Presentation: CRI Runtimes Deep Dive: Who's Running My Kubernetes Pod!?
Share this on:
What You’ll Learn
-
Learn about the role of CRI and why you may want to consider it
-
Understand how Kubernetes manages container runtimes.
-
Learn about the tradeoffs present with different container runtimes.
Abstract
A significant amount of today's focus and activity in the world of container orchestration is happening in the Kubernetes community. A little known fact to some users and practitioners on the platform is that Kubernetes itself has no code in the project that can create or start a Linux or Windows container.
So, what code is running the containers within your Kubernetes pods? As it turns out, since Kubernetes 1.5 a new API definition, called the Container Runtime Interface (CRI), allows any CRI-implementing container runtime to plug into the kubelet configuration and provide container runtime services for Kubernetes.
In this talk we'll deep dive on CRI implementations, and give a hands-on demonstration of how Kubernetes, the CRI, and CRI-supporting runtimes work together to handle the container lifecycle within your K8s pods. Rather than just talk, we'll "black belt" this talk at the command prompt, digging into the useful capabilities of the CRI and how we can understand the inner workings between Kubernetes and the CRI container runtimes that support it.
What do you do at IBM?
I’m a Distinguished Engineer, working as a technical executive for the IBM Watson and Cloud Platform’s CTO office. My key goal as a recently named CTO for container and Linux OS architecture strategy is to connect my years of work in the container open source communities to IBM offerings in our public and private cloud offerings.
I help determine architectural strategy related to our container open source investments, including our work in the Docker engine project, Open Container Initiative (OCI), CNCF (containerd and Kubernetes), Istio, and other related communities.
IBM Cloud, similar to other public clouds, offers Kubernetes as a managed service, as well as on-prem offerings for private cloud. Of course, like other clouds, we are highly dependent on the Linux operating system and its features around networking and containers. Part of my role at IBM is to help standardize the Linux distro (distribution software) choices across our cloud offerings.
What is your talk about?
I am going to start with describing how Kubernetes interfaces to the container runtime layer through an API interface called the Container Runtime Interface (CRI). The CRI allows any container runtime which can implement the API to plug in and provide the container execution layer for Kubernetes pods.
After a brief “state of the world” on which container runtimes have a CRI implementation today, I will discuss the pros and cons of different container runtimes. To make this more accessible, I’ll spend time with a demo Kubernetes cluster, showing a CRI runtime that I help maintain, containerd as the runtime provider. We’ll look at how to use the various available tools to debug, get metrics, events, and to generally understand what is happening in the container runtime and how the container runtime works under Kubernetes.
Why should a developer attend this talk?
The talk will help developers to better understand how Kubernetes actually manages container runtimes and containerized applications at the pod level. They will also learn how operators have tools available to troubleshoot problems in the container runtime environment running under Kubernetes.
Does a developer need to know these details about container runtimes?
All developers need not understand these details, but there are many developers, operators, or architects who help make infrastructure architectural decisions and/or manage the infrastructure as well as develop. The talk will give them a deeper understanding of how things work and the choices available in terms of Kubernetes clusters and container runtimes.
What other container runtimes would you recommend besides Docker and why?
Docker is already a broader platform than just a container runtime. For example, Docker is now a software stack that includes two underlying runtime executors: containerd and the OCI runC project. Docker now has its own orchestration platform built into the Docker engine as well as its own plugin system, networking stack, and so on. Containerd was created by Docker engineers with the focus of being an un-opinionated “boring” and stable container runtime that could be used by Docker (as it is today) as well as Kubernetes and other software platforms that need a stable runtime. It was then contributed to the Cloud Native Computing Foundation (CNCF), the same foundation that manages the Kubernetes open source codebase as well. While containerd is not the only option for Kubernetes, it is becoming an increasingly popular one and definitely viable for production use. During the talk we’ll be looking at current use of containerd and other runtimes in production today and across the public cloud container platforms.
What do you think is the most important trend in software?
Enterprises have raised a lot of questions in the past about security and data protection with respect to containers and public cloud. Notorious breaches have given several well-known companies a black eye in recent years as more and more of our critical software systems, including significant amounts of our personal information, are hosted in data centers worldwide. I think that secure software stacks, and how that integrates with secure hardware platforms, will continue to be a high area of focus for years to come across the cloud-native ecosystem.
Similar Talks
Tracks
-
Microservices: Patterns & Practices
Evolving, observing, persisting, and building modern microservices
-
Developer Experience: Level up Your Engineering Effectiveness
Improving the end to end developer experience - design, dev, test, deploy, operate/understand. Tools, techniques, and trends.
-
Modern Java Reloaded
Modern, Modular, fast, and effective Java. Pushing the boundaries of JDK 9 and beyond.
-
Modern User Interfaces: Screens and Beyond
Zero UI, voice, mobile: Interfaces pushing the boundary of what we consider to be the interface
-
Practical Machine Learning
Applied machine learning lessons for SWEs, including tech around TensorFlow, TPUs, Keras, Caffe, & more
-
Ethics in Computing
Inclusive technology, Ethics and politics of technology. Considering bias. Societal relationship with tech. Also the privacy problems we have today (e.g., GDPR, right to be forgotten)
-
Architectures You've Always Wondered About
Next-gen architectures from the most admired companies in software, such as Netflix, Google, Facebook, Twitter, Goldman Sachs
-
Modern CS in the Real World
Thoughts pushing software forward, including consensus, CRDT's, formal methods, & probalistic programming
-
Container and Orchestration Platforms in Action
Runtime containers, libraries, and services that power microservices
-
Finding the Serverless Sweetspot
Stories about the pains and gains from migrating to Serverless.
-
Chaos, Complexity, and Resilience
Lessons building resilient systems and the war stories that drove their adoption
-
Real World Security
Practical lessons building, maintaining, and deploying secure systems
-
Blockchain Enabled
Exploring Smart contracts, oracles, sidechains, and what can/cannot be done with blockchain today.
-
21st Century Languages
Lessons learned from languages like Rust, Go-lang, Swift, Kotlin, and more.
-
Empowered Teams
Safely running inclusive teams that are autonomous and self-correcting