Write Container Runtime in Go

Transcript

1. Write Container Runtime in Go Go Conference 2019 Autumn Koki

   Tomoshige (@towocy)

2. Write Container Runtime in Go

3. Write Container Runtime in Go

4. ίϯςφϥϯλΠϜʹ͍ͭͯ

5. ίϯςφٕज़ ίϯςφϥϯλΠϜͱ ίϯςφΠϝʔδ

6. ίϯςφϥϯλΠϜ OCI runtimeʹ४ڌ͍ͯ͠Δ

7. OCIʢOpen Container Initiativeʣ ίϯςφٕज़ͷඪ४ن֨Λ ࡞੒͢ΔͨΊͷஂମ

8. None

9. runtime.me ίϯςφϥϯλΠϜͱͯ͠ͷ ঢ়ଶͱৼΔ෣͍ https://github.com/opencontainers/runtime-spec/blob/master/runtime.md

10. Query State state <container-id> Create create <container-id> <path-to-bundle> Start start

    <container-id> Kill kill <container-id> <signal> Delete delete <container-id>
11. None

12. Standard Go Project Layout /cmd https://github.com/golang-standards/project-layout#cmd

13. None

14. CLI pkg github.com/urfave/cli

15. None
16. None
17. None
18. None
19. None

20. InterfaceͰͷந৅Խ ࢖༻ऀଆ͕ ٻΊΔৼΔ෣͍Λఆٛ͢Δ https://github.com/golang/go/wiki/CodeReviewComments#interfaces

21. None

22. ίϯςφϥϯλΠϜͷ࣮૷ʹ͍ͭͯ

23. ίϯςφϥϯλΠϜ ϗετOS্ͷ Ϧιʔεִ͕཭ɺ੍ݶ͞Εͨϓϩηε

24. ‘Contain’er ʙΛด͡ࠐΊΔ

25. ίϯςφϥϯλΠϜ How to contain a process

26. https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000#ίϯςφͱ͸ ΧʔωϧϦιʔεɺϑΝΠϧγεςϜͷִ཭ Namespaceɺchroot/pivot_root ϋʔυ΢ΣΞϦιʔεͷ੍ݶ cgroup ݖݶͷ੍໿ Capabilityɺseccomp

27. None

28. Fork

29. Fork ਌ϓϩηε ࢠϓϩηε

30. Fork ਌ϓϩηε ࢠϓϩηε Contain

31. None

32. Build Constraints ϑΝΠϧ໊Ͱ Ϗϧυର৅Λ෼͚Δ https://golang.org/pkg/go/build/#hdr-Build_Constraints

33. None
34. None
35. None
36. None

37. Fork ਌ϓϩηε ࢠϓϩηε Contain

38. https://github.com/rrreeeyyy/container-internship/tree/master/02#linux-namespaces IPC ϓϩηεؒ௨৴Ͱ࢖͏Ϧιʔε Network ωοτϫʔΫσόΠεɺϧʔςΟϯάςʔϒϧ Mount ϑΝΠϧγεςϜπϦʔ PID ϓϩηε ID

    User Ϣʔβ IDɺάϧʔϓ ID UTS nodenameɺdomainname
39. None

40. Fork

41. None

42. Filesystem bundle config.jsonͱrootfs https://github.com/opencontainers/runtime-spec/blob/master/bundle.md

43. ࢠϓϩηεͷϧʔτ༻ʹ

44. ࢠϓϩηεͷϧʔτ༻ʹ mount͍ͯ͘͠

45. ࢠϓϩηεͷϧʔτ༻ʹ mount͍͖ͯ͠ ͦͯ͠pivot_root͢Δ

46. ࢠϓϩηεʹ͸ / ʹݟ͑Δ

47. cgroup ϓϩηεʹରͯ͠ ڞ௨ͷϦιʔε؅ཧΛ͢Δ https://gihyo.jp/admin/serial/01/linux_containers/0003

48. None
49. None
50. None
51. None
52. None
53. None
54. None
55. None
56. None
57. None
58. None
59. None

60. Write Container Runtime in Go

61. ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ

62. https://github.com/opencontainers/runtime-spec/blob/master/runtime.md https://github.com/opencontainers/runtime-spec/blob/master/bundle.md https://github.com/golang-standards/project-layout#cmd https://github.com/golang/go/wiki/CodeReviewComments#interfaces https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000#ίϯςφͱ͸ https://golang.org/pkg/go/build/#hdr-Build_Constraints https://github.com/rrreeeyyy/container-internship/tree/master/02#linux-namespaces https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000 https://github.com/tomocy/gocon ࢀߟจݙ

    https://speakerdeck.com/kyohmizu/windowskontenaru-men?slide=26 https://speakerdeck.com/tenforward/cndt2019 https://sil.hatenablog.com/entry/why-container-is-secure