$30 off During Our Annual Pro Sale. View Details »

さくらインターネット研究所のコンセプトおよび取り組みの紹介

 さくらインターネット研究所のコンセプトおよび取り組みの紹介

さくらインターネット研究所のコンセプトおよび取り組みの紹介 ~ 超個体型データセンターOSとコンテナランタイム ~

第 45 回インターネット技術第 163 委員会研究会 (ITRC meet45)

2019/05/16

さくらインターネット株式会社
さくらインターネット研究所
上級研究員
松本亮介 / まつもとりー / @matsumotory

MATSUMOTO Ryosuke

May 16, 2019
Tweet

More Decks by MATSUMOTO Ryosuke

Other Decks in Research

Transcript

  1. ͘͞ΒΠϯλʔωοτגࣜձࣾ (C) Copyright 1996-2019 SAKURA Internet Inc ͘͞ΒΠϯλʔωοτݚڀॴ ͘͞ΒΠϯλʔωοτݚڀॴͷίϯηϓτ͓ΑͼऔΓ૊Έͷ঺հ ~

    ௒ݸମܕσʔληϯλʔOSͱίϯςφϥϯλΠϜ ~ 2019/05/16 ্ڃݚڀһ দຊ ྄հ ୈ 45 ճΠϯλʔωοτٕज़ୈ 163 ҕһձݚڀձ (ITRC meet45)
  2. 2 ɾ͘͞ΒΠϯλʔωοτݚڀॴ ্ڃݚڀһ ɾגࣜձࣾGrooves Forkewll ٕज़ސ໰ ɾϖύϘݚڀॴ ٬һݚڀһ ݚڀސ໰ ɾηΩϡϦςΟɾΩϟϯϓߨࢣ

    ɾ৘ใॲཧֶձ Πϯλʔωοτͱӡ༻ٕज़ݚڀձ ֤छҕһ ɾITRC ֤छҕһ ← NEW! ɾژ౎େֶത࢜ʢ৘ใֶʣ দຊ྄հ / ·ͭ΋ͱΓʔ / @matsumotory
  3. 3 2018೥ʙ2019೥ͷݚڀ ࿦จࢽ࿦จ 1. Ryosuke Matsumoto, Kenji Rikitake, Kentaro Kuribayashi,

    Large-scale Certificate Management on Multi-tenant Web Servers, Journal of Information Processing, ʹͯ৚݅෇͖࠾࿥ 2. দຊ ྄հ, ܀ྛ ݈ଠ࿠, Ԭ෦ णஉ, ϦΫΤετ୯ҐͰԾ૝తʹϋʔυ΢ΣΞϦιʔεΛ෼཭͢ΔWebαʔόͷϦιʔε੍ޚ ΞʔΩςΫνϟ, ৘ใॲཧֶձ࿦จࢽ, Vol.59, No.3, pp.1016-1025, Mar 2018. 3. দຊ ྄հ, ܀ྛ ݈ଠ࿠, Ԭ෦ णஉ, WebαʔόͷߴूੵϚϧνςφϯτΞʔΩςΫνϟͱӡ༻ٕज़, ిࢠ৘ใ௨৴ֶձ࿦จࢽ B, Vol.J101-B, No.1, pp.16-30, Jan 2018. ※ দຊ͕ෳ਺ͷݚڀॴ΍େֶʹॴଐ͢ΔͨΊɼ͢΂ؚͯΜͩ΋ͷʹͳ͍ͬͯ·͢
  4. 4 2018೥ʙ2019೥ͷݚڀ ࠃࡍձٞ࿦จʢࠪಡ෇͖ʣ 1. Ryosuke Matsumoto, Uchio Kondo and Kentaro

    Kuribayashi, FastContainer: A Homeostatic System Architecture High- speed Adapting Execution Environment Changes, The 43rd Annual IEEE International Computers, Software, and Applications Conference (COMPSAC2019), July 2019. (to appear) 3. Yuuki Tsubouchi, Asato Wakisaka, Ken Hamada, Masayuki Matsuki, Hiroshi Abe and Ryosuke Matsumoto, HeteroTSDB: An Extensible Time Series Database for Automatically Tiering on Heterogeneous Key-Value Stores, The 43rd Annual IEEE International Computers, Software, and Applications Conference (COMPSAC2019), July 2019. (to appear) 4. Komei Nomura, Kenji Rikitake and Ryosuke Matsumoto, Automatic Whitelist Generation for SQL Queries Using Web Application Tests, The 9th IEEE International COMPSAC Workshop on Network Technologies for Security, Administration and Protection (NETSAP 2019), July 2019. (to appear) 5.Ryosuke Matsumoto, Kenji Rikitake, Kentaro Kuribayashi, Large-scale Certificate Management on Multi-tenant Web Servers, The 6th IEEE International COMPSAC Workshop on Architecture, Design, Deployment and Management of Networks and Applications (ADMNET 2018), July 2018. ※ দຊ͕ෳ਺ͷݚڀॴ΍େֶʹॴଐ͢ΔͨΊɼ͢΂ؚͯΜͩ΋ͷʹͳ͍ͬͯ·͢
  5. 5 1. എܠͱ໨త 2. ௒ݸମܕσʔληϯλʔ 3. ௒ݸମܕσʔληϯλʔOSͱίϯςφ 4. ίϯςφͷOCIϥϯλΠϜͷαʔϕΠͱ࣮ݧ 5.

