Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Write Container Runtime in Go

Avatar for tomocy tomocy
October 28, 2019
Programming
4
3.3k

Write Container Runtime in Go

Presented in Go Conference 2019 Autumn

https://gocon.jp/sessions/write_container_runtime_in_go/

Avatar for tomocy

tomocy

October 28, 2019
Tweet

More Decks by tomocy

See All by tomocy
Work around Dart custom lint rule
Avatar for tomocy tomocy
1
510

Other Decks in Programming

See All in Programming
Graviton と Nitro と私
Avatar for maroon1st maroon1st
0
150
認証・認可の基本を学ぼう後編
Avatar for kaza kouyuume
0
250
ゆくKotlin くるRust
Avatar for TATSUNO Yasuhiro exoego
1
170
Kotlin Multiplatform Meetup - Compose Multiplatform 외부 의존성 아키텍처 설계부터 운영까지
Avatar for Suhyeon Kim wisemuji
0
140
クラウドに依存しないS3を使った開発術
Avatar for しめさば simesaba80
0
180
gunshi
Avatar for kazupon kazupon
1
120
Giselleで作るAI QAアシスタント 〜 Pull Requestレビューに継続的QAを
Avatar for Tadashi Shigeoka codenote
0
320
開発に寄りそう自動テストの実現
Avatar for Hiroki Iseri goyoki
2
1.5k
2年のAppleウォレットパス開発の振り返り
Avatar for muno92 muno92
PRO
0
130
TestingOsaka6_Ozono
Avatar for O3(ozono) o3
0
180
Rubyで鍛える仕組み化プロヂュース力
Avatar for muryoimpl muryoimpl
0
220
令和最新版Android Studioで化石デバイス向けアプリを作る
Avatar for Sora Arakawa arkw
0
460

Featured

See All Featured
Google's AI Overviews - The New Search
Avatar for Barry Adams badams
0
870
<Decoding/> the Language of Devs - We Love SEO 2024
Avatar for Nikki Halliwell nikkihalliwell
0
100
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.3k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
77
5.2k
A brief & incomplete history of 
UX Design for the World Wide Web: 1989–2019
Avatar for Jason CranfordTeague jct
1
270
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
5
830
Building AI with AI
Avatar for Ines Montani inesmontani
PRO
1
590
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
274
41k
Impact Scores and Hybrid Strategies: The future of link building
Avatar for Tamara Novitovic tamaranovitovic
0
180
The AI Search Optimization Roadmap by Aleyda Solis
Avatar for Aleyda Solis aleyda
1
5k
Un-Boring Meetings
Avatar for Sebastian Deterding codingconduct
0
170
How to Talk to Developers About Accessibility
Avatar for Jason CranfordTeague jct
1
87

Transcript

  1. Write Container Runtime in Go Go Conference 2019 Autumn Koki

    Tomoshige (@towocy)

  2. Write Container Runtime in Go

  3. Write Container Runtime in Go

  4. ίϯςφϥϯλΠϜʹ͍ͭͯ

  5. ίϯςφٕज़ ίϯςφϥϯλΠϜͱ ίϯςφΠϝʔδ

  6. ίϯςφϥϯλΠϜ OCI runtimeʹ४ڌ͍ͯ͠Δ

  7. OCIʢOpen Container Initiativeʣ ίϯςφٕज़ͷඪ४ن֨Λ ࡞੒͢ΔͨΊͷஂମ

  8. None

  9. runtime.me ίϯςφϥϯλΠϜͱͯ͠ͷ ঢ়ଶͱৼΔ෣͍ https://github.com/opencontainers/runtime-spec/blob/master/runtime.md

  10. Query State state <container-id> Create create <container-id> <path-to-bundle> Start start

    <container-id> Kill kill <container-id> <signal> Delete delete <container-id>
  11. None

