Upgrade to Pro — share decks privately, control downloads, hide ads and more …

クラウドネイティブの基盤要素、コンテナの今と未来

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for うたもく うたもく
August 03, 2023
Technology
7k
21

 クラウドネイティブの基盤要素、コンテナの今と未来

https://event.cloudnativedays.jp/cndf2023/talks/1910

Avatar for うたもく

うたもく

August 03, 2023

More Decks by うたもく

See All by うたもく
OSS の脆弱性対応の舞台裏
Avatar for うたもく utam0k
2
1.5k
オープンソースソフトウェアへの解像度🔬
Avatar for うたもく utam0k
18
5.3k
CNCF Project の作者が考えている OSS の運営
Avatar for うたもく utam0k
7
1.1k
Podman with WebAssembly
Avatar for うたもく utam0k
2
1k
Possibility of OCI Container Runtime with Rust
Avatar for うたもく utam0k
3
1.6k
Container-related technologies supporting Gitpod
Avatar for うたもく utam0k
1
1.3k
詳説 OCIコンテナランタイム youki@第15回 コンテナ技術の情報交換会
Avatar for うたもく utam0k
5
2.3k
Rust 🤝 Container Runtime @ Rust.Tokyo 2021
Avatar for うたもく utam0k
2
2k
「あれ、コンテナって何だっけ?」から生まれた Rust で書かれた コンテナランタイム youkiの話@ODC2021
Avatar for うたもく utam0k
6
4.3k

Other Decks in Technology

See All in Technology
Cloud Run のアップデート 触ってみる&紹介
Avatar for Gre212 gre212
0
310
製造業のクラウド活用最適解〜AI,DXを加速するデータ基盤の作り方〜
Avatar for 濱田孝治 hamadakoji
0
380
2026.06.13_AI時代に事業会社が「SIer出身エンジニア」を求める理由 / Why Businesses Seek Engineers with a System Integrator Background in the AI ​​Era
Avatar for jumpei_ikegami jumtech
0
500
ポケモンの型をTypeScriptの型システムで表現してみた
Avatar for subroh_0508 subroh0508
0
330
「速く作る」から「正しく作る」へ ─ 生成AI時代の開発フロー改革の ロードマップと実行 ─
Avatar for starfish719 starfish719
0
7.7k
AI と創る新たな世界 / A New World Created with AI
Avatar for Kenji Saito ks91
PRO
0
110
AIを「創る」と「使う」の循環 — HRテックが実践するリアルなAI組織実装
Avatar for Taketo Sasaki taketo957
0
1.5k
運用を見据えたAIエージェント設計実践
Avatar for amacbee amacbee
1
2.9k
タクシーアプリ『GO』の実践的データ活用
Avatar for GO Inc. dev mot_techtalk
2
150
PHP と TypeScript の型システム比較:AI 時代の「型」は誰のためにあるのか? #frontend_phpcon_do / frontend_phpcon_do_2026
Avatar for shogogg shogogg
1
250
Terraformモジュールは、なぜ「魔境」化するのか
Avatar for hayama hayama17
1
190
もりもり新機能を一挙紹介! AgentCoreに入門して、AWS上にAIエージェントを構築しよう
Avatar for みのるん minorun365
PRO
6
810

Featured

See All Featured
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
Avatar for Katarina Dahlin katarinadahlin
PRO
1
3.6k
Information Architects: The Missing Link in Design Systems
Avatar for Michelle Chin soysaucechin
0
960
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
187
22k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
250
1.3M
Building Adaptive Systems
Avatar for Chris Keathley keathley
44
3k
The Illustrated Guide to Node.js - THAT Conference 2024
Avatar for David Neal reverentgeek
1
370
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
Avatar for David Neal reverentgeek
1
460
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
Avatar for Mfonobong Umondia mfonobong
2
420
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
82
6.3k
Highjacked: Video Game Concept Design
Avatar for Ryan Kendrick rkendrick25
PRO
1
380
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
41
2.5k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
6
1.1k

Transcript

  1. クラウドネイティブの基盤要素
 コンテナの今と未来 
 CloudNative Days Fukuoka 2023 Toru Komatsu(@utam0k)

  2. 2 Preferred Networks, Inc. 社内向けオンプレML基盤の開発‧運⽤ 趣味でのOSS活動 メンテナ opencontainers/runtime-spec containers/youki レビュワー

    containerd/runwasi @utam0k KOMATSU Toru

  3. 3 Preferred Networks, Inc. 社内向けオンプレML基盤の開発‧運⽤ 趣味でのOSS活動 メンテナ opencontainers/runtime-spec containers/youki レビュワー

    containerd/runwasi @utam0k KOMATSU Toru We are Hiring!!

