Presentation: CRI Runtimes Deep Dive: Who's Running My Kubernetes Pod!?
This presentation is now available to view on InfoQ.com
Watch videoWhat You’ll Learn
-
Learn about the role of CRI and why you may want to consider it
-
Understand how Kubernetes manages container runtimes.
-
Learn about the tradeoffs present with different container runtimes.
Abstract
A significant amount of today's focus and activity in the world of container orchestration is happening in the Kubernetes community. A little known fact to some users and practitioners on the platform is that Kubernetes itself has no code in the project that can create or start a Linux or Windows container.
So, what code is running the containers within your Kubernetes pods? As it turns out, since Kubernetes 1.5 a new API definition, called the Container Runtime Interface (CRI), allows any CRI-implementing container runtime to plug into the kubelet configuration and provide container runtime services for Kubernetes.
In this talk we'll deep dive on CRI implementations, and give a hands-on demonstration of how Kubernetes, the CRI, and CRI-supporting runtimes work together to handle the container lifecycle within your K8s pods. Rather than just talk, we'll "black belt" this talk at the command prompt, digging into the useful capabilities of the CRI and how we can understand the inner workings between Kubernetes and the CRI container runtimes that support it.
What do you do at IBM?
I’m a Distinguished Engineer, working as a technical executive for the IBM Watson and Cloud Platform’s CTO office. My key goal as a recently named CTO for container and Linux OS architecture strategy is to connect my years of work in the container open source communities to IBM offerings in our public and private cloud offerings.
I help determine architectural strategy related to our container open source investments, including our work in the Docker engine project, Open Container Initiative (OCI), CNCF (containerd and Kubernetes), Istio, and other related communities.
IBM Cloud, similar to other public clouds, offers Kubernetes as a managed service, as well as on-prem offerings for private cloud. Of course, like other clouds, we are highly dependent on the Linux operating system and its features around networking and containers. Part of my role at IBM is to help standardize the Linux distro (distribution software) choices across our cloud offerings.
What is your talk about?
I am going to start with describing how Kubernetes interfaces to the container runtime layer through an API interface called the Container Runtime Interface (CRI). The CRI allows any container runtime which can implement the API to plug in and provide the container execution layer for Kubernetes pods.
After a brief “state of the world” on which container runtimes have a CRI implementation today, I will discuss the pros and cons of different container runtimes. To make this more accessible, I’ll spend time with a demo Kubernetes cluster, showing a CRI runtime that I help maintain, containerd as the runtime provider. We’ll look at how to use the various available tools to debug, get metrics, events, and to generally understand what is happening in the container runtime and how the container runtime works under Kubernetes.
Why should a developer attend this talk?
The talk will help developers to better understand how Kubernetes actually manages container runtimes and containerized applications at the pod level. They will also learn how operators have tools available to troubleshoot problems in the container runtime environment running under Kubernetes.
Does a developer need to know these details about container runtimes?
All developers need not understand these details, but there are many developers, operators, or architects who help make infrastructure architectural decisions and/or manage the infrastructure as well as develop. The talk will give them a deeper understanding of how things work and the choices available in terms of Kubernetes clusters and container runtimes.
What other container runtimes would you recommend besides Docker and why?
Docker is already a broader platform than just a container runtime. For example, Docker is now a software stack that includes two underlying runtime executors: containerd and the OCI runC project. Docker now has its own orchestration platform built into the Docker engine as well as its own plugin system, networking stack, and so on. Containerd was created by Docker engineers with the focus of being an un-opinionated “boring” and stable container runtime that could be used by Docker (as it is today) as well as Kubernetes and other software platforms that need a stable runtime. It was then contributed to the Cloud Native Computing Foundation (CNCF), the same foundation that manages the Kubernetes open source codebase as well. While containerd is not the only option for Kubernetes, it is becoming an increasingly popular one and definitely viable for production use. During the talk we’ll be looking at current use of containerd and other runtimes in production today and across the public cloud container platforms.
What do you think is the most important trend in software?
Enterprises have raised a lot of questions in the past about security and data protection with respect to containers and public cloud. Notorious breaches have given several well-known companies a black eye in recent years as more and more of our critical software systems, including significant amounts of our personal information, are hosted in data centers worldwide. I think that secure software stacks, and how that integrates with secure hardware platforms, will continue to be a high area of focus for years to come across the cloud-native ecosystem.
Similar Talks
Scaling DB Access for Billions of Queries Per Day @PayPal
Software Engineer @PayPal
Petrica Voicu
Psychologically Safe Process Evolution in a Flat Structure
Director of Software Development @Hunter_Ind
Christopher Lucian
PID Loops and the Art of Keeping Systems Stable
Senior Principal Engineer @awscloud
Colm MacCárthaigh
Are We Really Cloud-Native?
Director of Technology @Luminis_eu
Bert Ertman
The Trouble With Learning in Complex Systems
Senior Cloud Advocate @Microsoft
Jason Hand
How Did Things Go Right? Learning More From Incidents
Site Reliability Engineering @Netflix
Ryan Kitchens
What Breaks Our Systems: A Taxonomy of Black Swans
Site Reliability Engineer @Slack, Contributor to Seeking SRE, & SRECon Steering Committee
Laura Nolan
Cultivating High-Performing Teams in Hypergrowth
Chief Scientist @n26
Patrick Kua
Inside Job: How to Build Great Teams Within a Legacy Organization?
Engineering Director @Meetup