Slide 1
Slide 1 text
クラウドネイティブの基盤要素
コンテナの今と未来
CloudNative Days Fukuoka 2023
Toru Komatsu(@utam0k)
Slide 2
Slide 2 text
2
Preferred Networks, Inc.
社内向けオンプレML基盤の開発‧運⽤
趣味でのOSS活動
メンテナ
opencontainers/runtime-spec
containers/youki
レビュワー
containerd/runwasi
@utam0k
KOMATSU Toru
Slide 3
Slide 3 text
3
Preferred Networks, Inc.
社内向けオンプレML基盤の開発‧運⽤
趣味でのOSS活動
メンテナ
opencontainers/runtime-spec
containers/youki
レビュワー
containerd/runwasi
@utam0k
KOMATSU Toru
We are Hiring!!
Slide 4
Slide 4 text
コンテナの今
4
00
Slide 5
Slide 5 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
Kubeletの実⾏の流れ
5
Slide 6
Slide 6 text
Kubelet
Linux など
Container Runtime
Low-Level
Container
Runtime
I nterface
6
Slide 7
Slide 7 text
Kubelet
Linux など
Container Runtime
Low-Level
Container
Runtime
I nterface
gRPC
7
Slide 8
Slide 8 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
8
Slide 9
Slide 9 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
イメージとかコンテナ管理
9
Slide 10
Slide 10 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
コンテナの作成
ワンショットバイナリ
10
Slide 11
Slide 11 text
コンテナの今
?
11
00
Slide 12
Slide 12 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
ここでは OCI Runtime Spec
を満たすものをコンテナと呼ぶ
12
Slide 13
Slide 13 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
JSON設定ファイルと
サブコマンド 例) ./runc create $id
でコンテナとは何か定めている
13
Slide 14
Slide 14 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
14
Slide 15
Slide 15 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
Kubeletの実行の流れ
15
Slide 16
Slide 16 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
Kubeletの実行の流れ
16
Slide 17
Slide 17 text
Container
Runtime
I nterface
Low-Level
OCI
Runtime Spec
➔ マイクロサービス的
➔ プラグイン機構
17
Slide 18
Slide 18 text
A
P
I
Image
Services
Snapshot
Services
Containers
Service
Tasks
Service
‧
‧
‧
Container
Runtime
I nterface
Core Backend
ContentStore
plugin / local
Snapshotter
plugin / overlay / …
Runtime
v2 shim client
containerd
shim
OCI
Runtime
Spec
ttrpc
18
Slide 19
Slide 19 text
マイクロサービス的なアーキテクチャ
A
P
I
Image
Services
Snapshot
Services
Containers
Service
Tasks
Service
‧
‧
‧
Container
Runtime
I nterface
Core
ContentStore
plugin / local
Snapshotter
plugin / overlay / …
Runtime
v2 shim client
containerd
shim
OCI
Runtime
Spec
ttrpc
Backend
19
Slide 20
Slide 20 text
A
P
I
Image
Services
Snapshot
Services
Containers
Service
Tasks
Service
‧
‧
‧
Container
Runtime
I nterface
Core Backend
ContentStore
plugin / local
Snapshotter
plugin / overlay / …
Runtime
v2 shim client
containerd
shim
OCI
Runtime
Spec
ttrpc
ワンショットバイナリ
20
Slide 21
Slide 21 text
21
Kubelet → Container Runtime → Container
➔ High / Low-Level Container Runtime
Specification
➔ Container Runtime Interface
➔ OCI Runtime Specification
containerd
➔ マイクロサービス
➔ プラグイン機構
Recap
Slide 22
Slide 22 text
コンテナの未来
22
01
Slide 23
Slide 23 text
⚠ 個⼈の⾒解 ⚠
23
Slide 24
Slide 24 text
WebAssembly
24
02
Slide 25
Slide 25 text
WebAssembly
25
Slide 26
Slide 26 text
WebAssembly
26
Portability Small Size Security
Slide 27
Slide 27 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
27
Slide 28
Slide 28 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
28
Slide 29
Slide 29 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
このあたりでWebAssemblyの対応が必要
よんだ?
29
Slide 30
Slide 30 text
30
containerd/runwasi
containerd-shimによる拡張
現実世界で既に実験段階
Docker Desktop
Azure Kubernetes Service
runwasi
Slide 31
Slide 31 text
A
P
I
Image
Services
Snapshot
Services
Containers
Service
Tasks
Service
‧
‧
‧
Container
Runtime
I nterface
Core Backend
ContentStore
plugin / local
Snapshotter
plugin / overlay / …
Runtime
v2 shim client
containerd
shim
OCI
Runtime
Spec
ttrpc
この部分の拡張
31
Slide 32
Slide 32 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
Container
Runtime
I nterface
WebAssembly 実行の流れ
32
Slide 33
Slide 33 text
33
ktock/container2wasm
既存のコンテナ資源の活⽤
container2wasm
Slide 34
Slide 34 text
Lazy Pulling
34
03
Slide 35
Slide 35 text
35
$ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()'
index-sha256:6a42...4948: done |++++++++++++++++++++++++++++++|
manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++|
config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++|
elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s)
$ nerdctl run python:3.7-org python3 -c 'exit()'
index-sha256:6008....1237: done |++++++++++++++++++++++++++++++|
manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++|
config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++|
layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++|
layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++|
…
layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++|
layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++|
elapsed: 41.3s total: 321.3 (16.7 MiB/s)
Lazy Pulling
Slide 36
Slide 36 text
36
$ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()'
index-sha256:6a42...4948: done |++++++++++++++++++++++++++++++|
manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++|
config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++|
elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s)
$ nerdctl run python:3.7-org python3 -c 'exit()'
index-sha256:6008....1237: done |++++++++++++++++++++++++++++++|
manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++|
config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++|
layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++|
layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++|
…
layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++|
layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++|
elapsed: 41.3s total: 321.3 Mi (16.7 MiB/s)
layersがない
起動までがはやい!
