Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Write Container Runtime in Go

Avatar for tomocy tomocy
October 28, 2019
Programming
4
3.3k

Write Container Runtime in Go

Presented in Go Conference 2019 Autumn

https://gocon.jp/sessions/write_container_runtime_in_go/

Avatar for tomocy

tomocy

October 28, 2019
Tweet

More Decks by tomocy

See All by tomocy
Work around Dart custom lint rule
Avatar for tomocy tomocy
1
510

Other Decks in Programming

See All in Programming
AI巻き込み型コードレビューのススメ
Avatar for Nealle nealle
1
140
Spinner 軸ズレ現象を調べたらレンダリング深淵に飲まれた #レバテックMeetup
Avatar for 弁護士ドットコム bengo4com
1
230
責任感のあるCloudWatchアラームを設計しよう
Avatar for アキキー akihisaikeda
3
170
Fragmented Architectures
Avatar for Denys Poltorak denyspoltorak
0
150
Basic Architectures
Avatar for Denys Poltorak denyspoltorak
0
660
OSSとなったswift-buildで Xcodeのビルドを差し替えられるため 自分でXcodeを直せる時代になっている ダイアモンド問題編
Avatar for yimajo yimajo
3
610
CSC307 Lecture 04
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
660
そのAIレビュー、レビューしてますか? / Are you reviewing those AI reviews?
Avatar for r-kagaya rkaga
6
4.5k
インターン生でもAuth0で 認証基盤刷新が出来るのか
Avatar for takumi taku271
0
190
AIエージェント、”どう作るか”で差は出るか? / AI Agents: Does the "How" Make a Difference?
Avatar for r-kagaya rkaga
4
2k
Lambda のコードストレージ容量に気をつけましょう
Avatar for tatsuki-yamada tattwan718
0
110
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
Avatar for tetutetu214 tetutetu214
2
110

Featured

See All Featured
Digital Ethics as a Driver of Design Innovation
Avatar for Per Axbom axbom
PRO
1
170
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
Avatar for MADOX madoxten
57
50k
Designing for Performance
Avatar for Lara Hogan lara
610
70k
KATA
Avatar for Megan Lloyd mclloyd
PRO
34
15k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
Utilizing Notion as your number one productivity tool
Avatar for Mfonobong Umondia mfonobong
3
220
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.3k
Darren the Foodie - Storyboard
Avatar for Kevinho.art khoart
PRO
2
2.4k
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
0
140
Getting science done with accelerated Python computing platforms
Avatar for Jacob Tomlinson jacobtomlinson
2
110
Deep Space Network (abreviated)
Avatar for Tony Rice tonyrice
0
47
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
122
21k

Transcript

  1. Write Container Runtime in Go Go Conference 2019 Autumn Koki

    Tomoshige (@towocy)

  2. Write Container Runtime in Go

  3. Write Container Runtime in Go

  4. ίϯςφϥϯλΠϜʹ͍ͭͯ

  5. ίϯςφٕज़ ίϯςφϥϯλΠϜͱ ίϯςφΠϝʔδ

  6. ίϯςφϥϯλΠϜ OCI runtimeʹ४ڌ͍ͯ͠Δ

  7. OCIʢOpen Container Initiativeʣ ίϯςφٕज़ͷඪ४ن֨Λ ࡞੒͢ΔͨΊͷஂମ

  8. None

  9. runtime.me ίϯςφϥϯλΠϜͱͯ͠ͷ ঢ়ଶͱৼΔ෣͍ https://github.com/opencontainers/runtime-spec/blob/master/runtime.md

  10. Query State state <container-id> Create create <container-id> <path-to-bundle> Start start

    <container-id> Kill kill <container-id> <signal> Delete delete <container-id>
  11. None

  12. Standard Go Project Layout /cmd https://github.com/golang-standards/project-layout#cmd

  13. None

  14. CLI pkg github.com/urfave/cli

  15. None
  16. None
  17. None
  18. None
  19. None

  20. InterfaceͰͷந৅Խ ࢖༻ऀଆ͕ ٻΊΔৼΔ෣͍Λఆٛ͢Δ https://github.com/golang/go/wiki/CodeReviewComments#interfaces

  21. None

  22. ίϯςφϥϯλΠϜͷ࣮૷ʹ͍ͭͯ

  23. ίϯςφϥϯλΠϜ ϗετOS্ͷ Ϧιʔεִ͕཭ɺ੍ݶ͞Εͨϓϩηε

  24. ‘Contain’er ʙΛด͡ࠐΊΔ

  25. ίϯςφϥϯλΠϜ How to contain a process

  26. https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000#ίϯςφͱ͸ ΧʔωϧϦιʔεɺϑΝΠϧγεςϜͷִ཭ Namespaceɺchroot/pivot_root ϋʔυ΢ΣΞϦιʔεͷ੍ݶ cgroup ݖݶͷ੍໿ Capabilityɺseccomp

  27. None

  28. Fork

  29. Fork ਌ϓϩηε ࢠϓϩηε

  30. Fork ਌ϓϩηε ࢠϓϩηε Contain

  31. None

  32. Build Constraints ϑΝΠϧ໊Ͱ Ϗϧυର৅Λ෼͚Δ https://golang.org/pkg/go/build/#hdr-Build_Constraints

  33. None
  34. None
  35. None
  36. None

  37. Fork ਌ϓϩηε ࢠϓϩηε Contain

  38. https://github.com/rrreeeyyy/container-internship/tree/master/02#linux-namespaces IPC ϓϩηεؒ௨৴Ͱ࢖͏Ϧιʔε Network ωοτϫʔΫσόΠεɺϧʔςΟϯάςʔϒϧ Mount ϑΝΠϧγεςϜπϦʔ PID ϓϩηε ID

    User Ϣʔβ IDɺάϧʔϓ ID UTS nodenameɺdomainname
  39. None

  40. Fork

  41. None

  42. Filesystem bundle config.jsonͱrootfs https://github.com/opencontainers/runtime-spec/blob/master/bundle.md

  43. ࢠϓϩηεͷϧʔτ༻ʹ

  44. ࢠϓϩηεͷϧʔτ༻ʹ mount͍ͯ͘͠

  45. ࢠϓϩηεͷϧʔτ༻ʹ mount͍͖ͯ͠ ͦͯ͠pivot_root͢Δ

  46. ࢠϓϩηεʹ͸ / ʹݟ͑Δ

  47. cgroup ϓϩηεʹରͯ͠ ڞ௨ͷϦιʔε؅ཧΛ͢Δ https://gihyo.jp/admin/serial/01/linux_containers/0003

  48. None
  49. None
  50. None
  51. None
  52. None
  53. None
  54. None
  55. None
  56. None
  57. None
  58. None
  59. None

  60. Write Container Runtime in Go

  61. ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ

  62. https://github.com/opencontainers/runtime-spec/blob/master/runtime.md https://github.com/opencontainers/runtime-spec/blob/master/bundle.md https://github.com/golang-standards/project-layout#cmd https://github.com/golang/go/wiki/CodeReviewComments#interfaces https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000#ίϯςφͱ͸ https://golang.org/pkg/go/build/#hdr-Build_Constraints https://github.com/rrreeeyyy/container-internship/tree/master/02#linux-namespaces https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000 https://github.com/tomocy/gocon ࢀߟจݙ

    https://speakerdeck.com/kyohmizu/windowskontenaru-men?slide=26 https://speakerdeck.com/tenforward/cndt2019 https://sil.hatenablog.com/entry/why-container-is-secure