next generation tools for container technology
play

Next Generation Tools for container technology Dan Walsh @rhatdan - PowerPoint PPT Presentation

Oct 23, 2023 •485 likes •1.36k views

Next Generation Tools for container technology Dan Walsh @rhatdan Please Stand Please read out loud all text in RED I Promise To say Container Registries Rather than Docker registries I Promise To say Container Images Rather than

  1. Next Generation Tools for container technology Dan Walsh @rhatdan

  2. Please Stand

  3. Please read out loud all text in RED

  4. I Promise

  5. To say Container Registries Rather than Docker registries

  6. I Promise

  7. To say Container Images Rather than Docker images

  8. I Promise

  9. To say Containers Rather than Docker Containers

  10. Sit Down

  13. What do you need to run a container Standard Definition of what makes up a container image. ● OCI Image Bundle Definition ○

  14. Introducing Skopeo https://github.com/containers/skopeo #nobigfatdaemons

  15. Skopeo ● $ skopeo inspect docker://docker.io/fedora ● $ skopeo copy docker://busybox:1-glibc atomic:myns/unsigned:streaming $ skopeo copy docker://busybox:latest dir:existingemptydirectory $ skopeo copy docker://busybox:latest oci:busybox_ocilayout:latest ● $ skopeo delete docker://localhost:5000/imagename:latest #nobigfatdaemons

  16. What do you need to run a container` Standard Definition of what makes up a container image. ● OCI Image Bundle Definition ○ Mechanism to pull images from a container registry to the host ● github.com/containers/image ○

  17. What do you need to run a container Standard Definition of what makes up a container image. ● OCI Image Bundle Definition ○ Mechanism to pull images from a container registry to the host ● github.com/containers/image ○ ● Ability to explode images onto COW file systems on disk github.com/containers/storage ○

  18. What do you need to run a container Standard Definition of what makes up a container image. ● OCI Image Bundle Definition ○ Mechanism to pull images from a container registry to the host ● github.com/containers/image ○ ● Ability to explode images onto COW file systems on disk github.com/containers/storage ○ Standard mechanism for running a container ● ○ OCI Runtime Spec (1.0) runc default implementation of OCI Runtime Spec (Same tool Docker uses to run containers) ○

  19. #nobigfatdaemons

  20. #nobigfatdaemons

  21. What does OpenShift/Kubernetes need run a container? CRI - Container Runtime Interface #nobigfatdaemons

  22. What does OpenShift/Kubernetes need run a container? CRI - Container Runtime Interface Kubernetes tells CRI to run Container Image: #nobigfatdaemons

  23. What does OpenShift/Kubernetes need run a container? CRI - Container Runtime Interface Kubernetes tells CRI to run Container Image: ● CRI needs to pull image from Container Registry #nobigfatdaemons

  24. What does OpenShift/Kubernetes need run a container? CRI - Container Runtime Interface Kubernetes tells CRI to run Container Image: ● CRI needs to pull image from Container Registry ● CRI Needs to store image on COW File system #nobigfatdaemons

  25. What does OpenShift/Kubernetes need run a container? CRI - Container Runtime Interface Kubernetes tells CRI to run Container Image: ● CRI needs to pull image from Container Registry ● CRI Needs to store image on COW File system ● CRI Needs to execute OCI Runtime #nobigfatdaemons

  26. Introducing CRI-O #nobigfatdaemons

  27. Introducing CRI-O CRI-O - OCI-based implementation of Kubernetes Container Runtime Interface Scope tied to kubernetes CRI ● ● Only supported user is kubernetes Uses standard components as building blocks ● “Nothing more, Nothing Less” #nobigfatdaemons

  28. #nobigfatdaemons

  29. #nobigfatdaemons

  30. #nobigfatdaemons

  31. S W A R M #nobigfatdaemons

  32. S W A R M #nobigfatdaemons

  33. M O B Y #nobigfatdaemons

  34. M O B Y #nobigfatdaemons

  35. M O B Y #nobigfatdaemons

  36. #nobigfatdaemons

  37. Overview of additional components oci-runtime-tools library is used to generate OCI configs for containers ● #nobigfatdaemons

