SLIDE 1
BELOW KUBERNETES
DEMYSTIFYING CONTAINER RUNTIMES
Thierry Carrez, OpenStack Foundation (OSF) @tcarrez on Twitter ttx on Freenode
BELOW KUBERNETES DEMYSTIFYING CONTAINER RUNTIMES Thierry Carrez, - - PowerPoint PPT Presentation
BELOW KUBERNETES DEMYSTIFYING CONTAINER RUNTIMES Thierry Carrez, - - PowerPoint PPT Presentation
BELOW KUBERNETES DEMYSTIFYING CONTAINER RUNTIMES Thierry Carrez, OpenStack Foundation (OSF) @tcarrez on Twitter ttx on Freenode WHY AM I HERE? WHY AM I HERE? OpenStack is more than just VMs WHY AM I HERE? OpenStack is more than just
SLIDE 2
SLIDE 3
WHY AM I HERE?
▪ OpenStack is more than just VMs
SLIDE 4
WHY AM I HERE?
▪ OpenStack is more than just VMs ▪ OSF is more than just OpenStack
SLIDE 5
WHY AM I HERE?
▪ OpenStack is more than just VMs ▪ OSF is more than just OpenStack ▪ Openly developing open infrastructure
SLIDE 6
WHY AM I HERE?
▪ OpenStack is more than just VMs ▪ OSF is more than just OpenStack ▪ Openly developing open infrastructure
SLIDE 7
WHY AM I HERE?
▪ OpenStack is more than just VMs ▪ OSF is more than just OpenStack ▪ Openly developing open infrastructure
SLIDE 8
WHY AM I HERE?
▪ OpenStack is more than just VMs ▪ OSF is more than just OpenStack ▪ Openly developing open infrastructure
SLIDE 9
WHY AM I HERE?
▪ OpenStack is more than just VMs ▪ OSF is more than just OpenStack ▪ Openly developing open infrastructure
SLIDE 10
WHY AM I HERE?
▪ OpenStack is more than just VMs ▪ OSF is more than just OpenStack ▪ Openly developing open infrastructure
SLIDE 11
Kubernetes
SLIDE 12
Kubernetes
SLIDE 13
Kubernetes
?
SLIDE 14
Kubernetes
?
Linux Kernel
SLIDE 15
15
SLIDE 16
1. THE WORLD USED TO BE SIMPLE
SLIDE 17
Kubernetes Docker Linux Kernel
SLIDE 18
2. INTERFACES
SLIDE 19
OCI
▪ Open Containers Initiative, est. June 2015
SLIDE 20
OCI
▪ Open Containers Initiative, est. June 2015 ▪ Standardize the wild west of container tech
SLIDE 21
OCI
▪ Open Containers Initiative, est. June 2015 ▪ Standardize the wild west of container tech ▪ Runtime spec defining OCI runtimes
SLIDE 22
OCI
▪ Open Containers Initiative, est. June 2015 ▪ Standardize the wild west of container tech ▪ Runtime spec defining OCI runtimes ▪ Image spec defining OCI runtime bundles
SLIDE 23
Kubernetes Docker Linux Kernel
SLIDE 24
OCI Linux Kernel Kubernetes runC Docker
SLIDE 25
CRI
▪ Container Runtime Interface, est. Dec 2016
SLIDE 26
CRI
▪ Container Runtime Interface, est. Dec 2016 ▪ Primitives to manage pods of containers
SLIDE 27
CRI
▪ Container Runtime Interface, est. Dec 2016 ▪ Primitives to manage pods of containers ▪ A single interface for Rkt & Docker
SLIDE 28
Docker Linux Kernel Kubernetes runC OCI rkt
SLIDE 29
Linux Kernel Kubernetes runC OCI CRI Docker rkt
SLIDE 30
Docker CLI Linux Kernel Kubernetes CRI containerd cri-containerd runC OCI rkt
SLIDE 31
2. MORE PUZZLE PIECES
SLIDE 32
containerd cri-containerd Docker CLI Linux Kernel Kubernetes CRI runC OCI
SLIDE 33
containerd cri-containerd Docker CLI Linux Kernel Kubernetes CRI runC OCI
SLIDE 34
cri-containerd containerd Docker CLI Linux Kernel Kubernetes CRI runC OCI CRI-O
SLIDE 35
Linux Kernel runC CRI cri-containerd CRI-O containerd Docker CLI Podman Kubernetes OCI
SLIDE 36
3. WORKLOAD ISOLATION
SLIDE 37
THE DIRTY SECRET OF CONTAINERS
SLIDE 38
THE DIRTY SECRET OF CONTAINERS
▪ Containers don’t contain
SLIDE 39
THE DIRTY SECRET OF CONTAINERS
▪ Containers don’t contain ▪ Real-world containers run in VMs
SLIDE 40
THE DIRTY SECRET OF CONTAINERS
▪ Containers don’t contain ▪ Real-world containers run in VMs ▪ In GCP, Azure, AWS or Alicloud
SLIDE 41
Linux Kernel runC CRI cri-containerd CRI-O containerd Docker CLI Podman Kubernetes OCI KVM QEMU
SLIDE 42
Linux Kernel runC CRI cri-containerd CRI-O containerd Docker CLI Podman Kubernetes OCI KVM QEMU runV hyper
SLIDE 43
Linux Kernel runC CRI cri-containerd CRI-O containerd Docker CLI Podman OCI KVM QEMU Frakti runV Kubernetes hyper
SLIDE 44
Linux Kernel runC CRI cri-containerd CRI-O containerd Docker CLI Podman OCI KVM QEMU runV Clear Containers Frakti Kubernetes hyper
SLIDE 45
Linux Kernel runC CRI cri-containerd CRI-O containerd Docker CLI Podman OCI KVM QEMU Kata Containers Frakti Kubernetes
SLIDE 46
Linux Kernel runC CRI cri-containerd CRI-O containerd Docker CLI Podman Kubernetes OCI KVM QEMU Frakti Kata Containers
SLIDE 47
Linux Kernel runC CRI cri-containerd CRI-O containerd Docker CLI Podman Kubernetes OCI KVM QEMU Frakti Kata Containers gVisor
(ptrace mode)
SLIDE 48
Linux Kernel runC CRI cri-containerd CRI-O containerd Docker CLI Podman Kubernetes OCI KVM QEMU Frakti Kata Containers gVisor
(ptrace mode)
Firecracker
SLIDE 49
Linux Kernel runC CRI cri-containerd CRI-O containerd Docker CLI Podman Kubernetes OCI KVM QEMU Frakti Kata Containers gVisor
(ptrace mode)
Firecracker
SLIDE 50
Linux Kernel runC CRI cri-containerd CRI-O containerd Docker CLI Podman Kubernetes OCI KVM QEMU Frakti Kata Containers gVisor
(ptrace mode)
Firecracker
SLIDE 51
Linux Kernel runC CRI cri-containerd CRI-O containerd Docker CLI Podman Kubernetes OCI KVM QEMU Frakti Kata Containers gVisor
(ptrace mode)
Firecracker
CLI tools CRI runtimes OCI runtimes VMMs
SLIDE 52
THANKS!
Any questions?
Credits
Slides by slidescarnival.com, CC-BY-4.0 Photograph licensed under Unsplash license
You can reach me at
@tcarrez on Twitter thierry@openstack.org by email