Shulou(Shulou.com)05/31 Report--

This article focuses on "what are the characteristics of Containerd". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Now let the editor take you to learn "what are the features of Containerd"?

Overview of Containerd

"as early as March 16, containerd was included in the Docker Engine of Docker 1.11, but now containerd is completely spun off from Docker Engine and developed independently as an independent open source project, with the goal of providing a more open and stable container running infrastructure. Compared with the containerd originally included in Docker Engine, the independent containerd will have more features to cover all the needs of the entire container runtime management.

Containerd is not directly for end users, but is mainly used for integration into higher-level systems, such as Swarm, Kubernetes, Mesos and other container orchestration systems. Containerd runs on the system in the form of Daemon, exposing very low-level gRPC API through unix domain docket, and the upper system can manage containers on the machine through these API. Each containerd is only responsible for one machine, Pull image, container operation (start, stop, etc.), network, storage is completed by containerd. RunC is responsible for running the container. In fact, any container that conforms to the OCI specification can support it.

For the container orchestration service, the runtime only needs to use containerd+runC, which is lighter and easier to manage. After independence, the feature evolution of containerd can be separated from Docker Engine, focusing on container runtime management, and can be more stable. Better backward compatibility can also be done. Containerd's first official version 1.0 Release will be supported for one year after the first official version, including security updates and Bugfix, and each upgrade will be compatible with a small version. "

Containerd features and functions are single

What features do you usually need to include when a container is running?

Here is the architecture diagram of containerd. The middle layer contains three subsystems, from which you can see which capabilities containerd supports.

Distribution: deal with Docker Registry and pull images

Bundle: the subsystem that manages mirroring on the local disk.

Runtime: a subsystem that creates and manages containers.

You can see that containerd is very clean and provides all the functionality that the runtime really needs.

Cotainerd is only responsible for container runtime and basic image management, as well as some commonly needed support.

* Container Management * Image Management * Storage Volume Management * performance Collection * Log Management * Network

Features and roadmap

* support OCI image * support OCI runtime (runC) * support pull/push operation of image * container runtime and lifecycle management * network primitive: create / modify / delete interface * Let container join existing Network Namespace* using content addressable storage support global image multi-tenant sharing Namespace support

Due to the need to be compatible with multiple upper choreography systems, docker and K8s may have multiple containerd on one node. There can be containers with the same name in different namespaces. When downloading images of different namespace, you can use the images of other namespace as soft chains to save storage space without having to download them repeatedly.

Plugin mode

Advantage: the function is easy to expand. When it is necessary to dock the upper orchestration system, it can be docked by plug-in. Cri-containerd has become a plug-in that allows k8s to directly dock with containerd functions.

There are two ways to integrate: native code integration and dynamic library. Native code integration, as the name implies, means that the code is built into a binary file in an repo. The way of the so-called dynamic library is to add the .so file to the specified directory and load a plug-in without recompiling the containerd binary.

CRI implementation of Containerd

Project: https://github.com/containerd/cri

Formerly known as cri-containerd: currently cri-conainerd has become a plug-in for containerd.

Supports all features of the K8s CRI specification

Provides a way to deploy a k8s cluster using ansible and kubeadm tools.

CRI implementation of Containerd

-- before plug-in

Disadvantages: actually calling containerd through containerd client, there is an extra layer of grpc calls, resulting in a loss of performance.

-- after plug-in

There is no change in function, and the performance is greatly improved.

The present situation of Containerd & CRI-Containerd vs docker

Advantages:

Stability has a single responsibility and is easier to stabilize.

Compatibility follows the needs of kubernetes

Neutral Foundation neutrality, one of the CNCF projects

Performance

The code of dockershim is integrated inside kubelet, and the function of dockershim is to encapsulate the interface of docker with CRI standard.

Docker version 17.11 begins to use Containerd v1.0

Cri-conainerd has become a plug-in for containerd.

Disadvantages:

There is still a gap between User Adaption debugging tools and docker.

Maturity needs time to mature.

Performance comparison (docker vs containerd)

The top half of the picture is the data of docker, and the bottom half of the picture is the data of containerd.

In the first column, compared with the creation delay of Pod, it takes time to create 50% pod 90% and 99% pod using k8s test tool density.

The second column, how many pod can be created per unit time.

The above test creates 105 pod, which consumes machine resources.

Analysis: a container corresponds to a dockershim, and the memory occupied by dockershim in docker is smaller than that occupied by containerd.

Future planning

Further optimize * cri-containerd plug-in and then lose weight * containerd-shim consumes more memory than another language implementation?

Important event

Containerd Native support for CRI

The project has been merged, and cri-containerd, as a plug-in to Containerd, has been renamed cri and no longer exists independently.

Version: with kubernetes 1.10, release cri-containerd 1.0.0-rc.0, Containerd 1.1

Plan 2018

Secure Pod (kata container etc)

Windows container

Performance optimization part.

Containerd architecture diagram

Understanding these component modules and their relationships is critical to modifying and extending the system.

The goal of the entire architecture is to coordinate the creation and execution of bundles. Bundles refers to what is used by Runtime, including configuration, metadata, rootfs data. Bundle represents the runtime container on the file system and is reduced to a directory.

Code layout does not reflect the actual architecture.

Subsystems: external users interact through services exposed by GRPC API.

Bundle: the bundle service allows users to extract and package bundles from hard disk images.

Runtime: the runtime service supports the execution of bundles, including the creation of a container runtime

Each subsystem has more than one controller component, implements the behavior of the subsystem, and exposes to external access through services.

Modules

In addition to subsystems, there are some components that may be implemented across subsystems.

Executor: implements the actual container runtime.

Supervisor: monitor and report container status.

Metadata: stores metadata in graph db. Save all files related to mirroring and bundles. The data saved in the database is schema, which contains the entry for collaboration with modules. Garbage collection hook that reclaims disk space is also included.

Content: provides addressable storage for content. All immutable content is saved here via hash key.

Snapshot: manages snapshots of container images on the file system. Analogy to graphdriver in Docker

Events: supports the collection and consumption of events, providing consistent event-driven behavior and auditing. Events can be replayed in multiple models.

Metrics: multiple metrics are exported for each component and accessed through metrics API.

Client-side Subsystems

Distribution: provides the ability to upload and download images

Create a data-flow for bundle

At this point, I believe you have a deeper understanding of "what are the characteristics of Containerd?" you might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.