Rabbit Slide Show

RejectKaigi 2019

Description

Text

Page: 1

OCI-compatible
haconiwa
─ hurdles and advantages ─
2019-04-12
RejectKaigi 2019 @ pixiv Inc
Yusuke Nakamura (unasuke)

Page: 2

about me
Yusuke Nakamura (also known as “unasuke”)
Employee of BANK Inc
Develop Rails application, manage Infrastructure
https://cash.jp/
RubyKaigi 2019 helper
GitHub @unasuke
Twitter @yu_suke1994
Mastodon @unasuke@mstdn.unasuke.com

Page: 3

introduction
First, to clearly where we stand.

Page: 4

Your perception of containers
Are you use container?
In production env? or(and) development env?
Use Docker? or the other one?
Orchestrate by ECS? or GKE? or on-premises?

Page: 5

We use Docker mostly
de facto standard of a Linux container
Easy installation
for Mac, for Windows…
The first famous Linux container inplementation

Page: 6

“Container” is not equal “Docker”
Before Docker
LXC (Linux)
Jail (FreeBSD)
etc…
After Docker
cri-o
Kata Container
etc…

Page: 7

What’s haconiwa
The Linux contianer runtime written by C and
mruby
https://speakerdeck.com/udzura/the-alternative-
container?slide=11
OCIのspecを必ずしも満たすことは想定していな
い
Independent from “Container” world
“Container” means OCI

Page: 8

What’s OCI
The initialism of “Open Container Initiative”
https://www.opencontainers.org/
OCI specs
Image spec
specifitation of the container image format
Runtime spec
specification of the container runtime interface

Page: 9

CRI and Kubernetes world
kubelet uses Container-Runtime-Interface(CRI) to
communicate to container runtime
The kubelet is the primary “node agent” that runs
on each node.

Page: 10

Diff of OCI/CRI compatible means…
CRI compatible
usable as backend of kubelet
OCI compatible
Exchangeable image and runtime
easy → CRI compatible → OCI compatible → hard

Page: 11

Why CRI-compatible?
haconiwa is just run container. Doesn’t orchestrate.
Pros
Orchestration by Kubernetes
Cons
Cannot use haconiwa-specific functions (hook)
maybe…

Page: 12

Why OCI-compatible?
Pros
possible to share the existing assets
hub.docker.com
Cons
Cannot use haconiwa-specific functions (hook)
https://github.com/haconiwa/haconiwa/blob/master/
sample/hooks.haco
maybe…

Page: 13

hurdles and advantages
hurdles
it’s hard to comply with the standard
advantages
more users
wealth of existing assets

Page: 14

How to implement CRI
https://github.com/kubernetes/kubernetes/blob/
release-1.14/pkg/kubelet/apis/cri/runtime/v1alpha2/
api.proto
Protocol Buffer
RuntimeService
ImageService
and many messages
middleware?

Page: 15

CRI interface and haconiwa
should start process to respond rpc
currently, haconiwa is just a command not service(or
daemon)
should implement rpc response interface

Page: 16

OCI specification and haconiwa
image spec
should import/export OCI image
https://blog.unasuke.com/2018/read-oci-image-spec-
v101/
runtime spec
https://udzura.hatenablog.jp/entry/
2016/08/02/155913

Page: 17

conclusion
more resources, more users in OCI/CRI world
but…
compliant to CRI is hard
compliant to OCI is harder than CRI

Page: 18

conclusion
https://twitter.com/yu_suke1994/status/
1068355444928741376

Other slides

CNDF2023 CNDF2023
2023-08-03
ruby30th-lt ruby30th-lt
2023-02-25