  38. Overview of additional components oci-runtime-tools library is used to generate OCI configs for containers ● CNI is used for setting up networking ● ○ Tested with Flannel, Weave and openshift-sdn #nobigfatdaemons

  39. Overview of additional components oci-runtime-tools library is used to generate OCI configs for containers ● CNI is used for setting up networking ● ○ Tested with Flannel, Weave and openshift-sdn conmon is a utility for: ● Monitoring ○ Logging ○ Handling tty ○ Serving attach clients ○ Detecting and reporting OOM ○ #nobigfatdaemons

  40. Pod architecture (runc) conmon conmon conmon Infra Container Container A Container B (runc) (runc) Pod (ipc, net, pid namespaces, cgroups) #nobigfatdaemons

  41. Pod architecture (Kata Containers) conmon conmon kata-shim kata-shim Container A Container B (kata-runtime) (kata-runtime) Virtual Machine (ipc, net, pid namespaces, cgroups) #nobigfatdaemons Pod (net namespace, cgroups)

  42. Architecture #nobigfatdaemons

  43. Status All e2e, cri-tools, integration, 9 test suites, (>500) tests passing. ● No PRs merged without passing all the tests ○ #nobigfatdaemons

  44. Status All e2e, cri-tools, integration, 9 test suites, (>500) tests passing. ● No PRs merged without passing all the tests. ○ ● 1.0.7 (kube 1.7.x) supported. (December 2017) #nobigfatdaemons

  45. Status All e2e, cri-tools, integration, 9 test suites, (>500) tests passing. ● No PRs merged without passing all the tests. ○ ● 1.0.7 (kube 1.7.x) supported. (December 2017) 1.9.12 (kube 1.9.x) released. ● CRI-O fully supported in OpenShift 3.9 along with docker. ○ #nobigfatdaemons

  46. Status All e2e, cri-tools, integration, 9 test suites, (>500) tests passing. ● No PRs merged without passing all the tests. ○ ● 1.0.7 (kube 1.7.x) supported. (December 2017) 1.9.12 (kube 1.9.x) released. ● CRI-O fully supported in OpenShift 3.9 along with docker. ○ ● 1.10.6 (kube 1.10.x) released. #nobigfatdaemons

  47. Status All e2e, cri-tools, integration, 9 test suites, (>500) tests passing. ● No PRs merged without passing all the tests. ○ ● 1.0.7 (kube 1.7.x) supported. (December 2017) 1.9.12 (kube 1.9.x) released. ● CRI-O fully supported in OpenShift 3.9 along with docker. ○ ● 1.10.6 (kube 1.10.x) released. 1.11.2 (Kube 1.11.x) released ● #nobigfatdaemons

  48. Status All e2e, cri-tools, integration, 9 test suites, (>500) tests passing. ● No PRs merged without passing all the tests. ○ ● 1.0.7 (kube 1.7.x) supported. (December 2017) 1.9.12 (kube 1.9.x) released. ● CRI-O fully supported in OpenShift 3.9 along with docker. ○ ● 1.10.6 (kube 1.10.x) released. 1.11.2 (Kube 1.11.x) released ● 1.12.1 (Kube 1.12.x) released ● Goal for Openshift 4.0 is to fully support CRI-O by default. ● #nobigfatdaemons

  49. Status CRI-O is now powering nodes on OpenShift Online. #nobigfatdaemons

  50. " CRI-O just works for them, so they haven’t had much to say" #nobigfatdaemons

  51. Making running containers in production boring #nobigfatdaemons

  52. What else does OpenShift need? Ability to build container images ● Ability to push container images to container registries ● #nobigfatdaemons

  53. #nobigfatdaemons

  54. Introducing Buildah https://github.com/containers/buildah #nobigfatdaemons

  55. #nobigfatdaemons https://github.com/containers/buildah

  56. #nobigfatdaemons

  57. Coreutils for building containers. Simple interface #nobigfatdaemons

  58. Coreutils for building containers. Simple interface # ctr=$(buildah from fedora) #nobigfatdaemons

  59. Coreutils for building containers. Simple interface # ctr=$(buildah from fedora) # mnt=$(buildah mount $ctr) #nobigfatdaemons

