Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Write Container Runtime in Go

Avatar for tomocy tomocy
October 28, 2019
Programming
4
3.3k

Write Container Runtime in Go

Presented in Go Conference 2019 Autumn

https://gocon.jp/sessions/write_container_runtime_in_go/

Avatar for tomocy

tomocy

October 28, 2019
Tweet

More Decks by tomocy

See All by tomocy
Work around Dart custom lint rule
Avatar for tomocy tomocy
1
490

Other Decks in Programming

See All in Programming
Developer Joy - The New Paradigm
Avatar for Holly Cummins hollycummins
1
370
Building, Deploying, and Monitoring Ruby Web Applications with Falcon (Kaigi on Rails 2025)
Avatar for Samuel Williams ioquatix
4
2.5k
AI駆動で0→1をやって見えた光と伸びしろ
Avatar for passion😎 passion0102
1
840
はじめてのDSPy - 言語モデルを『プロンプト』ではなく『プログラミング』するための仕組み
Avatar for Masahiro Nishimi masahiro_nishimi
4
15k
EMこそClaude Codeでコード調査しよう
Avatar for shibayu36 shibayu36
0
420
Goで実践するドメイン駆動開発 AIと歩み始めた新規プロダクト開発の現在地
Avatar for imkaoru imkaoru
4
900
その面倒な作業、「Dart」にやらせませんか? Flutter開発者のための業務効率化
Avatar for YomEngine yordgenome03
1
140
スマホから Youtube Shortsを見られないようにする
Avatar for lemolatoon lemolatoon
27
34k
The Past, Present, and Future of Enterprise Java
Avatar for ivargrimstad ivargrimstad
0
260
コード生成なしでモック処理を実現!ovechkin-dm/mockioで学ぶメタプログラミング
Avatar for QualiArts qualiarts
0
270
登壇は dynamic! な営みである / speech is dynamic
Avatar for Daichi KUDO da1chi
0
360
チームの境界をブチ抜いていけ
Avatar for tokai235 tokai235
0
220

Featured

See All Featured
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
220k
Docker and Python
Avatar for Tania Allard trallard
46
3.6k
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
84
9.2k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
340
57k
How GitHub (no longer) Works
Avatar for Zach Holman holman
315
140k
Designing for humans not robots
Avatar for Tammie Lister tammielis
254
26k
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
12
1.2k
The Straight Up "How To Draw Better" Workshop
Avatar for Dennis Kardys denniskardys
238
140k
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
10
620
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
21
1.2k

Transcript

  1. Write Container Runtime in Go Go Conference 2019 Autumn Koki

    Tomoshige (@towocy)

  2. Write Container Runtime in Go

  3. Write Container Runtime in Go

  4. ίϯςφϥϯλΠϜʹ͍ͭͯ

  5. ίϯςφٕज़ ίϯςφϥϯλΠϜͱ ίϯςφΠϝʔδ

  6. ίϯςφϥϯλΠϜ OCI runtimeʹ४ڌ͍ͯ͠Δ

  7. OCIʢOpen Container Initiativeʣ ίϯςφٕज़ͷඪ४ن֨Λ ࡞੒͢ΔͨΊͷஂମ

  8. None

  9. runtime.me ίϯςφϥϯλΠϜͱͯ͠ͷ ঢ়ଶͱৼΔ෣͍ https://github.com/opencontainers/runtime-spec/blob/master/runtime.md

  10. Query State state <container-id> Create create <container-id> <path-to-bundle> Start start

    <container-id> Kill kill <container-id> <signal> Delete delete <container-id>
  11. None

  12. Standard Go Project Layout /cmd https://github.com/golang-standards/project-layout#cmd

  13. None

  14. CLI pkg github.com/urfave/cli

  15. None
  16. None
  17. None
  18. None
  19. None

  20. InterfaceͰͷந৅Խ ࢖༻ऀଆ͕ ٻΊΔৼΔ෣͍Λఆٛ͢Δ https://github.com/golang/go/wiki/CodeReviewComments#interfaces

  21. None

  22. ίϯςφϥϯλΠϜͷ࣮૷ʹ͍ͭͯ

  23. ίϯςφϥϯλΠϜ ϗετOS্ͷ Ϧιʔεִ͕཭ɺ੍ݶ͞Εͨϓϩηε

  24. ‘Contain’er ʙΛด͡ࠐΊΔ

  25. ίϯςφϥϯλΠϜ How to contain a process

  26. https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000#ίϯςφͱ͸ ΧʔωϧϦιʔεɺϑΝΠϧγεςϜͷִ཭ Namespaceɺchroot/pivot_root ϋʔυ΢ΣΞϦιʔεͷ੍ݶ cgroup ݖݶͷ੍໿ Capabilityɺseccomp

  27. None

  28. Fork

  29. Fork ਌ϓϩηε ࢠϓϩηε

  30. Fork ਌ϓϩηε ࢠϓϩηε Contain

  31. None

  32. Build Constraints ϑΝΠϧ໊Ͱ Ϗϧυର৅Λ෼͚Δ https://golang.org/pkg/go/build/#hdr-Build_Constraints

  33. None
  34. None
  35. None
  36. None

  37. Fork ਌ϓϩηε ࢠϓϩηε Contain

  38. https://github.com/rrreeeyyy/container-internship/tree/master/02#linux-namespaces IPC ϓϩηεؒ௨৴Ͱ࢖͏Ϧιʔε Network ωοτϫʔΫσόΠεɺϧʔςΟϯάςʔϒϧ Mount ϑΝΠϧγεςϜπϦʔ PID ϓϩηε ID

    User Ϣʔβ IDɺάϧʔϓ ID UTS nodenameɺdomainname
  39. None

  40. Fork

  41. None

  42. Filesystem bundle config.jsonͱrootfs https://github.com/opencontainers/runtime-spec/blob/master/bundle.md

  43. ࢠϓϩηεͷϧʔτ༻ʹ

  44. ࢠϓϩηεͷϧʔτ༻ʹ mount͍ͯ͘͠

  45. ࢠϓϩηεͷϧʔτ༻ʹ mount͍͖ͯ͠ ͦͯ͠pivot_root͢Δ

  46. ࢠϓϩηεʹ͸ / ʹݟ͑Δ

  47. cgroup ϓϩηεʹରͯ͠ ڞ௨ͷϦιʔε؅ཧΛ͢Δ https://gihyo.jp/admin/serial/01/linux_containers/0003

  48. None
  49. None
  50. None
  51. None
  52. None
  53. None
  54. None
  55. None
  56. None
  57. None
  58. None
  59. None

  60. Write Container Runtime in Go

  61. ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ

  62. https://github.com/opencontainers/runtime-spec/blob/master/runtime.md https://github.com/opencontainers/runtime-spec/blob/master/bundle.md https://github.com/golang-standards/project-layout#cmd https://github.com/golang/go/wiki/CodeReviewComments#interfaces https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000#ίϯςφͱ͸ https://golang.org/pkg/go/build/#hdr-Build_Constraints https://github.com/rrreeeyyy/container-internship/tree/master/02#linux-namespaces https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000 https://github.com/tomocy/gocon ࢀߟจݙ

    https://speakerdeck.com/kyohmizu/windowskontenaru-men?slide=26 https://speakerdeck.com/tenforward/cndt2019 https://sil.hatenablog.com/entry/why-container-is-secure