Upgrade to Pro — share decks privately, control downloads, hide ads and more …

クラウドネイティブの基盤要素、コンテナの今と未来

Avatar for うたもく うたもく
August 03, 2023
Technology
7k
21

 クラウドネイティブの基盤要素、コンテナの今と未来

https://event.cloudnativedays.jp/cndf2023/talks/1910

Avatar for うたもく

うたもく

August 03, 2023

More Decks by うたもく

See All by うたもく
OSS の脆弱性対応の舞台裏
Avatar for うたもく utam0k
2
1.5k
オープンソースソフトウェアへの解像度🔬
Avatar for うたもく utam0k
18
5.3k
CNCF Project の作者が考えている OSS の運営
Avatar for うたもく utam0k
7
1.1k
Podman with WebAssembly
Avatar for うたもく utam0k
2
1k
Possibility of OCI Container Runtime with Rust
Avatar for うたもく utam0k
3
1.6k
Container-related technologies supporting Gitpod
Avatar for うたもく utam0k
1
1.3k
詳説 OCIコンテナランタイム youki@第15回 コンテナ技術の情報交換会
Avatar for うたもく utam0k
5
2.3k
Rust 🤝 Container Runtime @ Rust.Tokyo 2021
Avatar for うたもく utam0k
2
2k
「あれ、コンテナって何だっけ?」から生まれた Rust で書かれた コンテナランタイム youkiの話@ODC2021
Avatar for うたもく utam0k
6
4.3k

Other Decks in Technology

See All in Technology
2026TECHFRESH畢業分享會 - Lightning Talk - 打造精準高效的 MCP 設計模式與測試實務
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
890
Snowflakeと仲良くなる第一歩
Avatar for あべ coco_se
4
440
日本 Fintech 未来予測レポート 2027〜2028年(手動編集版)
Avatar for 8maki 8maki
0
2.2k
2026.06.13_AI時代に事業会社が「SIer出身エンジニア」を求める理由 / Why Businesses Seek Engineers with a System Integrator Background in the AI ​​Era
Avatar for jumpei_ikegami jumtech
0
1.1k
爆速でマルチプロダクトを立ち上げる時 事業・CTO目線で大事にしたい事
Avatar for Koji Miyata miyatakoji
0
110
AmazonRoute 53ではじめてのドメイン取得!HTTPS化までの道のりを整理してみた
Avatar for usanchuu usanchuu
3
130
FinOps × AIエージェントで実現する コストインシデントの自動調査
Avatar for T.REX oasis1994liveforever
0
130
AGENTS.mdとSkillsで始めるAIエージェント活用
Avatar for そのだ sonoda_mj
3
200
Oracle AI Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
1.9k
"何を作るか"を任される エンジニアは、どう育つのか
Avatar for ofuji-works yutaokafuji
1
630
機械学習を「社会実装」するということ 2026年夏版 / Social Implementation of Machine Learning June 2026 Version
Avatar for Moe Uchiike(内池 もえ) moepy_stats
5
1.7k
MIERUNE JCT 発表資料「宇宙から伊能忠敬ごっこ」
Avatar for じゃらしまる syuchimu
0
210

Featured

See All Featured
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
270
14k
Designing Powerful Visuals for Engaging Learning
Avatar for Mike Taylor tmiket
1
410
How to make the Groovebox
Avatar for あそなす asonas
2
2.2k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
183
10k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
Avatar for Tammy Everts tammyeverts
2
330
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
Avatar for Aleyda Solis aleyda
1
2k
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
Avatar for Szymon Słowik szymonslowik
1
1.1k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
141
35k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
Avatar for Aleyda Solis aleyda
1
2.1k
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
210k
Reality Check: Gamification 10 Years Later
Avatar for Sebastian Deterding codingconduct
0
2.2k

Transcript

  1. クラウドネイティブの基盤要素
 コンテナの今と未来 
 CloudNative Days Fukuoka 2023 Toru Komatsu(@utam0k)

  2. 2 Preferred Networks, Inc. 社内向けオンプレML基盤の開発‧運⽤ 趣味でのOSS活動 メンテナ opencontainers/runtime-spec containers/youki レビュワー

    containerd/runwasi @utam0k KOMATSU Toru

  3. 3 Preferred Networks, Inc. 社内向けオンプレML基盤の開発‧運⽤ 趣味でのOSS活動 メンテナ opencontainers/runtime-spec containers/youki レビュワー

    containerd/runwasi @utam0k KOMATSU Toru We are Hiring!!

  4. コンテナの今 4 00

  5. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface Kubeletの実⾏の流れ 5

  6. Kubelet
 Linux など
 Container Runtime Low-Level Container Runtime I nterface

    6

  7. Kubelet
 Linux など
 Container Runtime Low-Level Container Runtime I nterface

    gRPC 7

  8. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface 8

  9. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface イメージとかコンテナ管理 9

  10. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface コンテナの作成 ワンショットバイナリ 10

  11. コンテナの今 ? 11 00

  12. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface ここでは OCI Runtime Spec を満たすものをコンテナと呼ぶ 12

  13. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface JSON設定ファイルと サブコマンド 例) ./runc create $id でコンテナとは何か定めている 13

  14. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface 14

  15. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface Kubeletの実行の流れ
 15

  16. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface Kubeletの実行の流れ
 16

  17. Container Runtime I nterface Low-Level OCI Runtime Spec ➔ マイクロサービス的

    ➔ プラグイン機構 17

  18. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc 18

  19. マイクロサービス的なアーキテクチャ A
 P
 I
 Image Services Snapshot Services Containers Service

