SlideShare una empresa de Scribd logo

[Container Plumbing Days 2023] Why was nerdctl made?

A
Akihiro Suda

nerdctl (contaiNERD CTL) was made to facilitate development of new technologies in the containerd platform. Such technologies include: - Lazy-pulling with Stargz/Nydus/OverlayBD - P2P image distribution with IPFS - Image encryption with OCIcrypt - Image signing with Cosign - “Real” read-only mounts with mount_setattr - Slirp-less rootless containers with bypass4netns - Interactive debugging of Dockerfiles, with buildg nerdctl is also useful for debugging Kubernetes nodes that are running containerd. Through this session, the audiences will learn these functionalities of nerdctl, relevant projects, and the roadmap for the future. https://containerplumbing.org/sessions/2023/why_was_nerdctl_

Software
1 de 20
Descargar para leer sin conexión
Why was nerdctl made? https://github.com/containerd/nerdctl Akihiro Suda, NTT Container Plumbing Days 2023 (March 23)
2 nerdctl: contaiNERD CTL • Docker-compatible CLI for containerd (and buildkitd) alias docker=nerdctl • Made for facilitating new experiments in the containerd platform • The experimental features can be safely turned off for production environments (export NERDCTL_EXPERIMENTAL=0) • Useful for debugging Kubernetes nodes too https://github.com/containerd/nerdctl
3 Demo $ nerdctl run ... $ nerdctl compose up ...
• Lazy-pulling with eStargz/SOCI/Nydus/OverlayBD • Registry-less P2P image distribution with IPFS * • Image encryption with OCIcrypt * • Image signing with Cosign / Notation * • “Real” read-only mounts with mount_setattr • Slirp-less rootless containers with bypass4netns * • Interactive debugging of Dockerfiles, with buildg * 4 Novel features of containerd & nerdctl * = Experimental
• Lazy-pulling: pulling image contents on demand • No need to pull an entire image • Several formats are being proposed 5 Lazy-pulling with eStargz/SOCI/Nydus/OverlayBD Format Implementation for containerd Description eStargz github.com/containerd/stargz-snapshotter Optimizes gzip granularity for seek()-ability; Forward compatible with OCI v1 tar.gz SOCI github.com/awslabs/soci-snapshotter Captures a checkpoint of tar.gz decoder state; Forward compatible with OCI v1 tar.gz Nydus github.com/containerd/nydus-snapshotter An alternate image format; Not compatible with OCI v1 tar.gz OverlayBD github.com/containerd/overlaybd Block devices as container images; Not compatible with OCI v1 tar.gz https://github.com/containerd/nerdctl/blob/main/docs/stargz.md
6 Lazy-pulling with eStargz/SOCI/Nydus/OverlayBD https://github.com/containerd/stargz-snapshotter/blob/v0.14.3/docs/images/benchmarking-result-ecdb227.png
7 Registry-less P2P image distribution with IPFS Experimental https://medium.com/nttlabs/nerdctl-ipfs-975569520e3d https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md $ nerdctl pull ipfs://<CID>
• OCI Image Layers can be encrypted to protect secret files (OCI Image Config, e.g., env vars, are not encrypted) • Encrypted layers can be decrypted transparently 8 Image encryption with OCIcrypt Experimental $ nerdctl image encrypt --recipient=jwe:mypubkey.pem foo example.com/foo:encrypted $ nerdctl push example.com/foo:encrypted https://github.com/containerd/nerdctl/blob/main/docs/ocicrypt.md $ nerdctl pull example.com/foo:encrypted
• Docker CLI supports DOCKER_CONTENT_TRUST (Notary v1), but it didn’t see wide adoption • DOCKER_CONTENT_TRUST is not implemented for nerdctl • Instead, nerdctl supports Cosign and Notation (“Notary v2”) 9 Image signing with Cosign / Notation Experimental $ nerdctl pull --verify=(cosign|notation) https://github.com/containerd/nerdctl/blob/main/docs/cosign.md https://github.com/containerd/nerdctl/blob/main/docs/notation.md
• Surprisingly docker run -v /mnt:/mnt:ro doesn’t really make /mnt inside the container read-only • Submounts like /mnt/usbdisk are writable • nerdctl supports RRO: recursively-read-only mounts nerdctl run -v /mnt:/mnt:rro – Implemented using MOUNT_ATTR_RDONLY (kernel >= 5.12) 10 “Real” read-only mounts with mount_setattr