  12. Standard Go Project Layout /cmd https://github.com/golang-standards/project-layout#cmd

  13. None

  14. CLI pkg github.com/urfave/cli

  15. None
  16. None
  17. None
  18. None
  19. None

  20. InterfaceͰͷந৅Խ ࢖༻ऀଆ͕ ٻΊΔৼΔ෣͍Λఆٛ͢Δ https://github.com/golang/go/wiki/CodeReviewComments#interfaces

  21. None

  22. ίϯςφϥϯλΠϜͷ࣮૷ʹ͍ͭͯ

  23. ίϯςφϥϯλΠϜ ϗετOS্ͷ Ϧιʔεִ͕཭ɺ੍ݶ͞Εͨϓϩηε

  24. ‘Contain’er ʙΛด͡ࠐΊΔ

  25. ίϯςφϥϯλΠϜ How to contain a process

  26. https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000#ίϯςφͱ͸ ΧʔωϧϦιʔεɺϑΝΠϧγεςϜͷִ཭ Namespaceɺchroot/pivot_root ϋʔυ΢ΣΞϦιʔεͷ੍ݶ cgroup ݖݶͷ੍໿ Capabilityɺseccomp

  27. None

  28. Fork

  29. Fork ਌ϓϩηε ࢠϓϩηε

  30. Fork ਌ϓϩηε ࢠϓϩηε Contain

  31. None

  32. Build Constraints ϑΝΠϧ໊Ͱ Ϗϧυର৅Λ෼͚Δ https://golang.org/pkg/go/build/#hdr-Build_Constraints

  33. None
  34. None
  35. None
  36. None

  37. Fork ਌ϓϩηε ࢠϓϩηε Contain

  38. https://github.com/rrreeeyyy/container-internship/tree/master/02#linux-namespaces IPC ϓϩηεؒ௨৴Ͱ࢖͏Ϧιʔε Network ωοτϫʔΫσόΠεɺϧʔςΟϯάςʔϒϧ Mount ϑΝΠϧγεςϜπϦʔ PID ϓϩηε ID

    User Ϣʔβ IDɺάϧʔϓ ID UTS nodenameɺdomainname
  39. None

  40. Fork

  41. None

  42. Filesystem bundle config.jsonͱrootfs https://github.com/opencontainers/runtime-spec/blob/master/bundle.md

  43. ࢠϓϩηεͷϧʔτ༻ʹ

  44. ࢠϓϩηεͷϧʔτ༻ʹ mount͍ͯ͘͠

  45. ࢠϓϩηεͷϧʔτ༻ʹ mount͍͖ͯ͠ ͦͯ͠pivot_root͢Δ

  46. ࢠϓϩηεʹ͸ / ʹݟ͑Δ

  47. cgroup ϓϩηεʹରͯ͠ ڞ௨ͷϦιʔε؅ཧΛ͢Δ https://gihyo.jp/admin/serial/01/linux_containers/0003

  48. None
  49. None
  50. None
  51. None
  52. None
  53. None
  54. None
  55. None
  56. None
  57. None
  58. None
  59. None

  60. Write Container Runtime in Go

  61. ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ

  62. https://github.com/opencontainers/runtime-spec/blob/master/runtime.md https://github.com/opencontainers/runtime-spec/blob/master/bundle.md https://github.com/golang-standards/project-layout#cmd https://github.com/golang/go/wiki/CodeReviewComments#interfaces https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000#ίϯςφͱ͸ https://golang.org/pkg/go/build/#hdr-Build_Constraints https://github.com/rrreeeyyy/container-internship/tree/master/02#linux-namespaces https://employment.en-japan.com/engineerhub/entry/2019/02/05/103000 https://github.com/tomocy/gocon ࢀߟจݙ

    https://speakerdeck.com/kyohmizu/windowskontenaru-men?slide=26 https://speakerdeck.com/tenforward/cndt2019 https://sil.hatenablog.com/entry/why-container-is-secure