Upgrade to Pro — share decks privately, control downloads, hide ads and more …

クラウドネイティブの基盤要素、コンテナの今と未来

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for うたもく うたもく
August 03, 2023
Technology
7k
21

 クラウドネイティブの基盤要素、コンテナの今と未来

https://event.cloudnativedays.jp/cndf2023/talks/1910

Avatar for うたもく

うたもく

August 03, 2023

More Decks by うたもく

See All by うたもく
OSS の脆弱性対応の舞台裏
Avatar for うたもく utam0k
2
1.5k
オープンソースソフトウェアへの解像度🔬
Avatar for うたもく utam0k
18
5.3k
CNCF Project の作者が考えている OSS の運営
Avatar for うたもく utam0k
7
1.1k
Podman with WebAssembly
Avatar for うたもく utam0k
2
1k
Possibility of OCI Container Runtime with Rust
Avatar for うたもく utam0k
3
1.6k
Container-related technologies supporting Gitpod
Avatar for うたもく utam0k
1
1.3k
詳説 OCIコンテナランタイム youki@第15回 コンテナ技術の情報交換会
Avatar for うたもく utam0k
5
2.3k
Rust 🤝 Container Runtime @ Rust.Tokyo 2021
Avatar for うたもく utam0k
2
2k
「あれ、コンテナって何だっけ?」から生まれた Rust で書かれた コンテナランタイム youkiの話@ODC2021
Avatar for うたもく utam0k
6
4.3k

Other Decks in Technology

See All in Technology
社内 AI エージェント Synapse と セマンティックレイヤーの育て方
Avatar for Hiroaki Sano hiroakis
0
210
Dario Amodi『Policy on the AI Exponential』を理解する
Avatar for 長津孝輔 nagatsu
0
200
ABEMA の Datadog × OTel 基盤、 中から見るか? 外から見るか?
Avatar for tetsuya28 tetsuya28
0
110
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development
Avatar for 吉田真吾 yoshidashingo
1
380
Mastering Ruby Box
Avatar for Satoshi Tagomori tagomoris
3
150
データ基盤をDataformで整えた話 〜 開発環境を添えて 〜
Avatar for Takanobu Nozawa takapy
0
120
AI Engineering Summit Tokyo 2026 AIの前に、やることがある 〜医療データ企業の4フェーズ〜
Avatar for Daisuke Taniwaki dtaniwaki
0
2.1k
AI Adaptable なテストを整える工夫 / Ways to Make Your Tests AI-Adaptable
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
PRO
3
220
Rubyで音を視る
Avatar for ydah ydah
1
100
Build with AI 楽しむ!アイデアを形に
Avatar for Noriko Takiguchi norikotakiguchi
0
100
そのPoC、何を検証したつもりでしたか? AIプロダクトの価値検証で陥った落とし穴
Avatar for PERSOL CAREER Dev | techtekt techtekt
PRO
0
150
【5分でわかる】セーフィー エンジニア向け会社紹介
Avatar for Safie safie_recruit
0
50k

Featured

See All Featured
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
10k
Paper Plane
Avatar for Katie Cordina Lindsey katiecoart
PRO
1
51k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
21
1.5k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
Avatar for Helen Beal helenjbeal
1
220
The Limits of Empathy - UXLibs8
Avatar for Cassini Nazir cassininazir
1
350
The AI Search Optimization Roadmap by Aleyda Solis
Avatar for Aleyda Solis aleyda
1
5.9k
SEO for Brand Visibility & Recognition
Avatar for Aleyda Solis aleyda
0
4.6k
Navigating Weather and Climate Data
Avatar for Ryan Abernathey rabernat
0
210
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
Avatar for Andy Polaine apolaine
1
340
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
28
2.6k
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
59
6.7k

Transcript

  1. クラウドネイティブの基盤要素
 コンテナの今と未来 
 CloudNative Days Fukuoka 2023 Toru Komatsu(@utam0k)

  2. 2 Preferred Networks, Inc. 社内向けオンプレML基盤の開発‧運⽤ 趣味でのOSS活動 メンテナ opencontainers/runtime-spec containers/youki レビュワー

    containerd/runwasi @utam0k KOMATSU Toru

  3. 3 Preferred Networks, Inc. 社内向けオンプレML基盤の開発‧運⽤ 趣味でのOSS活動 メンテナ opencontainers/runtime-spec containers/youki レビュワー

    containerd/runwasi @utam0k KOMATSU Toru We are Hiring!!

  4. コンテナの今 4 00

  5. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface Kubeletの実⾏の流れ 5

  6. Kubelet
 Linux など
 Container Runtime Low-Level Container Runtime I nterface

    6

  7. Kubelet
 Linux など
 Container Runtime Low-Level Container Runtime I nterface

    gRPC 7

  8. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface 8

  9. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface イメージとかコンテナ管理 9

  10. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface コンテナの作成 ワンショットバイナリ 10

  11. コンテナの今 ? 11 00

  12. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface ここでは OCI Runtime Spec を満たすものをコンテナと呼ぶ 12

  13. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface JSON設定ファイルと サブコマンド 例) ./runc create $id でコンテナとは何か定めている 13