• Bypass slirp4netns (usermode TCP/IP), by using SECCOMP_IOCTL_NOTIF_ADDFD • Even faster than rootful 11 Slirp-less rootless containers with bypass4netns Experimental https://github.com/containerd/nerdctl/blob/main/docs/rootless.md#bypass4netns https://speakerdeck.com/mt2naoki/ip-communications-in-rootless-containers-by-socket-switching?slide=4 $ nerdctl run --label=nerdctl/bypass4netns=1
• Breakpoints for Dockerfiles 12 Interactive debugging of Dockerfiles, with buildg Experimental https://github.com/containerd/nerdctl/blob/main/docs/builder-debug.md https://github.com/ktock/buildg $ nerdctl builder debug . .... => 1| FROM ubuntu AS dev 2| RUN echo hello > /hello 3| RUN echo world > /world 4| (buildg) break 3 (buildg) continue ... Breakpoint[0]: reached line: Dockerfile:3 (buildg) exec /bin/sh #
• Namespacing: nerdctl --namespace=<NS> ps • Connecting a container to multiple networks at once: nerdctl run --net foo --net bar ... • AppArmor for rootless containers ( Although still needs sudo nerdctl apparmor load ) • FreeBSD containers • Windows containers • And more... 13 Other features
• ctr: a CLI included in containerd • ctr is often misbelieved to be the standard CLI for containerd • But ctr is just a debugging tool written for containerd developers • ctr lacks lots of high-level features that are present in Docker and nerdctl • Exposing ports (nerdctl run -p <PORT>) • Re-startable containers w/ networking (nerdctl run --restart=always) • Support for ~/.docker/config.json , docker-credential-ecr-login, etc. • Reading logs of background containers (nerdctl logs) 14 FAQ: Why not ctr?
• crictl is similar to ctr but uses a different API • crictl has similar restrictions as ctr • CRI API has very tight scope compared to the containerd native API • Negotiation for modifying the CRI API is relatively hard 15 FAQ: Why not crictl? containerd CRI API Native API kubelet crictl nerdctl ctr
• Docker doesn’t/didn’t use the containerd API for image management • Can’t/Couldn’t be used for experimenting lazy-pulling, etc. • Work is in progress toward Docker v24+ • Release cycle is/was slow – Docker v19.03: Jul 2019 – Docker v20.10: Dec 2020 – Docker v23: Feb 2023 • Not trying to “defeat” Docker; Experiments in nerdctl are being ported to Docker too 16 FAQ: Why not Docker?
• Podman doesn’t work as a Kubernetes runtime • CRI-O doesn’t support non-CRI API, and lacks Docker-like CLI • podman ps , etc. works for CRI-O too, but still Podman != CRI-O • Not trying to “defeat” Podman/CRI-O either; Experiments in containerd/nerdctl are being ported to Podman/CRI-O too – e.g., eStargz 17 FAQ: Why not Podman/CRI-O ?
• https://github.com/containerd/nerdctl/releases • nerdctl-full-<VERSION>-linux-amd64.tar.gz contains all the dependencies (containerd, runc, …) 18 Getting started $ sudo systemctl enable --now containerd $ sudo nerdctl run -d --name nginx -p 80:80 nginx:alpine $ containerd-rootless-setuptool.sh install $ nerdctl run -d --name nginx -p 8080:80 nginx:alpine
• macOS users should try Lima • Lima: Linux Machine, originally designed as “nerdctl Machine” • CNCF Sandbox Project • Automatic port forwarding & host filesystem mounting • nerdctl is also included in AWS Finch, Colima, Rancher Desktop, ... 19 Getting started $ brew install lima $ alias nerdctl=nerdctl.lima $ nerdctl run -d --name nginx -p 80:80 nginx:alpine Colima
• nerdctl = contaiNERD CTL • Made for facilitating new experiments in the containerd platform 20 Wrap-up https://github.com/containerd/nerdctl Slack: #containerd at slack.cncf.io • Lazy-pulling with eStargz/SOCI/Nydus/OverlayBD • Registry-less P2P image distribution with IPFS • Image encryption with OCIcrypt • Image signing with Cosign / Notation • “Real” read-only mounts with mount_setattr • Slirp-less rootless containers with bypass4netns • Interactive debugging of Dockerfiles, with buildg • And more!

