Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
クラウドネイティブの基盤要素、コンテナの今と未来
Search
うたもく
August 03, 2023
Technology
7.1k
21
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
クラウドネイティブの基盤要素、コンテナの今と未来
https://event.cloudnativedays.jp/cndf2023/talks/1910
うたもく
August 03, 2023
More Decks by うたもく
See All by うたもく
OSS の脆弱性対応の舞台裏
utam0k
2
1.5k
オープンソースソフトウェアへの解像度🔬
utam0k
18
5.4k
CNCF Project の作者が考えている OSS の運営
utam0k
7
1.1k
Podman with WebAssembly
utam0k
2
1k
Possibility of OCI Container Runtime with Rust
utam0k
3
1.6k
Container-related technologies supporting Gitpod
utam0k
1
1.3k
詳説 OCIコンテナランタイム youki@第15回 コンテナ技術の情報交換会
utam0k
5
2.3k
Rust 🤝 Container Runtime @ Rust.Tokyo 2021
utam0k
2
2k
「あれ、コンテナって何だっけ?」から生まれた Rust で書かれた コンテナランタイム youkiの話@ODC2021
utam0k
6
4.3k
Other Decks in Technology
See All in Technology
“ID沼入口” - 基本とセキュリティから始める、考え続けるためのID管理技術勉強会 告知&イントロ
ritou
0
390
GuardrailからGovernanceへ~AIエージェント運用の次の課題~
sbspsy
1
120
テスト設計の本質を改めて考えてみる~生成AIを活用する時代だからこそ、作ったテストの説明性を高めよう~
yamasaki696
1
290
AI Agentをシステムに組み込む前にゆるく向き合ってみる
hayama17
0
200
End-to-Endで考える信頼性 —LINEアプリにおけるクライアント開発×SRE連携の実践
maruloop
2
360
どうして今サーバーサイドKotlinを選択したのか
nealle
0
200
AWS Blocks を触ってみた/first-tach-aws-blocks
fossamagna
2
140
最近評価が難しくなった
maroon8021
0
220
フルAIで個人開発して学んだあれこれ / yuruai vol.1
isaoshimizu
0
180
なぜ人は自分のプロジェクトを 「なんちゃってアジャイル」と 自嘲するのか
kozotaira
0
250
FinOps X 2026 Recap from Engineer Side #JapanFinOps
chacco38
0
250
デジタル・デザイン:次の50年を描く「進化する青写真」
y150saya
0
810
Featured
See All Featured
SEO for Brand Visibility & Recognition
aleyda
0
4.6k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4.1k
Producing Creativity
orderedlist
PRO
348
40k
The Language of Interfaces
destraynor
162
27k
Leading Effective Engineering Teams in the AI Era
addyosmani
9
2.1k
HTML-Aware ERB: The Path to Reactive Rendering @ RubyCon 2026, Rimini, Italy
marcoroth
2
290
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
akademiya2063
PRO
1
170
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
4.1k
Ethics towards AI in product and experience design
skipperchong
2
320
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.5k
Reality Check: Gamification 10 Years Later
codingconduct
0
2.2k
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.9k
Transcript
クラウドネイティブの基盤要素 コンテナの今と未来 CloudNative Days Fukuoka 2023 Toru Komatsu(@utam0k)
2 Preferred Networks, Inc. 社内向けオンプレML基盤の開発‧運⽤ 趣味でのOSS活動 メンテナ opencontainers/runtime-spec containers/youki レビュワー
containerd/runwasi @utam0k KOMATSU Toru
3 Preferred Networks, Inc. 社内向けオンプレML基盤の開発‧運⽤ 趣味でのOSS活動 メンテナ opencontainers/runtime-spec containers/youki レビュワー
containerd/runwasi @utam0k KOMATSU Toru We are Hiring!!
コンテナの今 4 00
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface Kubeletの実⾏の流れ 5
Kubelet Linux など Container Runtime Low-Level Container Runtime I nterface
6
Kubelet Linux など Container Runtime Low-Level Container Runtime I nterface
gRPC 7
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface 8
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface イメージとかコンテナ管理 9
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface コンテナの作成 ワンショットバイナリ 10
コンテナの今 ? 11 00
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface ここでは OCI Runtime Spec を満たすものをコンテナと呼ぶ 12
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface JSON設定ファイルと サブコマンド 例) ./runc create $id でコンテナとは何か定めている 13
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface 14
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface Kubeletの実行の流れ 15
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface Kubeletの実行の流れ 16
Container Runtime I nterface Low-Level OCI Runtime Spec ➔ マイクロサービス的
➔ プラグイン機構 17
A P I Image Services Snapshot Services Containers Service Tasks
Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc 18
マイクロサービス的なアーキテクチャ A P I Image Services Snapshot Services Containers Service
Tasks Service ‧ ‧ ‧ Container Runtime I nterface Core ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc Backend 19
A P I Image Services Snapshot Services Containers Service Tasks
Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc ワンショットバイナリ 20
21 Kubelet → Container Runtime → Container ➔ High /
Low-Level Container Runtime Specification ➔ Container Runtime Interface ➔ OCI Runtime Specification containerd ➔ マイクロサービス ➔ プラグイン機構 Recap
コンテナの未来 22 01
⚠ 個⼈の⾒解 ⚠ 23
WebAssembly 24 02
WebAssembly 25
WebAssembly 26 Portability Small Size Security
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface 27
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface 28
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface このあたりでWebAssemblyの対応が必要 よんだ? 29
30 containerd/runwasi containerd-shimによる拡張 現実世界で既に実験段階 Docker Desktop Azure Kubernetes Service runwasi
A P I Image Services Snapshot Services Containers Service Tasks
Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc この部分の拡張 31
Kubelet Linux など Container Runtime High-Level Low-Level Container Runtime I
nterface WebAssembly 実行の流れ 32
33 ktock/container2wasm 既存のコンテナ資源の活⽤ container2wasm
Lazy Pulling 34 03
35 $ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()' index-sha256:6a42...4948:
done |++++++++++++++++++++++++++++++| manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++| config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++| elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s) $ nerdctl run python:3.7-org python3 -c 'exit()' index-sha256:6008....1237: done |++++++++++++++++++++++++++++++| manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++| config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++| layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++| layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++| … layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++| layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++| elapsed: 41.3s total: 321.3 (16.7 MiB/s) Lazy Pulling
36 $ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()' index-sha256:6a42...4948:
done |++++++++++++++++++++++++++++++| manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++| config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++| elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s) $ nerdctl run python:3.7-org python3 -c 'exit()' index-sha256:6008....1237: done |++++++++++++++++++++++++++++++| manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++| config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++| layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++| layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++| … layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++| layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++| elapsed: 41.3s total: 321.3 Mi (16.7 MiB/s) layersがない 起動までがはやい!