  4. コンテナの今 4 00

  5. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface Kubeletの実⾏の流れ 5

  6. Kubelet
 Linux など
 Container Runtime Low-Level Container Runtime I nterface

    6

  7. Kubelet
 Linux など
 Container Runtime Low-Level Container Runtime I nterface

    gRPC 7

  8. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface 8

  9. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface イメージとかコンテナ管理 9

  10. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface コンテナの作成 ワンショットバイナリ 10

  11. コンテナの今 ? 11 00

  12. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface ここでは OCI Runtime Spec を満たすものをコンテナと呼ぶ 12

  13. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface JSON設定ファイルと サブコマンド 例) ./runc create $id でコンテナとは何か定めている 13

  14. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface 14

  15. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface Kubeletの実行の流れ
 15

  16. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface Kubeletの実行の流れ
 16

  17. Container Runtime I nterface Low-Level OCI Runtime Spec ➔ マイクロサービス的

    ➔ プラグイン機構 17

  18. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc 18

  19. マイクロサービス的なアーキテクチャ A
 P
 I
 Image Services Snapshot Services Containers Service

    Tasks Service ‧ ‧ ‧ Container Runtime I nterface Core ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc Backend 19

  20. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc ワンショットバイナリ 20

  21. 21 Kubelet → Container Runtime → Container ➔ High /

    Low-Level Container Runtime Specification ➔ Container Runtime Interface ➔ OCI Runtime Specification containerd ➔ マイクロサービス ➔ プラグイン機構 Recap

  22. コンテナの未来 22 01

  23. ⚠ 個⼈の⾒解 ⚠ 23

  24. WebAssembly 24 02

  25. WebAssembly
 25

  26. WebAssembly
 26 Portability Small Size Security

  27. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface 27

  28. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface 28

  29. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface このあたりでWebAssemblyの対応が必要 よんだ? 29

  30. 30 containerd/runwasi containerd-shimによる拡張 現実世界で既に実験段階 Docker Desktop Azure Kubernetes Service runwasi

  31. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc この部分の拡張 31

  32. Kubelet
 Linux など
 Container Runtime High-Level Low-Level Container Runtime I

    nterface WebAssembly 実行の流れ
 32

  33. 33 ktock/container2wasm 既存のコンテナ資源の活⽤ container2wasm


  34. Lazy Pulling 34 03

  35. 35 $ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()' index-sha256:6a42...4948:

    done |++++++++++++++++++++++++++++++| manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++| config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++| elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s) $ nerdctl run python:3.7-org python3 -c 'exit()' index-sha256:6008....1237: done |++++++++++++++++++++++++++++++| manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++| config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++| layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++| layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++| … layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++| layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++| elapsed: 41.3s total: 321.3 (16.7 MiB/s) Lazy Pulling


  36. 36 $ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()' index-sha256:6a42...4948:

    done |++++++++++++++++++++++++++++++| manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++| config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++| elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s) $ nerdctl run python:3.7-org python3 -c 'exit()' index-sha256:6008....1237: done |++++++++++++++++++++++++++++++| manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++| config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++| layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++| layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++| … layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++| layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++| elapsed: 41.3s total: 321.3 Mi (16.7 MiB/s) layersがない 起動までがはやい!

  37. 37 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs User Kernel

    open(“file”)

  38. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc この部分の拡張 38

  39. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc stargz snapshotter grpc 39

  40. 40 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs open(“file”) ①


    ②
 ④
 ③
 ⑤
 ⑥
 ⑦
 User Kernel

  41. 41 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs open(“file”) ①


    ②
 ④
 ③
 ⑤
 ⑥
 ⑦
 User Kernel

  42. 42 cache stargz-snapshotter Container FUSE Driver Overlayfs open(“file”) ①
 ②


    ④
 ③
 ⑤
 ⑥
 ⑦
 User Kernel Registry

  43. 43 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs open(“file”) ①


    ②
 ④
 ③
 ⑤
 ⑥
 ⑦
 User Kernel

  44. 44 cache stargz-snapshotter Container FUSE Driver Overlayfs open(“file”) ①
 ②


    ③
 ⑤
 ⑥
 ⑦
 User Kernel ④
 Registry

  45. 45 $ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()' index-sha256:6a42...4948:

    done |++++++++++++++++++++++++++++++| manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++| config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++| elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s) $ nerdctl run python:3.7-org python3 -c 'exit()' index-sha256:6008....1237: done |++++++++++++++++++++++++++++++| manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++| config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++| layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++| layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++| … layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++| layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++| elapsed: 41.3s total: 321.3 (16.7 MiB/s) Lazy Pulling


  46. OCI Runtime Spec v1.1.0 46 04

  47. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface これ! 47

  48. 先⽉に3年ぶりのリリース! v1.0.2 からは21個の新しい機能 cgroup v2 / idmapped mount / seccomp

    notify … OCI Runtime Specification v1.1.0
 48

  49. sched_setattr(2) をコンテナに適⽤される コンテナに対してnice値とか設定可能に コンテナってプロセスなんだ...というのを強く意識させられる 実装 runc#3895 , youki#1706 , crun✅

    Scheduler entity #1188
 49

  50. ioprio_set (2) をコンテナに適⽤される バッチ処理とかI/Oが重たいけど重要度は⾼くない処理で書き 込みで他のコンテナへの迷惑を少なくする 実装 runc#3783 , youki ✅,

    crun ✅ I/O Priority #1191
 50

  51. 51 WebAssembly ➔ 新しい形 ➔ containerd-shim-wasm[edge|time]-v1 Lazy Pulling ➔ コンテナ起動の⾼速化

    ➔ Snapshotter Plugin OCI Runtime Specification v1.1.0 ➔ sched_setattr(2) : nice値を変更可能に ➔ ioprio_set(2)r(2) : I/Oの優先度を変更可能に Recap

  52. 謝辞 52 05

  53. stargz snapshotterの実装について 丁寧に解説して頂きました ありがとうございました 
 53 TOKUNAGA Kohei -san @ktock

    / @TokunagaKohei

  54. Thanks you! 54