  14. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface 14

  15. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface Kubeletの実行の流れ
 15

  16. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface Kubeletの実行の流れ
 16

  17. Container Runtime I nterface Low-Level OCI Runtime Spec ➔ マイクロサービス的

    ➔ プラグイン機構 17

  18. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc 18

  19. マイクロサービス的なアーキテクチャ A
 P
 I
 Image Services Snapshot Services Containers Service

    Tasks Service ‧ ‧ ‧ Container Runtime I nterface Core ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc Backend 19

  20. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc ワンショットバイナリ 20

  21. 21 Kubelet → Container Runtime → Container ➔ High /

    Low-Level Container Runtime Specification ➔ Container Runtime Interface ➔ OCI Runtime Specification containerd ➔ マイクロサービス ➔ プラグイン機構 Recap

  22. コンテナの未来 22 01

  23. ⚠ 個⼈の⾒解 ⚠ 23

  24. WebAssembly 24 02

  25. WebAssembly
 25

  26. WebAssembly
 26 Portability Small Size Security

  27. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface 27

  28. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface 28

  29. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface このあたりでWebAssemblyの対応が必要 よんだ? 29

  30. 30 containerd/runwasi containerd-shimによる拡張 現実世界で既に実験段階 Docker Desktop Azure Kubernetes Service runwasi

  31. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc この部分の拡張 31

  32. Kubelet
 Linux など
 Container Runtime High-Level Low-Level Container Runtime I

    nterface WebAssembly 実行の流れ
 32

  33. 33 ktock/container2wasm 既存のコンテナ資源の活⽤ container2wasm


  34. Lazy Pulling 34 03

  35. 35 $ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()' index-sha256:6a42...4948:

    done |++++++++++++++++++++++++++++++| manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++| config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++| elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s) $ nerdctl run python:3.7-org python3 -c 'exit()' index-sha256:6008....1237: done |++++++++++++++++++++++++++++++| manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++| config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++| layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++| layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++| … layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++| layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++| elapsed: 41.3s total: 321.3 (16.7 MiB/s) Lazy Pulling


  36. 36 $ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()' index-sha256:6a42...4948:

    done |++++++++++++++++++++++++++++++| manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++| config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++| elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s) $ nerdctl run python:3.7-org python3 -c 'exit()' index-sha256:6008....1237: done |++++++++++++++++++++++++++++++| manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++| config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++| layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++| layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++| … layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++| layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++| elapsed: 41.3s total: 321.3 Mi (16.7 MiB/s) layersがない 起動までがはやい!

  37. 37 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs User Kernel

    open(“file”)

  38. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc この部分の拡張 38

  39. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc stargz snapshotter grpc 39

  40. 40 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs open(“file”) ①


    ②
 ④
 ③
 ⑤
 ⑥
 ⑦
 User Kernel

  41. 41 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs open(“file”) ①


    ②
 ④
 ③
 ⑤
 ⑥
 ⑦
 User Kernel

  42. 42 cache stargz-snapshotter Container FUSE Driver Overlayfs open(“file”) ①
 ②


    ④
 ③
 ⑤
 ⑥
 ⑦
 User Kernel Registry

  43. 43 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs open(“file”) ①


    ②
 ④
 ③
 ⑤
 ⑥
 ⑦
 User Kernel

  44. 44 cache stargz-snapshotter Container FUSE Driver Overlayfs open(“file”) ①
 ②


    ③
 ⑤
 ⑥
 ⑦
 User Kernel ④
 Registry

  45. 45 $ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()' index-sha256:6a42...4948:

    done |++++++++++++++++++++++++++++++| manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++| config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++| elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s) $ nerdctl run python:3.7-org python3 -c 'exit()' index-sha256:6008....1237: done |++++++++++++++++++++++++++++++| manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++| config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++| layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++| layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++| … layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++| layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++| elapsed: 41.3s total: 321.3 (16.7 MiB/s) Lazy Pulling


  46. OCI Runtime Spec v1.1.0 46 04

  47. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface これ! 47

  48. 先⽉に3年ぶりのリリース! v1.0.2 からは21個の新しい機能 cgroup v2 / idmapped mount / seccomp

    notify … OCI Runtime Specification v1.1.0
 48

  49. sched_setattr(2) をコンテナに適⽤される コンテナに対してnice値とか設定可能に コンテナってプロセスなんだ...というのを強く意識させられる 実装 runc#3895 , youki#1706 , crun✅

    Scheduler entity #1188
 49

  50. ioprio_set (2) をコンテナに適⽤される バッチ処理とかI/Oが重たいけど重要度は⾼くない処理で書き 込みで他のコンテナへの迷惑を少なくする 実装 runc#3783 , youki ✅,

    crun ✅ I/O Priority #1191
 50

  51. 51 WebAssembly ➔ 新しい形 ➔ containerd-shim-wasm[edge|time]-v1 Lazy Pulling ➔ コンテナ起動の⾼速化

    ➔ Snapshotter Plugin OCI Runtime Specification v1.1.0 ➔ sched_setattr(2) : nice値を変更可能に ➔ ioprio_set(2)r(2) : I/Oの優先度を変更可能に Recap

  52. 謝辞 52 05

  53. stargz snapshotterの実装について 丁寧に解説して頂きました ありがとうございました 
 53 TOKUNAGA Kohei -san @ktock

    / @TokunagaKohei

  54. Thanks you! 54