    ·ͱΊ ໨࣍ ※͜ͷݚڀʹج͍͍ͮͯ·͢: দຊ྄հ, ௶಺༎थ, ٶԼ߶ี, ෼ࢄܕσʔληϯλʔOSΛ໨ࢦͨ͠ϦΞΫςΟϒੑΛ࣋ͭίϯ ςφ࣮ߦج൫ٕज़, ৘ใॲཧֶձݚڀใࠂΠϯλʔωοτͱӡ༻ٕज़ʢIOTʣ, No.2019-IOT-44, Vol.27, pp.1-8, 2018೥3݄.
  6. 7 େن໛σʔληϯλʔͷूத • σʔληϯλʔͷେن໛Խͱूத • ίϯϐϡʔλϦιʔεͱίετͷޮ཰Խ • Ϋϥ΢υར༻͕͜͜਺೥Ͱਵ෼ͱଅਐ͞Ε͖ͯͨ • ٕज़എܠͷมԽʹ൐ͬͯOSS΍Ϋϥ΢υαʔϏε΋ٸ଎ʹมԽ

    • ιϑτ΢ΣΞ΍ϕϯμʔʹڧ͘ґଘ͠ͳ͍มԽʹڧ͍ઃܭ͕ٸ຿ • αʔϏεͷػೳͷந৅Խͱૄ݁߹ͳઃܭ͕ීٴ • Ϋϥ΢υωΠςΟϒɾϚϧνΫϥ΢υɾϚΠΫϩαʔϏεԽ
  7. 8 σʔληϯλʔͷूத͔Β෼ࢄ • Ϋϥ΢υΛલఏʹϞϊϦγοΫͳαʔϏεઃܭ͔ΒϚΠΫϩαʔϏεԽ΁ • αʔϏεͷ֤ػೳΛখ͞ͳαʔϏεͱ࣮ͯ͠૷͠gRPC౳Ͱ࿈ܞ • ೝূ΍ਪનɺͦͷଞ֤छػೳΛϚΠΫϩαʔϏεԽͯ͠૊Έ߹ΘͤΔ • ϚΠΫϩαʔϏε୯ҐͰͷଟ༷ͳνʔϜ։ൃ΍ӡ༻ͷޮ཰Խ

    • εέʔϦϯά΍ো֐࣌ͷӨڹͷہॴԽ • ϚΠΫϩαʔϏεؒͰͷଳҬෆ଍΍ϨΠςϯγʔͷ௿ݮ͕ٻΊΒΕΔ • େن໛σʔληϯλʔͷڑ཭ʢ౦ژͱੴङؒʣͰ΋ٞ࿦͕ੜ࢝͡ΊΔ • αʔό͚ͩͰͳ͘ηϯαʔ΍σόΠεͷߴ౓Խɾଟ਺ԽʹΑΔଳҬෆ଍
  8. 10 ຊൃද • ௒ݸମܕσʔληϯλʔʹ͓͚ΔίϯηϓτͱϏδϣϯͷ঺հ • ௒ݸମܕσʔληϯλʔOSʹඞཁͳཁ݅ͱ͸ • ݱ࣮తͳWebΞϓϦέʔγϣϯΛѻ͏ίϯςΩετͰ·ͣ͸ݕ౼ • ίϯϐϡʔςΟϯάϦιʔε͕෼ࢄԽͨ͠ࡍͷίϯςφͷ͋Γํ