    Tasks Service ‧ ‧ ‧ Container Runtime I nterface Core ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc Backend 19

  20. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc ワンショットバイナリ 20

  21. 21 Kubelet → Container Runtime → Container ➔ High /

    Low-Level Container Runtime Specification ➔ Container Runtime Interface ➔ OCI Runtime Specification containerd ➔ マイクロサービス ➔ プラグイン機構 Recap

  22. コンテナの未来 22 01

  23. ⚠ 個⼈の⾒解 ⚠ 23

  24. WebAssembly 24 02

  25. WebAssembly
 25

  26. WebAssembly
 26 Portability Small Size Security

  27. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface 27

  28. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface 28

  29. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface このあたりでWebAssemblyの対応が必要 よんだ? 29

  30. 30 containerd/runwasi containerd-shimによる拡張 現実世界で既に実験段階 Docker Desktop Azure Kubernetes Service runwasi

  31. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc この部分の拡張 31

  32. Kubelet
 Linux など
 Container Runtime High-Level Low-Level Container Runtime I

    nterface WebAssembly 実行の流れ
 32

  33. 33 ktock/container2wasm 既存のコンテナ資源の活⽤ container2wasm


  34. Lazy Pulling 34 03

  35. 35 $ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()' index-sha256:6a42...4948:

    done |++++++++++++++++++++++++++++++| manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++| config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++| elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s) $ nerdctl run python:3.7-org python3 -c 'exit()' index-sha256:6008....1237: done |++++++++++++++++++++++++++++++| manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++| config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++| layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++| layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++| … layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++| layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++| elapsed: 41.3s total: 321.3 (16.7 MiB/s) Lazy Pulling


  36. 36 $ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()' index-sha256:6a42...4948:

    done |++++++++++++++++++++++++++++++| manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++| config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++| elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s) $ nerdctl run python:3.7-org python3 -c 'exit()' index-sha256:6008....1237: done |++++++++++++++++++++++++++++++| manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++| config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++| layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++| layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++| … layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++| layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++| elapsed: 41.3s total: 321.3 Mi (16.7 MiB/s) layersがない 起動までがはやい!

  37. 37 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs User Kernel

    open(“file”)

  38. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc この部分の拡張 38

  39. A
 P
 I
 Image Services Snapshot Services Containers Service Tasks

    Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc stargz snapshotter grpc 39

  40. 40 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs open(“file”) ①


    ②
 ④
 ③
 ⑤
 ⑥
 ⑦
 User Kernel

  41. 41 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs open(“file”) ①


    ②
 ④
 ③
 ⑤
 ⑥
 ⑦
 User Kernel

  42. 42 cache stargz-snapshotter Container FUSE Driver Overlayfs open(“file”) ①
 ②


    ④
 ③
 ⑤
 ⑥
 ⑦
 User Kernel Registry

  43. 43 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs open(“file”) ①


    ②
 ④
 ③
 ⑤
 ⑥
 ⑦
 User Kernel

  44. 44 cache stargz-snapshotter Container FUSE Driver Overlayfs open(“file”) ①
 ②


    ③
 ⑤
 ⑥
 ⑦
 User Kernel ④
 Registry

  45. 45 $ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()' index-sha256:6a42...4948:

    done |++++++++++++++++++++++++++++++| manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++| config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++| elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s) $ nerdctl run python:3.7-org python3 -c 'exit()' index-sha256:6008....1237: done |++++++++++++++++++++++++++++++| manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++| config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++| layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++| layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++| … layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++| layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++| elapsed: 41.3s total: 321.3 (16.7 MiB/s) Lazy Pulling


  46. OCI Runtime Spec v1.1.0 46 04

  47. Kubelet
 Linux など
 Container Runtime High-Level Low-Level OCI Runtime Spec

    Container Runtime I nterface これ! 47

  48. 先⽉に3年ぶりのリリース! v1.0.2 からは21個の新しい機能 cgroup v2 / idmapped mount / seccomp

    notify … OCI Runtime Specification v1.1.0
 48

  49. sched_setattr(2) をコンテナに適⽤される コンテナに対してnice値とか設定可能に コンテナってプロセスなんだ...というのを強く意識させられる 実装 runc#3895 , youki#1706 , crun✅

    Scheduler entity #1188
 49

  50. ioprio_set (2) をコンテナに適⽤される バッチ処理とかI/Oが重たいけど重要度は⾼くない処理で書き 込みで他のコンテナへの迷惑を少なくする 実装 runc#3783 , youki ✅,

    crun ✅ I/O Priority #1191
 50

  51. 51 WebAssembly ➔ 新しい形 ➔ containerd-shim-wasm[edge|time]-v1 Lazy Pulling ➔ コンテナ起動の⾼速化

    ➔ Snapshotter Plugin OCI Runtime Specification v1.1.0 ➔ sched_setattr(2) : nice値を変更可能に ➔ ioprio_set(2)r(2) : I/Oの優先度を変更可能に Recap

  52. 謝辞 52 05

  53. stargz snapshotterの実装について 丁寧に解説して頂きました ありがとうございました 
 53 TOKUNAGA Kohei -san @ktock

    / @TokunagaKohei

  54. Thanks you! 54