :+1: ● Performance ● Easy to handle system calls ● A Good fit between low layers and Rust community 16

Performance ● Enables containers to be launched even with tight memory limits $ podman --runtime youki run --rm --memory 1M fedora echo work work $ podman --runtime runc run --rm --memory 1M fedora echo work Error: OCI runtime error: .... 17

Performance ● Enables containers to be launched even with tight memory limits ● Faster container startup and deletion ○ There is a C language implementation of a container runtime called crun ■ Probably not that different in speed from crun ○ Technically challenging and interesting :) 18

Rust × Container Runtime 👍 :+1: ● Performance ● Easy to handle system calls ● A Good fit between low layers and Rust community 19

Easy to handle system calls ● Threads and processes can be precise controlled ○ Difficult when language runtime is multithreaded ■ Rust and C are not ○ setns(2) - reassociate thread with a namespace A multithreaded process may not change user namespace with setns(). ○ Youki has little trouble in this area ● Existence of libc crate and nix crate. Thanks 🙏 20

Rust × Container Runtime 👍 :+1: ● Performance ● Easy to handle system calls ● A Good fit between low layer and Rust community 21

Good fit between low layers and Rust community ● Low Layer Programming 🤝 Rust ○ There are many programmers in the Rust community who like this layer ○ Topics adopted for the linux kernel ● Rustacean, who is also interested in this layer, joined youki to learn more about container technology 22

Rust × Container Runtime 😖 :confounded: ● There are no libraries or other assets ● Little knowledge in the Rust community 23

Rust × Container Runtime 😖 :confounded: ● There are no libraries or other assets ● Little knowledge in the Rust community 24

There are no libraries or other assets ● There are still few libraries compared to the major languages (Go / C) in the container area ○ For example, Go has a library set in the specification repository to parse a JSON file according to the specification ● FFI(Foreign Function Interface)... ? ○ We want to use the full potential of Rust! 25

There are no libraries or other assets ● The Issue youki would like to solve in any way possible ● Cut out the codes used in youki and crate it ○ containers/oci-spec-rs ○ cgroup(It's not complete) ● We are trying to create a common integration test tool for the container runtime community 26

Rust × Container Runtime 😖 :confounded: ● There are no libraries or other assets ● Little knowledge in the Rust community 27

Little knowledge in the Rust community ● There are few Rustacean in the container world ● Youki is a gateway to containers for Rustacean ○ Youki's maintainers have got knowledgeable enough about it to read runC ○ Container people may use it to learn Rust ● Would you like to join us? 28

Summary ● Advantages of Rust 🤝 Container Runtime ○ Performance ○ Easy to handle system calls ○ A Good fit between low layers and Rust community ● The problems that youki wants to solve ○ There are no libraries or other assets ○ Little knowledge in the Rust community 29

Youki in the future ● Aim for the first release ● Contributing to the container community ○ Testing tools for generic container runtimes ● Consideration of unique features as container runtime ○ Asynchronous processing using io_uring ○ Features using wasm or kernel modules... 🤔 ● We'll have fun developing :) 30

Thanks to all the people who already contributed to youki :) 31

Thanks you! Any questions? 32