Slide 37
Slide 37 text
37
cache
stargz-snapshotter
Container
Registry
FUSE Driver
Overlayfs
User
Kernel
open(“file”)
Slide 38
Slide 38 text
A
P
I
Image
Services
Snapshot
Services
Containers
Service
Tasks
Service
‧
‧
‧
Container
Runtime
I nterface
Core Backend
ContentStore
plugin / local
Snapshotter
plugin / overlay / …
Runtime
v2 shim client
containerd
shim
OCI
Runtime
Spec
ttrpc
この部分の拡張
38
Slide 39
Slide 39 text
A
P
I
Image
Services
Snapshot
Services
Containers
Service
Tasks
Service
‧
‧
‧
Container
Runtime
I nterface
Core Backend
ContentStore
plugin / local
Snapshotter
plugin / overlay / …
Runtime
v2 shim client
containerd
shim
OCI
Runtime
Spec
ttrpc
stargz
snapshotter
grpc
39
Slide 40
Slide 40 text
40
cache
stargz-snapshotter
Container
Registry
FUSE Driver
Overlayfs
open(“file”)
①
②
④
③
⑤
⑥
⑦
User
Kernel
Slide 41
Slide 41 text
41
cache
stargz-snapshotter
Container
Registry
FUSE Driver
Overlayfs
open(“file”)
①
②
④
③
⑤
⑥
⑦
User
Kernel
Slide 42
Slide 42 text
42
cache
stargz-snapshotter
Container
FUSE Driver
Overlayfs
open(“file”)
①
②
④
③
⑤
⑥
⑦
User
Kernel
Registry
Slide 43
Slide 43 text
43
cache
stargz-snapshotter
Container
Registry
FUSE Driver
Overlayfs
open(“file”)
①
②
④
③
⑤
⑥
⑦
User
Kernel
Slide 44
Slide 44 text
44
cache
stargz-snapshotter
Container
FUSE Driver
Overlayfs
open(“file”)
①
②
③
⑤
⑥
⑦
User
Kernel
④
Registry
Slide 45
Slide 45 text
45
$ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()'
index-sha256:6a42...4948: done |++++++++++++++++++++++++++++++|
manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++|
config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++|
elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s)
$ nerdctl run python:3.7-org python3 -c 'exit()'
index-sha256:6008....1237: done |++++++++++++++++++++++++++++++|
manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++|
config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++|
layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++|
layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++|
…
layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++|
layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++|
elapsed: 41.3s total: 321.3 (16.7 MiB/s)
Lazy Pulling
Slide 46
Slide 46 text
OCI Runtime Spec v1.1.0
46
04
Slide 47
Slide 47 text
Kubelet
Linux など
Container Runtime
High-Level Low-Level
OCI
Runtime
Spec
Container
Runtime
I nterface
これ!
47
Slide 48
Slide 48 text
先⽉に3年ぶりのリリース!
v1.0.2 からは21個の新しい機能
cgroup v2 / idmapped mount / seccomp notify …
OCI Runtime Specification v1.1.0
48
Slide 49
Slide 49 text
sched_setattr(2) をコンテナに適⽤される
コンテナに対してnice値とか設定可能に
コンテナってプロセスなんだ...というのを強く意識させられる
実装 runc#3895 , youki#1706 , crun✅
Scheduler entity #1188
49
Slide 50
Slide 50 text
ioprio_set (2) をコンテナに適⽤される
バッチ処理とかI/Oが重たいけど重要度は⾼くない処理で書き
込みで他のコンテナへの迷惑を少なくする
実装 runc#3783 , youki ✅, crun ✅
I/O Priority #1191
50
Slide 51
Slide 51 text
51
WebAssembly
➔ 新しい形
➔ containerd-shim-wasm[edge|time]-v1
Lazy Pulling
➔ コンテナ起動の⾼速化
➔ Snapshotter Plugin
OCI Runtime Specification v1.1.0
➔ sched_setattr(2) : nice値を変更可能に
➔ ioprio_set(2)r(2) : I/Oの優先度を変更可能に
Recap
Slide 52
Slide 52 text
謝辞
52
05
Slide 53
Slide 53 text
stargz snapshotterの実装について
丁寧に解説して頂きました
ありがとうございました
53
TOKUNAGA Kohei -san
@ktock / @TokunagaKohei
Slide 54
Slide 54 text
Thanks you!
54