    • σʔληϯλʔOSΛʹ͓͚Δϓϩηε΍εϨουͱͯ͠ͷίϯςφ • ίϯςφͷϦΞΫςΟϒੑͷॏཁੑΛٞ࿦ • ݱࡏͷ֤ۀքͷऔΓ૊Έ΍ίϯςφϥϯλΠϜͷ෼ྨͯ͠੔ཧ
  9. 12 ͳͥݚڀॴʹίϯηϓτͱϏδϣϯ͕ඞཁ͔ • اۀͷݚڀॴ͸νʔϜͱͯ͠ߏ੒͠Ұؙͱͳͬͯݚڀ։ൃΛߦ͍͍ͨ • ݚڀͷ৔߹ɺඞͣ͠΋اۀͷίϯηϓτͱಉ͡ʹͳΒͳ͍৔߹΋͋Δ • ݚڀһͷ໨ࢦ͢ํ޲ੑʹ͕ࠩ͋Δͱٞ࿦ʹᴥᴪ͕ى͖ͨΓ͢Δ • ݚڀॴҎ֎ͷϝϯόʔʹ΋औΓ૊ΈΛݟ͑΍͘͢͢Δ

    • اۀ಺Ͱݚڀॴͱݱ৔ͷϝϯόʔ͕ڠྗͯ͠اۀ಺࢈ֶ࿈ܞΛߦ͏ • ٞ࿦ͷޮ཰ԽɾνʔϜલఏͰͷݚڀ։ൃ • ֤ݚڀһ͕໎ͬͨ࣌ͷڌΓॴͰ͋Γɺ໎Θͳ͍Α͏ʹαϙʔτ͠߹͏؀ڥ • νʔϜͰߦ͏͜ͱʹΑΔٞ࿦΍ਐḿͷ৺ཧత҆શੑ
  10. 13 ίϯηϓτͱݚڀςʔϚͷཱͪҐஔ • ίϯηϓτ͸ݚڀॴͷݚڀʹ͓͚ΔபͰ͋Γํ਑ • ํ޲ੑ͸͕ࣔ͢۩ମతͳΞϓϩʔν΍࣌ܥྻ͸࣌୅എܠʹԠͯ͡มΘΔ • ίϯηϓτʹ͓͚ΔϏδϣϯͱ͸ • ίϯηϓτ͕ཧ૝తʹਐΉͱ͜ͷΑ͏ͳ࣌ܥྻʹͳΔͱ͍͏૝૾

    • ඞͣ͠΋Ϗδϣϯ௨Γʹ͸͍͔ͳ͍͠ɺϏδϣϯ΋ৗʹߋ৽͞ΕΔ • ݚڀςʔϚ͸ίϯηϓτ΍Ϗδϣϯʹج͍ͮͯΞϓϩʔνΛܾΊ͍ͯ͘ • ίϯηϓτʹج͍ͮͯݚڀһͷಘҙ෼໺͝ͱʹෳ਺ͷݚڀςʔϚ͕͋Δ
  11. 18 ͦ΋ͦ΋௒ݸମͱ͸ • ӳޠͰ͸super-organicͱ͔super-organism • ࣾձੑࠛ஬ͷࣾձूஂΛҙຯ͢Δ͜ͱ͕ଟ͍ • ࣾձֶ΍ੜ෺ֶɺܦࡁֶɺαΠόωςΟοΫεͷ෼໺ͳͲͰٞ࿦ • ୯ػೳ͔ͭݸผͷػೳΛ࣋ͭݸମ͕૯ମͱͯ͠ݸମҎ্ͷৼΔ෣͍Λ͢Δ

    • ଟ਺ͷҟछͷݸମ͕ಠࣗʹಈ͕͘૯ମͱͯ͠͸ҰͭͷݸମͷΑ͏ʹৼΔ෣͏ • ಉछͰߏ੒͞ΕΔ৔߹͸ݸମ܈΍ίϩχʔͳͲͱݺͿ৔߹΋ • ͍͔ͭ͘εϚʔτγςΟͷจ຺Ͱ࿦จ΍دߘ͕͋Δ [1][2] [1] Franco Zambonelli, Toward Sociotechnical Urban Superorganisms, IEEE Computer Magazine, pp. 76-78, vol. 45, 2012. [2] Nicola Bicocchi, Alket Cecaj, Damiano Fontana, Marco Mamei, Andrea Sassi, Franco Zambonelli, Collective Awareness for Human-ICT Collaboration in Smart Cities, IEEE WETICE 2013, Volume: 1, Pages: 3-8, 2013.
  12. 20 ίϯηϓτͷ΋͏Ұͭͷ໾ׂɿٞ࿦Λ͓͜͢ 1. ݱࡏ͸σʔληϯλʔʹڊେͳίϯϐϡʔςΟϯάϦιʔε͕ଘࡏ͍ͯ͠·͕͢ɺ ࠓޙ͸ϨΠςϯγʗηΩϡϦςΟʗίετ౳ͷཁ͔݅Βɺ͋ΒΏΔ৔ॴ΍ࣾձɺ૊ ৫ʹίϯϐϡʔςΟϯάϦιʔε༹͕͚ࠐΜͰ͍͘͜ͱʹͳΓ·͢ɻ 2. ͦΕΒ෼ࢄͨ͠ίϯϐϡʔςΟϯάϦιʔε͸ɺ୯ಠͰίϯϐϡʔςΟϯάύϫʔ Λఏڙ͢Δʹཹ·Βͣɺͦͷ৔ॴ΍ࣾձͷཁٻʹԠͯ͡ɺࣗ཯తʹɺ෼ࢄ͋Δ͍͸ ༗ػతʹ݁߹͠ɺݱ৔ɾΫϥ΢υͦΕͧΕ͕ॎԣʹ݁ͼ͍ͭͨϋΠϒϦουߏ଄Λ