  60. #nobigfatdaemons

  61. Coreutils for building containers. Simple interface # ctr=$(buildah from fedora) # mnt=$(buildah mount $ctr) # cp -R src $mnt #nobigfatdaemons

  62. Coreutils for building containers. Simple interface # ctr=$(buildah from fedora) # mnt=$(buildah mount $ctr) # cp -R src $mnt # dnf install --installroot=$mnt httpd #nobigfatdaemons

  63. Coreutils for building containers. Simple interface # ctr=$(buildah from fedora) # mnt=$(buildah mount $ctr) # cp -R src $mnt # dnf install --installroot=$mnt httpd # make install DESTDIR=$mnt #nobigfatdaemons

  64. Coreutils for building containers. Simple interface # ctr=$(buildah from fedora) # mnt=$(buildah mount $ctr) # cp -R src $mnt # dnf install --installroot=$mnt httpd # make install DESTDIR=$mnt # buildah config --entrypoint=/usr/sbin/test.sh --env foo=bar $ctr #nobigfatdaemons

  65. Coreutils for building containers. Simple interface # ctr=$(buildah from fedora) # mnt=$(buildah mount $ctr) # cp -R src $mnt # dnf install --installroot=$mnt httpd # make install DESTDIR=$mnt # buildah config --entrypoint=/usr/sbin/test.sh --env foo=bar $ctr # buildah commit $ctr myhttpd #nobigfatdaemons

  66. Coreutils for building containers. Simple interface # ctr=$(buildah from fedora) # mnt=$(buildah mount $ctr) # cp -R src $mnt # dnf install --installroot=$mnt httpd # make install DESTDIR=$mnt # buildah config --entrypoint=/usr/sbin/test.sh --env foo=bar $ctr # buildah commit $ctr myhttpd # buildah push myhttpd docker://rhatdan/myhttpd #nobigfatdaemons

  67. Dan Wait! #nobigfatdaemons

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Container Model Suite of Tools QPI Meeting Bradenton, Fl Keith Hofseth Institute for Water

Container Model Suite of Tools QPI Meeting Bradenton, Fl Keith Hofseth Institute for Water

Container Model Suite of Tools QPI Meeting Bradenton, Fl Keith Hofseth Institute for Water Resources February 1 2012 BUILDING STRONG! Container Modeling Suite of Tools Objective: Provide Corps planners with a set of desktop tools to

625 views • 33 slides
Container Library and FUSE Container File System Softwarepraktikum f ur Fortgeschrittene

Container Library and FUSE Container File System Softwarepraktikum f ur Fortgeschrittene

Introduction Container Library Container Tools FUSE Container File System Evaluation Container Library and FUSE Container File System Softwarepraktikum f ur Fortgeschrittene Michael Kuhn Parallele und Verteilte Systeme Institut f ur

353 views • 22 slides
Enhancing Technology for New Generation of Power Tools & Outdoor Equipment William A.

Enhancing Technology for New Generation of Power Tools & Outdoor Equipment William A.

Fast-Charging as an Enhancing Technology for New Generation of Power Tools & Outdoor Equipment William A. Rigdon, PhD July 11, 2019 Stanley Black & Decker (SB&D) 1843 STANLEY is Founded 60,000+ Employees in 50 Countries 500,000+

872 views • 45 slides
DISASTER RELIEF CENTER 2x Accommodation Container 2x Sanitary Container 1x

DISASTER RELIEF CENTER 2x Accommodation Container 2x Sanitary Container 1x

DISASTER RELIEF CENTER 2x Accommodation Container 2x Sanitary Container 1x Galley Container 1x Medical Container 1x Feed Water Container 1x Water Treatment Container 2x Generator Container 1x

569 views • 8 slides
Bare Metal Container National Institute of Advanced Industrial Science and Technology(AIST)

Bare Metal Container National Institute of Advanced Industrial Science and Technology(AIST)

Bare Metal Container National Institute of Advanced Industrial Science and Technology(AIST) Kuniyasu Suzaki 1 Contents Background of BMC Drawbacks of container, general kernel, and accounting. What is BMC? Current

837 views • 34 slides
BPF as a revolutionary technology for the container landscape Daniel Borkmann, Cilium.io