Recomendados

containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能Kohei Tokunaga
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...Akihiro Suda
 
Ceph アーキテクチャ概説
Ceph アーキテクチャ概説Ceph アーキテクチャ概説
Ceph アーキテクチャ概説Emma Haruka Iwao
 
P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
 
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するKohei Tokunaga
 
急速に進化を続けるCNIプラグイン Antrea
急速に進化を続けるCNIプラグイン Antrea 急速に進化を続けるCNIプラグイン Antrea
急速に進化を続けるCNIプラグイン Antrea Motonori Shindo
 
OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27Kentaro Ebisawa
 
最近のOpenStackを振り返ってみよう
最近のOpenStackを振り返ってみよう最近のOpenStackを振り返ってみよう
最近のOpenStackを振り返ってみようTakashi Kajinami
 

Recomendados

containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能Kohei Tokunaga
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...Akihiro Suda
 
Ceph アーキテクチャ概説
Ceph アーキテクチャ概説Ceph アーキテクチャ概説
Ceph アーキテクチャ概説Emma Haruka Iwao
 
P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
 
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するKohei Tokunaga
 
急速に進化を続けるCNIプラグイン Antrea
急速に進化を続けるCNIプラグイン Antrea 急速に進化を続けるCNIプラグイン Antrea
急速に進化を続けるCNIプラグイン Antrea Motonori Shindo
 
OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27Kentaro Ebisawa
 
最近のOpenStackを振り返ってみよう
最近のOpenStackを振り返ってみよう最近のOpenStackを振り返ってみよう
最近のOpenStackを振り返ってみようTakashi Kajinami
 
TripleOの光と闇
TripleOの光と闇TripleOの光と闇
TripleOの光と闇Manabu Ori
 
今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみたKohei Tokunaga
 
Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版VirtualTech Japan Inc.
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
 
eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動Kohei Tokunaga
 
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用Motonori Shindo
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線Motonori Shindo
 
CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...
CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...
CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...NTT DATA Technology & Innovation
 
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterThe overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterKohei Tokunaga
 
YoctoをつかったDistroの作り方とハマり方
YoctoをつかったDistroの作り方とハマり方YoctoをつかったDistroの作り方とハマり方
YoctoをつかったDistroの作り方とハマり方wata2ki
 
BuildKitの概要と最近の機能
BuildKitの概要と最近の機能BuildKitの概要と最近の機能
BuildKitの概要と最近の機能Kohei Tokunaga
 
NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月
NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月
NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月VirtualTech Japan Inc.
 
KubeEdgeを触ってみた
KubeEdgeを触ってみたKubeEdgeを触ってみた
KubeEdgeを触ってみたTomoyuki Tanigaki
 
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKitAkihiro Suda
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Akihiro Suda
 
知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月
知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月 知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月
知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月 VirtualTech Japan Inc.
 
Dockerクイックツアー
DockerクイックツアーDockerクイックツアー
DockerクイックツアーEtsuji Nakai
 
Linux女子部 systemd徹底入門
Linux女子部 systemd徹底入門Linux女子部 systemd徹底入門
Linux女子部 systemd徹底入門Etsuji Nakai
 
root権限無しでKubernetesを動かす
root権限無しでKubernetesを動かす root権限無しでKubernetesを動かす
root権限無しでKubernetesを動かす Akihiro Suda
 
Linux KVM環境におけるGPGPU活用最新動向
Linux KVM環境におけるGPGPU活用最新動向Linux KVM環境におけるGPGPU活用最新動向
Linux KVM環境におけるGPGPU活用最新動向Taira Hajime
 
