$30 off During Our Annual Pro Sale. View Details »

Write Container Runtime in Go

Avatar for tomocy tomocy
October 28, 2019
Programming
4
3.3k

Write Container Runtime in Go

Presented in Go Conference 2019 Autumn

https://gocon.jp/sessions/write_container_runtime_in_go/

Avatar for tomocy

tomocy

October 28, 2019
Tweet

More Decks by tomocy

See All by tomocy
Work around Dart custom lint rule
Avatar for tomocy tomocy
1
510

Other Decks in Programming

See All in Programming
マスタデータ問題、マイクロサービスでどう解くか
Avatar for Kato Keisuke kts
0
120
これならできる!個人開発のすゝめ
Avatar for Tsubasa SEKIGUCHI tinykitten
PRO
0
130
AI時代を生き抜く 新卒エンジニアの生きる道
Avatar for coconala_engineer coconala_engineer
1
420
メルカリのリーダビリティチームが取り組む、AI時代のスケーラブルな品質文化
Avatar for osari.k cloverrose
2
370
re:Invent 2025 トレンドからみる製品開発への AI Agent 活用
Avatar for Kohei Yoshikawa yoskoh
0
120
Graviton と Nitro と私
Avatar for maroon1st maroon1st
0
130
ゆくKotlin くるRust
Avatar for TATSUNO Yasuhiro exoego
1
160
tparseでgo testの出力を見やすくする
Avatar for utagawa kiki utgwkk
2
280
大規模Cloud Native環境におけるFalcoの運用
Avatar for Chihiro Hasegawa owlinux1000
0
190
LLM Çağında Backend Olmak: 10 Milyon Prompt'u Milisaniyede Sorgulamak
Avatar for Selçuk Usta selcukusta
0
130
SwiftUIで本格音ゲー実装してみた
Avatar for 蛋白(たんぱく・TANPACT) hypebeans
0
490
gunshi
Avatar for kazupon kazupon
1
120

Featured

See All Featured
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
Exploring anti-patterns in Rails
Avatar for Elle Meredith aemeredith
2
200
The B2B funnel & how to create a winning content strategy
Avatar for Katarina Dahlin katarinadahlin
PRO
0
190
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
62k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
56
14k
Un-Boring Meetings
Avatar for Sebastian Deterding codingconduct
0
160
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.7k
B2B Lead Gen: Tactics, Traps & Triumph
Avatar for Sophie Logan marketingsoph
0
32
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
28
2.4k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
2.2k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9k
Amusing Abliteration
Avatar for ianozsvald ianozsvald
0
69

Transcript

  1. Write Container Runtime in Go Go Conference 2019 Autumn Koki

    Tomoshige (@towocy)

  2. Write Container Runtime in Go

  3. Write Container Runtime in Go

  4. ίϯςφϥϯλΠϜʹ͍ͭͯ

  5. ίϯςφٕज़ ίϯςφϥϯλΠϜͱ ίϯςφΠϝʔδ

  6. ίϯςφϥϯλΠϜ OCI runtimeʹ४ڌ͍ͯ͠Δ

  7. OCIʢOpen Container Initiativeʣ ίϯςφٕज़ͷඪ४ن֨Λ ࡞੒͢ΔͨΊͷஂମ

  8. None

  9. runtime.me ίϯςφϥϯλΠϜͱͯ͠ͷ ঢ়ଶͱৼΔ෣͍ https://github.com/opencontainers/runtime-spec/blob/master/runtime.md

  10. Query State state <container-id> Create create <container-id> <path-to-bundle> Start start

    <container-id> Kill kill <container-id> <signal> Delete delete <container-id>
  11. None

  12. Standard Go Project Layout /cmd https://github.com/golang-standards/project-layout#cmd

  13. None

  14. CLI pkg github.com/urfave/cli

  15. None
  16. None
  17. None
  18. None
  19. None

  20. InterfaceͰͷந৅Խ ࢖༻ऀଆ͕ ٻΊΔৼΔ෣͍Λఆٛ͢Δ https://github.com/golang/go/wiki/CodeReviewComments#interfaces

  21. None

  22. ίϯςφϥϯλΠϜͷ࣮૷ʹ͍ͭͯ

  23. ίϯςφϥϯλΠϜ ϗετOS্ͷ Ϧιʔεִ͕཭ɺ੍ݶ͞Εͨϓϩηε

  24. ‘Contain’er ʙΛด͡ࠐΊΔ

  25. ίϯςφϥϯλΠϜ How to contain a process

  26. https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000#ίϯςφͱ͸ ΧʔωϧϦιʔεɺϑΝΠϧγεςϜͷִ཭ Namespaceɺchroot/pivot_root ϋʔυ΢ΣΞϦιʔεͷ੍ݶ cgroup ݖݶͷ੍໿ Capabilityɺseccomp

  27. None

  28. Fork

  29. Fork ਌ϓϩηε ࢠϓϩηε

  30. Fork ਌ϓϩηε ࢠϓϩηε Contain

  31. None

  32. Build Constraints ϑΝΠϧ໊Ͱ Ϗϧυର৅Λ෼͚Δ https://golang.org/pkg/go/build/#hdr-Build_Constraints

  33. None
  34. None
  35. None
  36. None

  37. Fork ਌ϓϩηε ࢠϓϩηε Contain

  38. https://github.com/rrreeeyyy/container-internship/tree/master/02#linux-namespaces IPC ϓϩηεؒ௨৴Ͱ࢖͏Ϧιʔε Network ωοτϫʔΫσόΠεɺϧʔςΟϯάςʔϒϧ Mount ϑΝΠϧγεςϜπϦʔ PID ϓϩηε ID

    User Ϣʔβ IDɺάϧʔϓ ID UTS nodenameɺdomainname
  39. None

  40. Fork

  41. None

  42. Filesystem bundle config.jsonͱrootfs https://github.com/opencontainers/runtime-spec/blob/master/bundle.md

  43. ࢠϓϩηεͷϧʔτ༻ʹ

  44. ࢠϓϩηεͷϧʔτ༻ʹ mount͍ͯ͘͠

  45. ࢠϓϩηεͷϧʔτ༻ʹ mount͍͖ͯ͠ ͦͯ͠pivot_root͢Δ

  46. ࢠϓϩηεʹ͸ / ʹݟ͑Δ

  47. cgroup ϓϩηεʹରͯ͠ ڞ௨ͷϦιʔε؅ཧΛ͢Δ https://gihyo.jp/admin/serial/01/linux_containers/0003

  48. None
  49. None
  50. None
  51. None
  52. None
  53. None
  54. None
  55. None
  56. None
  57. None
  58. None
  59. None

  60. Write Container Runtime in Go

  61. ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ

  62. https://github.com/opencontainers/runtime-spec/blob/master/runtime.md https://github.com/opencontainers/runtime-spec/blob/master/bundle.md https://github.com/golang-standards/project-layout#cmd https://github.com/golang/go/wiki/CodeReviewComments#interfaces https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000#ίϯςφͱ͸ https://golang.org/pkg/go/build/#hdr-Build_Constraints https://github.com/rrreeeyyy/container-internship/tree/master/02#linux-namespaces https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000 https://github.com/tomocy/gocon ࢀߟจݙ

    https://speakerdeck.com/kyohmizu/windowskontenaru-men?slide=26 https://speakerdeck.com/tenforward/cndt2019 https://sil.hatenablog.com/entry/why-container-is-secure