BPF as a revolutionary technology for the container landscape Daniel Borkmann, Cilium.io

BPF as a revolutionary technology for the container landscape Daniel Borkmann, Cilium.io FOSDEM20 Landscape: continuously decreasing lifetime Source: sysdig 19 container usage report Landscape: continuously increasing density Source:

762 views • 39 slides
Nulecule: Packaging, Distributing and Deploying Multi-Container Applications the Cloud Way

Nulecule: Packaging, Distributing and Deploying Multi-Container Applications the Cloud Way

Nulecule: Packaging, Distributing and Deploying Multi-Container Applications the Cloud Way ContainerCon North America 2016 Charlie Drage Container Tools / Project Atomic @ Red Hat cdrage @ http://projectatomic.io Wait, whats Project

304 views • 28 slides
Elmer Alternative Pre-processing tools ElmerTeam CSC IT Center for Science Mesh generation

Elmer Alternative Pre-processing tools ElmerTeam CSC IT Center for Science Mesh generation

Elmer Alternative Pre-processing tools ElmerTeam CSC IT Center for Science Mesh generation capabilities of Elmer suite ElmerGrid: native generation of simple structured meshes ElmerGUI: plugins for tetgen and netgen No geometry generation

355 views • 18 slides
moja global moja global Next generation Next generation tools for measuring emissions tools for

moja global moja global Next generation Next generation tools for measuring emissions tools for

moja global moja global Next generation Next generation tools for measuring emissions tools for measuring emissions from the land from the land sector sector Climate change is one of the biggest challenges of this century info@moja.global

643 views • 29 slides
Nulecule Packaging, Distributing & Deploying Container Applications the Cloud Way 2016 -

Nulecule Packaging, Distributing & Deploying Container Applications the Cloud Way 2016 -

Nulecule Packaging, Distributing & Deploying Container Applications the Cloud Way 2016 - Ghent, Belgium Brian Exelbierd vpavlin@localhost $ su - bexelbie Container Tools Engineer @ Red Hat bexelbie@localhost $

880 views • 37 slides
Flexible Bulk Container MK-14-10 FBC Packaging technology for transportation, (intermediate)

Flexible Bulk Container MK-14-10 FBC Packaging technology for transportation, (intermediate)

Flexible Bulk Container MK-14-10 FBC Packaging technology for transportation, (intermediate) storage & transshipment of dry bulk cargo 3 types of FBC (dimensions & specifications) Industrial and chemical products Agricultural

582 views • 19 slides
Container Deposits The story so far, and why doesn t everyone do this? Container Deposit

Container Deposits The story so far, and why doesn t everyone do this? Container Deposit

Plastic Bags Ban and Container Deposits The story so far, and why doesn t everyone do this? Container Deposit Legislation Remember 1975? Source: Adelaide Now Adelaide Oval Cricket test 1973 Football Grand Final 1973Adelaide Cans

658 views • 18 slides
Context Generation from Formal Specifications for C Analysis Tools Michele Alberti 1 Julien

Context Generation from Formal Specifications for C Analysis Tools Michele Alberti 1 Julien

Context Generation from Formal Specifications for C Analysis Tools Michele Alberti 1 Julien Signoles 2 1 TrustInSoft 2 CEA LIST, Software Reliability and Security Laboratory LOPSTR 2017, Namur, Belgium 1 Code Analysis Tools Effective enough

575 views • 35 slides
A Series Of Unfortunate Container Events Netflixs container platform lessons learned About the

A Series Of Unfortunate Container Events Netflixs container platform lessons learned About the

A Series Of Unfortunate Container Events Netflixs container platform lessons learned About the speakers and team Follow along - @sargun @tomaszbak_ca @fabiokung @aspyker @amit_joshee @anwleung 2 Netflixs container management platform

808 views • 44 slides
Abstract Generation Advanced VLSI Design CMPE 641 Abstract Generation Place and route tools do

Abstract Generation Advanced VLSI Design CMPE 641 Abstract Generation Place and route tools do

Abstract Generation Advanced VLSI Design CMPE 641 Abstract Generation Place and route tools do not require the full cell layout Another view of the standard cells called the abstract view needs to generated The abstract view provides