    ࠾ΔΑ͏ʹػೳ͠·͢ɻ 3. ͜ͷΑ͏ͳγεςϜʹΑΓ࣮ݱ͞ΕΔ΋ͷ͸ɺਓʑͷ਎ۙʹଘࡏ͠ɺϦΞϧλΠϜ ͔ͭΠϯςϦδΣϯεʹϢʔβΛࢧ͑ͳ͕Βɺ͔͠͠ಉ࣌ʹόοΫΤϯυଆ͕༗ػ తʹ݁߹͢Δ͜ͱʹΑΓɺ͔ͭͯͳ͍ϚγϯύϫʔͱϦιʔεྔΛಈһ͢Δ͜ͱͰ ݱ৔࠷ద͔ͭશମ࠷దΛ΋࣮ݱ͢ΔSuper Organized WorldͰ͢ɻ ༗ػతͱ͸ʁॎԣͱ͸ʁ࠷దͱ͸ʁ → ੝Μʹٞ࿦Λ͓͜͢΂͋͑ͯ͘ᐆດͳϫʔυΛબ୒
  13. 21 ίϯηϓτʹجͮ͘ݚڀςʔϚ΍औΓ૊Έ • Ϋϥ΢υɾϗεςΟϯάج൫ٕज़ • ϦΞΫςΟϒੑΛ࣋ͭίϯςφ࣮ߦج൫ٕज़ɾσʔληϯλʔOS্ͷϓϩηε΍εϨου • ෼ࢄڠௐΫΤϦΩϟογϡػߏɾࣗಈ֊૚ԽͷͨΊͷ࣌ܥྻσʔλϕʔεΞʔΩςΫνϟ • Edge/FogίϯϐϡʔςΟϯά

    • ϩʔΧϧϊʔυؒ௨৴ͷੑೳධՁͷͨΊͷFogίϯϐϡʔςΟϯάςετϕου • ؂ࢹɾ؍ଌɾӡ༻ٕज़ • ωοτϫʔΫґଘؔ܎ͷࣗ཯෼ࢄత௥੻ • ίϯηϯαεΞϧΰϦζϜʹΑΔ෼ࢄܕϦιʔεϚωʔδϝϯτϛυϧ΢ΣΞ • ػցֶशɾਂ૚ֶशɾ܈஌ೳ • ৵ೖݕ஌γεςϜͷͨΊͷάϥϑߏ଄ʹج͍ͮͨػցֶश͓ΑͼՄࢹԽ
  14. 24 ࠓίϯςφͷ໘ന͍ͱ͜Ζ • Ϋϥ΢υɾϗεςΟϯάۀքʹ͍ͨࣗ෼ͱͯ͠ཁૉٕज़͸͜Ε·Ͱͱಉ͕ͩ͡ • ίϯςφΛऔΓר͘ΤίγεςϜ΍ඪ४Խ͕ੈքͰڠௐͯ͠ਐΈ࢝Ί͍ͯΔ • kubernetesɺistioͳͲͷαʔϏεϝογϡɺϚΠΫϩαʔϏε΁ͷ׆༻ • Open

    Container Initiative(OCI)ɺContainer Runtime Interface(CRI) • CNCFΛத৺ʹ͜ΕΒͷݚڀɾઃܭɾ։ൃɾඪ४Խ͕੝ΜʹߦΘΕ͍ͯΔ • ಛʹΦʔέετϨʔγϣϯ΍࣮ݱࠔ೉ͩͬͨͱ͜ΖΛօͰڠྗͯٞ͠࿦ɾ։ൃ • ΞΧσϛΞͱاۀ͕ڠྗͯ͠ݚڀΛ࢝͠Ί͍ͯΔ
  15. 25 ಁաੑͱίϯςφͷϦΞΫςΟϒੑ • σʔληϯλʔΛಁաత͔ͭ༗ػతʹίϯςφ͕ॲཧΛߦ͏ඞཁ͕͋Δ • ༷ʑͳίϯςφϥϯλΠϜΛϓϩηε΍εϨουͱݟཱͯΔ • ίϯςφ͕ϦΞΫςΟϒʹঢ়ଶΛม͑ΒΕΔΑ͏ʹ͢Δඞཁ͕͋Δ • ࣄલ༧ଌతͰ͸ͳ͘൓ԠతʹΞΫηεมԽͱϦιʔεׂ౰ΛҰகͤ͞Δ