Pod Sandbox workflow creation from Dockershim
Pod Sandbox workflow creation from DockershimPod Sandbox workflow creation from Dockershim
Pod Sandbox workflow creation from DockershimVictor Morales
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]Wong Hoi Sing Edison
 

Más contenido relacionado

La actualidad más candente

TripleOの光と闇
TripleOの光と闇TripleOの光と闇
TripleOの光と闇Manabu Ori
 
今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみたKohei Tokunaga
 
Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版VirtualTech Japan Inc.
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
 
eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動Kohei Tokunaga
 
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用Motonori Shindo
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線Motonori Shindo
 
CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...
CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...
CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...NTT DATA Technology & Innovation
 
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterThe overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterKohei Tokunaga
 
YoctoをつかったDistroの作り方とハマり方
YoctoをつかったDistroの作り方とハマり方YoctoをつかったDistroの作り方とハマり方
YoctoをつかったDistroの作り方とハマり方wata2ki
 
BuildKitの概要と最近の機能
BuildKitの概要と最近の機能BuildKitの概要と最近の機能
BuildKitの概要と最近の機能Kohei Tokunaga
 
NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月
NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月
NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月VirtualTech Japan Inc.
 
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKitAkihiro Suda
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Akihiro Suda
 
知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月
知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月 知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月
知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月 VirtualTech Japan Inc.
 
Dockerクイックツアー
DockerクイックツアーDockerクイックツアー
DockerクイックツアーEtsuji Nakai
 
Linux女子部 systemd徹底入門
Linux女子部 systemd徹底入門Linux女子部 systemd徹底入門
Linux女子部 systemd徹底入門Etsuji Nakai
 
root権限無しでKubernetesを動かす
root権限無しでKubernetesを動かす root権限無しでKubernetesを動かす
root権限無しでKubernetesを動かす Akihiro Suda
 
Linux KVM環境におけるGPGPU活用最新動向
Linux KVM環境におけるGPGPU活用最新動向Linux KVM環境におけるGPGPU活用最新動向
Linux KVM環境におけるGPGPU活用最新動向Taira Hajime
 

La actualidad más candente (20)

TripleOの光と闇
TripleOの光と闇TripleOの光と闇
TripleOの光と闇
 
今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた
 
Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020
 
eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動
 
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線
 
CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...
CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...
CloudNativePGを動かしてみた! ~PostgreSQL on Kubernetes~(第34回PostgreSQLアンカンファレンス@オンライ...
 
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterThe overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
 
YoctoをつかったDistroの作り方とハマり方
YoctoをつかったDistroの作り方とハマり方YoctoをつかったDistroの作り方とハマり方
YoctoをつかったDistroの作り方とハマり方
 
BuildKitの概要と最近の機能
BuildKitの概要と最近の機能BuildKitの概要と最近の機能
BuildKitの概要と最近の機能
 
NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月
NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月
NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月
 
KubeEdgeを触ってみた
KubeEdgeを触ってみたKubeEdgeを触ってみた
KubeEdgeを触ってみた
 
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行
 
知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月
知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月 知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月
知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月
 
Dockerクイックツアー
DockerクイックツアーDockerクイックツアー
Dockerクイックツアー
 
Linux女子部 systemd徹底入門
Linux女子部 systemd徹底入門Linux女子部 systemd徹底入門
Linux女子部 systemd徹底入門
 
root権限無しでKubernetesを動かす
root権限無しでKubernetesを動かす root権限無しでKubernetesを動かす
root権限無しでKubernetesを動かす
 
Linux KVM環境におけるGPGPU活用最新動向
Linux KVM環境におけるGPGPU活用最新動向Linux KVM環境におけるGPGPU活用最新動向
Linux KVM環境におけるGPGPU活用最新動向
 

Similar a [Container Plumbing Days 2023] Why was nerdctl made?

Pod Sandbox workflow creation from Dockershim
Pod Sandbox workflow creation from DockershimPod Sandbox workflow creation from Dockershim
Pod Sandbox workflow creation from DockershimVictor Morales
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]Wong Hoi Sing Edison
 
Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)MeetupDataScienceRoma
 
Kubernetes from the ground up
Kubernetes from the ground upKubernetes from the ground up
Kubernetes from the ground upSander Knape
 
Building images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitBuilding images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitNTT Software Innovation Center
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and ContainersDocker, Inc.
 