37 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs User Kernel
open(“file”)
A P I Image Services Snapshot Services Containers Service Tasks
Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc この部分の拡張 38
A P I Image Services Snapshot Services Containers Service Tasks
Service ‧ ‧ ‧ Container Runtime I nterface Core Backend ContentStore plugin / local Snapshotter plugin / overlay / … Runtime v2 shim client containerd shim OCI Runtime Spec ttrpc stargz snapshotter grpc 39
40 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs open(“file”) ①
② ④ ③ ⑤ ⑥ ⑦ User Kernel
41 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs open(“file”) ①
② ④ ③ ⑤ ⑥ ⑦ User Kernel
42 cache stargz-snapshotter Container FUSE Driver Overlayfs open(“file”) ① ②
④ ③ ⑤ ⑥ ⑦ User Kernel Registry
43 cache stargz-snapshotter Container Registry FUSE Driver Overlayfs open(“file”) ①
② ④ ③ ⑤ ⑥ ⑦ User Kernel
44 cache stargz-snapshotter Container FUSE Driver Overlayfs open(“file”) ① ②
③ ⑤ ⑥ ⑦ User Kernel ④ Registry
45 $ nerdctl --snapshotter=stargz run python:3.7-esgz python3 -c 'exit()' index-sha256:6a42...4948:
done |++++++++++++++++++++++++++++++| manifest-sha256:1c57...20c5: done |++++++++++++++++++++++++++++++| config-sha256:f590...1df5: done |++++++++++++++++++++++++++++++| elapsed: 11.0 s total: 4.8 Ki (1.5 KiB/s) $ nerdctl run python:3.7-org python3 -c 'exit()' index-sha256:6008....1237: done |++++++++++++++++++++++++++++++| manifest-sha256:48ea...30ce7: done |++++++++++++++++++++++++++++++| config-sha256:94c9....9290: done |++++++++++++++++++++++++++++++| layer-sha256:f860....fbf6: done |++++++++++++++++++++++++++++++| layer-sha256:d779....3cc5: done |++++++++++++++++++++++++++++++| … layer-sha256:adbd....f52c: done |++++++++++++++++++++++++++++++| layer-sha256:c495....736a: done |++++++++++++++++++++++++++++++| elapsed: 41.3s total: 321.3 (16.7 MiB/s) Lazy Pulling
OCI Runtime Spec v1.1.0 46 04
Kubelet Linux など Container Runtime High-Level Low-Level OCI Runtime Spec
Container Runtime I nterface これ! 47
先⽉に3年ぶりのリリース! v1.0.2 からは21個の新しい機能 cgroup v2 / idmapped mount / seccomp
notify … OCI Runtime Specification v1.1.0 48
sched_setattr(2) をコンテナに適⽤される コンテナに対してnice値とか設定可能に コンテナってプロセスなんだ...というのを強く意識させられる 実装 runc#3895 , youki#1706 , crun✅
Scheduler entity #1188 49
ioprio_set (2) をコンテナに適⽤される バッチ処理とかI/Oが重たいけど重要度は⾼くない処理で書き 込みで他のコンテナへの迷惑を少なくする 実装 runc#3783 , youki ✅,
crun ✅ I/O Priority #1191 50
51 WebAssembly ➔ 新しい形 ➔ containerd-shim-wasm[edge|time]-v1 Lazy Pulling ➔ コンテナ起動の⾼速化
➔ Snapshotter Plugin OCI Runtime Specification v1.1.0 ➔ sched_setattr(2) : nice値を変更可能に ➔ ioprio_set(2)r(2) : I/Oの優先度を変更可能に Recap
謝辞 52 05
stargz snapshotterの実装について 丁寧に解説して頂きました ありがとうございました 53 TOKUNAGA Kohei -san @ktock
/ @TokunagaKohei
Thanks you! 54