    • ௒ݸମతʹߴ౓ʹ෼ࢄͨ͠σʔληϯλʔΛލ͍ͩ༗ػతͳ࿈ܞ • ίϯςφؒͷ࿈ܞ΍αʔό΍σʔληϯλʔؒΛߴ଎Ҡಈ͢Δඞཁ͕͋Δ • ϓϩηε΍εϨουͷΑ͏ͳOSΛʹ͓͚ΔϦΞΫςΟϒੑ͕ٻΊΒΕ͍ͯ͘
  16. 27 ίϯςφ࣌୅ͷWebαʔϏεج൫Ϟσϧ দຊ྄հ, ۙ౻Ӊஐ࿕, ࡾ୐༔հ, ྗ෢݈࣍, ܀ྛ݈ଠ࿠, FastContainer: ࣮ߦ؀ڥͷมԽʹૉૣ͘దԠͰ͖Δ߃ৗੑΛ࣋ͭγεςϜΞʔΩςΫνϟ, Πϯλʔωοτͱӡ༻ٕज़γϯϙδ΢Ϝ2017࿦จूɼ2017ɼ89-97ʢ2017-11-30ʣ,

    2017೥12݄. ← ͜͜Λߋʹਂ۷Γ 0SDIFTUSBUJPO-BZFS (,& &$4 .BSBUIPO ,VCFSOFUFT %PDLFS4XBSN 4USBUFHZ-BZFS 3BODIFS 'BTU$POUBJOFS 4FSWJDF-BZFS 8FC"QQMJDBUJPOPS4FSWJDFPO$POUBJOFST *OGSBTUSVDUVSF-BZFS ($1 "[VSF "84 0QFO4UBDL .FTPT #BSF.FUBM -JOVY,JU $POUBJOFS3VOUJNF-BZFS %PDLFS DPOUBJOFSE -9$ )BDPOJXB H7JTPS ,BUB$POUBJOFST $POUBJOFS3VOUJNF*OUFSGBDF $3*
  17. 28 ίϯςφϥϯλΠϜͷϨΠϠʔϞσϧԽ CRI ίϯςφϥϯλΠϜ ϥϯλΠϜ ্هͷΑ͏ʹఆٛ͞ΕΔ͜ͱ͕ଟ͍ ͕ɺίϯςφϥϯλΠϜͷதʹruncͳ ͲͷϥϯλΠϜ͕͋Δͱ͍͏ͷ͸গ͠ Θ͔Γʹ͍͘ɻ CRI

    CRIϥϯλΠϜ OCI OCIϥϯλΠϜ ίϯςφϥϯλΠϜ ΛϥϯλΠϜͷ໾ׂ ͰϨΠϠʔϞσϧԽ CRIϥϯλΠϜͱOCIϥϯλΠϜͱఆٛ※1ɻ͜ͷ2ͭ ͷϥϯλΠϜΛ·ͱΊͯίϯςφϥϯλΠϜͱ͢ Δɻ CRI : Container Runtime Interface OCI: Open Container Initiative Runtime/Image Format Specification ※1 Google CloudͷIan Lewisࢯ͸CRIϥϯλΠϜΛHigh-Level RuntimeɺOCIϥϯλΠϜΛLow-Level Runtimesͱఆٛ https://www.ianlewis.org/en/container-runtimes-part-1-introduction-container-r
  18. 29 ίϯςφपลͷجຊϨΠϠʔϞσϧ ΦʔέετϨʔγϣϯ CRI CRIϥϯλΠϜ OCI OCIϥϯλΠϜ Podͱίϯςφ܈ CRIܦ༝ͰΦʔέετϨʔγϣϯʹجͮ ͖ίϯςφߏ੒৘ใΛड͚औͬͨΓίϯ