Perspectives on Docker
Perspectives on DockerPerspectives on Docker
Perspectives on DockerRightScale
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned RightScale
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
 
Running .NET on Docker
Running .NET on DockerRunning .NET on Docker
Running .NET on DockerBen Hall
 
Pydata 2020 containers meetup
Pydata 2020 containers meetup Pydata 2020 containers meetup
Pydata 2020 containers meetup Walid Shaari
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerJames Turnbull
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionIntroduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionJérôme Petazzoni
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'acorehard_by
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniTheFamily
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionJérôme Petazzoni
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDocker, Inc.
 
Introduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkIntroduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkJérôme Petazzoni
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionBen Hall
 

Similar a [Container Plumbing Days 2023] Why was nerdctl made? (20)

Pod Sandbox workflow creation from Dockershim
Pod Sandbox workflow creation from DockershimPod Sandbox workflow creation from Dockershim
Pod Sandbox workflow creation from Dockershim
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
 
Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)
 
Kubernetes from the ground up
Kubernetes from the ground upKubernetes from the ground up
Kubernetes from the ground up
 
Building images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitBuilding images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKit
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
 
Perspectives on Docker
Perspectives on DockerPerspectives on Docker
Perspectives on Docker
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
 
Docker for Developers
Docker for DevelopersDocker for Developers
Docker for Developers
 
Running .NET on Docker
Running .NET on DockerRunning .NET on Docker
Running .NET on Docker
 
Pydata 2020 containers meetup
Pydata 2020 containers meetup Pydata 2020 containers meetup
Pydata 2020 containers meetup
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionIntroduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
 
Introduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkIntroduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New York
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 

Más de Akihiro Suda

20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
20240321 [KubeCon EU Pavilion] Lima.pdf_
20240321 [KubeCon EU Pavilion] Lima.pdf_20240321 [KubeCon EU Pavilion] Lima.pdf_
20240321 [KubeCon EU Pavilion] Lima.pdf_Akihiro Suda
 
20240320 [KubeCon EU Pavilion] containerd.pdf
20240320 [KubeCon EU Pavilion] containerd.pdf20240320 [KubeCon EU Pavilion] containerd.pdf
20240320 [KubeCon EU Pavilion] containerd.pdfAkihiro Suda
 
20240201 [HPC Containers] Rootless Containers.pdf
20240201 [HPC Containers] Rootless Containers.pdf20240201 [HPC Containers] Rootless Containers.pdf
20240201 [HPC Containers] Rootless Containers.pdfAkihiro Suda
 
[Podman Special Event] Kubernetes in Rootless Podman
[Podman Special Event] Kubernetes in Rootless Podman[Podman Special Event] Kubernetes in Rootless Podman
[Podman Special Event] Kubernetes in Rootless PodmanAkihiro Suda
 
[KubeConNA2023] Lima pavilion
[KubeConNA2023] Lima pavilion[KubeConNA2023] Lima pavilion
[KubeConNA2023] Lima pavilionAkihiro Suda
 
[KubeConNA2023] containerd pavilion
[KubeConNA2023] containerd pavilion[KubeConNA2023] containerd pavilion
[KubeConNA2023] containerd pavilionAkihiro Suda
 
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdfAkihiro Suda
 
[CNCF TAG-Runtime] Usernetes Gen2
[CNCF TAG-Runtime] Usernetes Gen2[CNCF TAG-Runtime] Usernetes Gen2
[CNCF TAG-Runtime] Usernetes Gen2Akihiro Suda
 
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...Akihiro Suda
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesAkihiro Suda
 
[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilion[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilionAkihiro Suda
 
[KubeConEU2023] containerd pavilion
[KubeConEU2023] containerd pavilion[KubeConEU2023] containerd pavilion
[KubeConEU2023] containerd pavilionAkihiro Suda
 
[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile
[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile
[FOSDEM2023] Bit-for-bit reproducible builds with DockerfileAkihiro Suda
 