537 views • 6 slides
Abstract Generation Advanced VLSI Design CMPE 414 Abstract Generation Place and route tools do

Abstract Generation Advanced VLSI Design CMPE 414 Abstract Generation Place and route tools do

Abstract Generation Advanced VLSI Design CMPE 414 Abstract Generation Place and route tools do not require the full cell layout Another view of the standard cells called the abstract view needs to generated The abstract view provides

90 views • 8 slides
Up Cloud Native Networking with eBPF Next Technical Track Presentation Raymond Maika

Up Cloud Native Networking with eBPF Next Technical Track Presentation Raymond Maika

Up Cloud Native Networking with eBPF Next Technical Track Presentation Raymond Maika Engineering Team Lead Agenda Cloud Native networking CNI Plugin landscape Cilium Overview Policy Overview Policy Enforcement in Cilium

532 views • 12 slides
Dataplane Networking journey in Containers Gary Loughnane gary.loughnane@intel.com

Dataplane Networking journey in Containers Gary Loughnane gary.loughnane@intel.com

Dataplane Networking journey in Containers Gary Loughnane gary.loughnane@intel.com Kuralamudhan Ramakrishnan kuralamudhan.ramakrishnan@intel.com DPDK Summit Userspace - Dublin- 2017 Discussion topics Container Deployment Models

539 views • 16 slides
What queries can the Domain mediator answer for me? Developer CLIDE Schema Schema

What queries can the Domain mediator answer for me? Developer CLIDE Schema Schema

Large-Scale Data Integration Systems Exporting and Interactively Querying Application Domain CNET Computer Developer Web Service-Accessed Sources: PCWorld Portals Application Application The CLIDE System

320 views • 9 slides
Drupal, NetFlix, & Chill: Adaptive Bitrate Video Streaming Stephen Barker, Digital Frontiers

Drupal, NetFlix, & Chill: Adaptive Bitrate Video Streaming Stephen Barker, Digital Frontiers

Drupal, NetFlix, & Chill: Adaptive Bitrate Video Streaming Stephen Barker, Digital Frontiers Media, Inc. Dave Kopecek, Aisle 8, Inc. 1 The Problem Existing Site 400 HD videos Slow video loading/buffering/playback latency (10-11 seconds

838 views • 25 slides
Real-Time System Modeling slide credits: H. Kopetz, P. Puschner Overview Model Construction

Real-Time System Modeling slide credits: H. Kopetz, P. Puschner Overview Model Construction

Real-Time System Modeling slide credits: H. Kopetz, P. Puschner Overview Model Construction Real-time clusters & components Interfaces Real-time interfaces and observations Real-time images and temporal accuracy

1.24k views • 88 slides
ConnectHome Nation Webinar Leveraging Stakeholder Volunteer Programs 1 Agenda Leveraging

ConnectHome Nation Webinar Leveraging Stakeholder Volunteer Programs 1 Agenda Leveraging

ConnectHome Nation Webinar Leveraging Stakeholder Volunteer Programs 1 Agenda Leveraging Topic 1 Stakeholder Volunteers Topic 2 1. WebEx Instructions Nashville Topic 3 Public 2. Introductions Topic 4 Library 3. Nashville Public

435 views • 25 slides
New Bern Choice Neighborhoods January 15, 2015 Existing Conditions Survey Highlights

New Bern Choice Neighborhoods January 15, 2015 Existing Conditions Survey Highlights

Stakeholder Meeting New Bern Choice Neighborhoods January 15, 2015 Existing Conditions Survey Highlights Next Steps Existing Conditions Data collection sources Census and American Community Survey GIS data from county and

745 views • 38 slides
EMPHATIC A new hadron production experiment for improved neutrino flux predictions Jonathan

EMPHATIC A new hadron production experiment for improved neutrino flux predictions Jonathan

EMPHATIC A new hadron production experiment for improved neutrino flux predictions Jonathan Paley On Behalf of the EMPHATIC Collaboration Fermilab Physics Advisory Committee Meeting January 17, 2019 Jonathan M. Paley DUNE Flux

847 views • 19 slides

More recommend