    ςφΠϝʔδΛ؅ཧ͢ΔCRIϥϯλΠϜ ʢcri-oɺcontainerdͳͲʣ ίϯςφͷߏ੒৘ใ΍ΠϝʔδͳͲ͔Β ίϯςφͷϦιʔεׂ౰΍ݖݶ෼཭Λ ߦͬͯίϯςφΛىಈͤ͞ΔOCIϥϯλ ΠϜʢrunCɺrunscɺrunncɺrunVɺ kata-runtimeɺcc-runtimeͳͲʣ
  19. 30 ྫɿίϯςφपลͷجຊϨΠϠʔϞσϧ kubelet CRI containerd OCI runC Podͱίϯςφ܈ ίϯςφͷߏ੒৘ใ΍ΠϝʔδͳͲ͔Β ίϯςφͷϦιʔεׂ౰΍ݖݶ෼཭Λ

    ߦͬͯίϯςφΛىಈͤ͞ΔOCIϥϯλ ΠϜʢrunCɺrunscɺrunncɺrunVɺ kata-runtimeɺcc-runtimeͳͲʣ CRIͱOCIʹ४ڌ͍ͯ͠Ε͹ɺ ΦʔέετϨʔγϣϯ૚͸ kubernetesΛ࢖͍ͭͭɺ޷͖ʹ CRIϥϯλΠϜ΍OCIϥϯλΠϜ Λஔ͖׵͑Մೳ CRIܦ༝ͰΦʔέετϨʔγϣϯʹجͮ ͖ίϯςφߏ੒৘ใΛड͚औͬͨΓίϯ ςφΠϝʔδΛ؅ཧ͢ΔCRIϥϯλΠϜ ʢcri-oɺcontainerdͳͲʣ
  20. 33 OCIίϯςφϥϯλΠϜͷαʔϕΠͱ࣮ݧ • runCɼgVisorɼNabla-ContainersɼFirecrackerɼKata-Containersͷݱঢ়ௐࠪ • 2019೥3݄࣌఺ • Hello Worldͱloop͢ΔDockerΠϝʔδΛ࡞੒ •

    ֤छOCIίϯςφϥϯλΠϜͰHello World(Cݴޠ)Λ࣮ߦ • TimeίϚϯυͰPodىಈ+ίϯςφىಈ+Hello worldͷ࣮ߦ࣌ؒΛܭଌ • loopίϯςφΛىಈͤͯ͞ϝϞϦαΠζʢRSSʣΛܭଌ • ࣮ݧϗετɿEC2 i3.metal Πϯελϯε, 72 vCPUsɼ512 GB ϝϞϦ
  21. 34 OCIίϯςφϥϯλΠϜίϚϯυͷ௚઀࣮ߦ time sudo runc run bundle time sudo runsc

    -log /dev/null run bundle time sudo kata-runtime run bundle cid=`sudo docker create mizzy/hello:latest` mkdir -p bundle/rootfs sudo docker export $cid | tar -C bundle/rootfs -xvf -
  22. ϝοηʔδ ηΩϡϦςΟ ࣮૷ྫ helloworldੑೳ (Pod+ίϯςφىಈ଎౓) ऩ༰ޮ཰ (1ίϯςφ͋ͨΓͷϝϞ ϦͷϑοτϓϦϯτ) ϓϩηεܕ ωʔϜεϖʔεͷִ཭

    runC 0.159 s runc: 10216 KB ߹ܭ໿ 10 MB αϯυϘοΫεܕ ϢʔβϥϯυΧʔωϧ γεςϜίʔϧΞΫηε੍ޚ gVisor(runsc) 0.197 s runsc: 117748 KB runsc-gopher: 13028 KB runsc-sandbox: 18404 KB ߹ܭ໿ 150 MB ϢχΧʔωϧܕ ϢχΧʔωϧ෼཭ (ઐ༻appΠϝʔδͱ࠷௿ݶͷγ εςϜίʔϧ੍ݶ) Nabla-Containers(runnc) runncͷ࢓༷͕ίϯςφ࣮ߦ׬ ྃΛ଴ͨͳ͍ͨΊະܭଌ runncͷ࢓༷͕ίϯςφ࣮ߦ׬ ྃΛ଴ͨͳ͍ͨΊະܭଌ microVMܕ microVM (virtio-net,virtio-blockɼserial console, a 1-button key-board controller) Firecracker runc૬౰ͷίϚϯυͱݱ࣌఺Ͱ ௚઀࿈ܞͰ͖ͳ͍ͨΊະܭଌ runc૬౰ͷίϚϯυͱݱ࣌఺Ͱ ௚઀࿈ܞͰ͖ͳ͍ͨΊະܭଌ VMܕ VM Kata-Containers 1.392 s kata-runtime: 28424 KB qemu-lite-system-x86_64: 222208 KB kata-proxy: 6884 KB kata-shim: 19124 KB ߹ܭ໿ 280 MB
  23. 37 containerdΛܦ༝࣮ͨ͠ߦ time sudo ctr run \ --rm --runtime io.containerd.runc.v1

