Text
Page: 1
OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)
Page: 2
about me Yusuke Nakamura (also known as “unasuke”) Employee of BANK Inc Develop Rails application, manage Infrastructure https://cash.jp/ RubyKaigi 2019 helper GitHub @unasuke Twitter @yu_suke1994 Mastodon @unasuke@mstdn.unasuke.com
Page: 3
introduction First, to clearly where we stand.
Page: 4
Your perception of containers Are you use container? In production env? or(and) development env? Use Docker? or the other one? Orchestrate by ECS? or GKE? or on-premises?
Page: 5
We use Docker mostly de facto standard of a Linux container Easy installation for Mac, for Windows… The first famous Linux container inplementation
Page: 6
“Container” is not equal “Docker” Before Docker LXC (Linux) Jail (FreeBSD) etc… After Docker cri-o Kata Container etc…
Page: 7
What’s haconiwa The Linux contianer runtime written by C and mruby https://speakerdeck.com/udzura/the-alternative- container?slide=11 OCIのspecを必ずしも満たすことは想定していな い Independent from “Container” world “Container” means OCI
Page: 8
What’s OCI The initialism of “Open Container Initiative” https://www.opencontainers.org/ OCI specs Image spec specifitation of the container image format Runtime spec specification of the container runtime interface
Page: 9
CRI and Kubernetes world kubelet uses Container-Runtime-Interface(CRI) to communicate to container runtime The kubelet is the primary “node agent” that runs on each node.
Page: 10
Diff of OCI/CRI compatible means… CRI compatible usable as backend of kubelet OCI compatible Exchangeable image and runtime easy → CRI compatible → OCI compatible → hard
Page: 11
Why CRI-compatible? haconiwa is just run container. Doesn’t orchestrate. Pros Orchestration by Kubernetes Cons Cannot use haconiwa-specific functions (hook) maybe…
Page: 12
Why OCI-compatible? Pros possible to share the existing assets hub.docker.com Cons Cannot use haconiwa-specific functions (hook) https://github.com/haconiwa/haconiwa/blob/master/ sample/hooks.haco maybe…
Page: 13
hurdles and advantages hurdles it’s hard to comply with the standard advantages more users wealth of existing assets
Page: 14
How to implement CRI https://github.com/kubernetes/kubernetes/blob/ release-1.14/pkg/kubelet/apis/cri/runtime/v1alpha2/ api.proto Protocol Buffer RuntimeService ImageService and many messages middleware?
Page: 15
CRI interface and haconiwa should start process to respond rpc currently, haconiwa is just a command not service(or daemon) should implement rpc response interface
Page: 16
OCI specification and haconiwa image spec should import/export OCI image https://blog.unasuke.com/2018/read-oci-image-spec- v101/ runtime spec https://udzura.hatenablog.jp/entry/ 2016/08/02/155913
Page: 17
conclusion more resources, more users in OCI/CRI world but… compliant to CRI is hard compliant to OCI is harder than CRI
Page: 18
conclusion https://twitter.com/yu_suke1994/status/ 1068355444928741376