    \ docker.io/mizzy/hello:latest \ foo /hellotime sudo ctr run \ --rm \ --runtime io.containerd.runsc.v1 docker.io/mizzy/hello:latest ba /hello time sudo ctr run \ --rm \ --runtime io.containerd.kata.v2 \ docker.io/mizzy/hello:latest baz /hello time sudo ctr run \ --rm \ --runtime io.containerd.runtime.v1.linux \ docker.io/mizzy/hello:latest foo /hello time sudo ctr run \ --rm \ --snapshotter firecracker-naive \ --runtime aws.firecracker \ docker.io/mizzy/hello:latest foo /hello
  24. ϝοηʔδ ηΩϡϦςΟ ࣮૷ྫ helloworldੑೳ (Pod+ίϯςφىಈ଎౓) ऩ༰ޮ཰ (1ίϯςφ͋ͨΓͷϝϞϦͷ ϑοτϓϦϯτ) ϓϩηεܕ ωʔϜεϖʔεͷִ཭

    runC 0.361 s ctr: 26592 KB ߹ܭ໿ 26 MB αϯυϘοΫεܕ ϢʔβϥϯυΧʔωϧ γεςϜίʔϧΞΫηε੍ޚ gVisor(runsc) 0.422 s ctr: 26600 KB runsc: 12296 KB containerd-shim-runsc-v1: 6908 KB runsc-gopher: 12296 KB runsc-sandbox: 18124 KB ߹ܭ໿ 75 MB ϢχΧʔωϧܕ ϢχΧʔωϧ෼཭ (ઐ༻appΠϝʔδͱ࠷௿ݶͷ γεςϜίʔϧ੍ݶ) Nabla-Containers(runnc) containerd shim API v2ʹରԠ͠ ͍ͯͳ͍ͨΊܭଌෆՄ containerd shim API v2ʹରԠ͍ͯ͠ ͳ͍ͨΊܭଌෆՄ microVMܕ microVM (virtio-net,virtio-blockɼ serial console, a 1-button key-board controller) Firecracker (naive snapshotter) 8.117 s ctr: 26120 KB containerd-shim-aws-firecracker: 13748 KB firecracker: 59152 KB ߹ܭ໿ 100 MB (native_snapshotter: 11400 KB) VMܕ VM Kata-Containers 1.570 s ctr: 26572 KB containerd-shim-kata-v2 : 19780 KB qemu-lite-system-x86_64: 195864 KB ߹ܭ໿ 241 MB
  25. 40 dockerdΛܦ༝࣮ͨ͠ߦ time sudo docker run --rm mizzy/hello:latest /hello time

    sudo docker run --rm --runtime=runsc mizzy/ hello:latest /hello time sudo docker run --rm --runtime=kata-runtime mizzy/ hello:latest /hello time sudo docker run --rm --runtime=runnc mizzy/ hello:latest /hello.nabla time sudo docker run --rm --runtime=kata-fc mizzy/ hello:latest /hello
  26. ϝοηʔδ ηΩϡϦςΟ ࣮૷ྫ helloworldੑೳ (Pod+ίϯςφىಈ଎౓) ऩ༰ޮ཰ (1ίϯςφ͋ͨΓͷϝϞϦͷ ϑοτϓϦϯτ) ϓϩηεܕ ωʔϜεϖʔεͷִ཭

    runC 0.847 s docker: 50356 KB containerd-shim: 6124 KB ߹ܭ໿ 56 MB αϯυϘοΫεܕ ϢʔβϥϯυΧʔωϧ γεςϜίʔϧΞΫηε੍ޚ gVisor(runsc) 1.034 s docker: 50532 KB cintainerd-shim: 5812 KB runsc-gopher: 12296 KB runsc-sandbox: 18124 KB ߹ܭ໿ 85 MB ϢχΧʔωϧܕ ϢχΧʔωϧ෼཭ (ઐ༻appΠϝʔδͱ࠷௿ݶͷ γεςϜίʔϧ੍ݶ) Nabla-Containers(runnc) 0.897 s docker: 50720 KB containerd-shim: 5512 KB nabla-run: 6684 KB ߹ܭ໿ 62 MB microVMܕ microVM (virtio-net,virtio-blockɼ serial console, a 1-button key-board controller) Firecracker (devmapper snapshotter) (Kata plugin) 3.889 s docker: 1170808 KB docker-containerd-shim: 9960 KB kata-shim: 455664 KB firecracker: 145952 KB ߹ܭ໿ 1700 MB VMܕ VM Kata-Containers 2.415 s docker: 51056 KB containerd-shim: 6060 KB qemu-lite-system-x86_64: 227316 KB kata-proxy: 6132 KB kata-shim: 19536 KB ߹ܭ໿ 310 MB
  27. 43 Pod͓Αͼίϯςφͷىಈ࣌ؒͱAppੑೳ • VM΍MicroVMΞϓϩʔν͸Podىಈʹ͕͔͔࣌ؒΔ • Pod͕ىಈͯ͠͠·͑͹AppͷΞΫηε੍ޚ͸ݫີͰͳ͍ • ίϯςφ্ͷWebApp͸ൺֱతੑೳ͕ߴ͘ͳΔ • αϯυϘοΫ΍ϢχΧʔωϧͷΞϓϩʔν͸Podىಈ͸଎͍

    • AppͷγεςϜίʔϧ΍ϑΝΠϧΞΫηεΛ؂ࢹ͠ݫີʹΞΫηε੍ޚ • ίϯςφ্ͷWebApp͸ൺֱతੑೳ͕௿͘ͳΔ → ίϯςφͰಈ࡞͢ΔΞϓϦέʔγϣϯͷੑೳΛࠓޙ͸ܭଌ͍ͯ͘͠༧ఆ
  28. 44 ௒ݸମܕσʔληϯλʔʹ͓͚Δίϯςφ • ඞཁͳͱ͖΍ཁ݅ʹ߹Θͤͯద੾ͳOCIϥϯλΠϜͰىಈ • OSʹ͓͚Δϓϩηε΍εϨουͷ࢖͍ํͱಉ༷ • ίϯςφىಈ଎౓ͱىಈޙͷΞϓϦέʔγϣϯ଎౓ͷτϨʔυΦϑΛٞ࿦ • ֎తͳΞΫηε܏޲΍༧ଌͰ͖ͳ͍มԽʹϦΞΫςΟϒʹରԠͤ͞Δ

    • ϓϩηε΍εϨουؒͷ࿈ܞʹ͓͍ͯ΋ϗετಁաతʹॲཧ͢Δ • ߴ଎ʹίϯςφͷঢ়ଶΛมԽͤͨ͞ΓҠಈ͢Δݚڀ͕ඞཁ[1] [1] দຊ྄հɾ௶಺༎थɾٶԼ߶ี, CRIUΛར༻ͨ͠HTTPϦΫΤετ୯ҐͰίϯςφΛ࠶഑ஔͰ͖Δ௿ίετͰߴ଎ͳεέ δϡʔϦϯάख๏, IOT44, 2019೥3݄.
  29. 46 ௒ݸମܕσʔληϯλʔOSΛ໨ࢦͯ͠ • ௒ݸମܕσʔληϯλʔͷίϯηϓτΛ঺հ • σʔληϯλʔػೳ͕ࣾձʹ༹͚ࠐΈͳ͕ΒΫϥ΢υͷϚγϯύϫʔΛ׆༻ • ۩ମతͳϏδϣϯΛ঺հ • σʔληϯλʔͱίϯςφͷεέδϡʔϦϯάͷ؍఺Ͱٞ࿦

    • ϦΞΫςΟϒʹঢ়ଶΛมߋՄೳʹ͢Δॏཁੑʹ͍ͭͯݕ౼ • ֤ࣾͷίϯςφͷOCIϥϯλΠϜ࣮૷ͷ঺հͱݱঢ়ͷ࣮ݧతධՁ • ίϯςφΛεϨου΍ϓϩηεͱݟཱͯͨ৔߹ͷ෼ྨΛ੔ཧ
  30. 47 ࠓޙͷ՝୊ͱݕ౼ • OCIϥϯλΠϜͷ෼ྨʹ͓͍ͯߋʹߟ࡯ • ΋ͬͱద੾ͳPodͱίϯςφͷ͋Γํ͕ͳ͍͔ • ूੵ཰ɾੑೳɾηΩϡϦςΟɾ࢖͍΍͢͞ͷόϥϯεΛ͞Βʹݕ౼͢Δ • Podͷىಈͷ଎౓ͱίϯςφͷΞΫηε੍ޚͷੑೳͷόϥϯεΛٞ࿦

    • ߴ౓ʹ෼ࢄ͞Εͨίϯςφͷ৘ใΛ؅ཧ͢Δ࿮૊Έͷઃܭͱ࣮૷ • ps΍topίϚϯυͷΑ͏ͳ΋ͷ͔ΒΑΓߴ౓ͳπʔϧ·Ͱ • ϓϩηε΍εϨουͷѻ͍Λศརʹ͢Δ֓೦ͳͲͷݕ౼