[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] LimaAkihiro Suda
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOSAkihiro Suda
 
[Docker Tokyo #35] Docker 20.10
[Docker Tokyo #35] Docker 20.10[Docker Tokyo #35] Docker 20.10
[Docker Tokyo #35] Docker 20.10Akihiro Suda
 
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into ContainerdAkihiro Suda
 
DockerとPodmanの比較
DockerとPodmanの比較DockerとPodmanの比較
DockerとPodmanの比較Akihiro Suda
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep DiveAkihiro Suda
 

Más de Akihiro Suda (20)

20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
20240321 [KubeCon EU Pavilion] Lima.pdf_
20240321 [KubeCon EU Pavilion] Lima.pdf_20240321 [KubeCon EU Pavilion] Lima.pdf_
20240321 [KubeCon EU Pavilion] Lima.pdf_
 
20240320 [KubeCon EU Pavilion] containerd.pdf
20240320 [KubeCon EU Pavilion] containerd.pdf20240320 [KubeCon EU Pavilion] containerd.pdf
20240320 [KubeCon EU Pavilion] containerd.pdf
 
20240201 [HPC Containers] Rootless Containers.pdf
20240201 [HPC Containers] Rootless Containers.pdf20240201 [HPC Containers] Rootless Containers.pdf
20240201 [HPC Containers] Rootless Containers.pdf
 
[Podman Special Event] Kubernetes in Rootless Podman
[Podman Special Event] Kubernetes in Rootless Podman[Podman Special Event] Kubernetes in Rootless Podman
[Podman Special Event] Kubernetes in Rootless Podman
 
[KubeConNA2023] Lima pavilion
[KubeConNA2023] Lima pavilion[KubeConNA2023] Lima pavilion
[KubeConNA2023] Lima pavilion
 
[KubeConNA2023] containerd pavilion
[KubeConNA2023] containerd pavilion[KubeConNA2023] containerd pavilion
[KubeConNA2023] containerd pavilion
 
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
 
[CNCF TAG-Runtime] Usernetes Gen2
[CNCF TAG-Runtime] Usernetes Gen2[CNCF TAG-Runtime] Usernetes Gen2
[CNCF TAG-Runtime] Usernetes Gen2
 
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
 
[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilion[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilion
 
[KubeConEU2023] containerd pavilion
[KubeConEU2023] containerd pavilion[KubeConEU2023] containerd pavilion
[KubeConEU2023] containerd pavilion
 
[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile
[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile
[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile
 
[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS
 
[Docker Tokyo #35] Docker 20.10
[Docker Tokyo #35] Docker 20.10[Docker Tokyo #35] Docker 20.10
[Docker Tokyo #35] Docker 20.10
 
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
 
DockerとPodmanの比較
DockerとPodmanの比較DockerとPodmanの比較
DockerとPodmanの比較
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive
 

Último

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationShrmpro
 
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...masabamasaba
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsBert Jan Schrijver
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 

Último (20)

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
 
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 

[Container Plumbing Days 2023] Why was nerdctl made?

  • 1. Why was nerdctl made? https://github.com/containerd/nerdctl Akihiro Suda, NTT Container Plumbing Days 2023 (March 23)
  • 2. 2 nerdctl: contaiNERD CTL • Docker-compatible CLI for containerd (and buildkitd) alias docker=nerdctl • Made for facilitating new experiments in the containerd platform • The experimental features can be safely turned off for production environments (export NERDCTL_EXPERIMENTAL=0) • Useful for debugging Kubernetes nodes too https://github.com/containerd/nerdctl
  • 3. 3 Demo $ nerdctl run ... $ nerdctl compose up ...
  • 4. • Lazy-pulling with eStargz/SOCI/Nydus/OverlayBD • Registry-less P2P image distribution with IPFS * • Image encryption with OCIcrypt * • Image signing with Cosign / Notation * • “Real” read-only mounts with mount_setattr • Slirp-less rootless containers with bypass4netns * • Interactive debugging of Dockerfiles, with buildg * 4 Novel features of containerd & nerdctl * = Experimental
  • 5. • Lazy-pulling: pulling image contents on demand • No need to pull an entire image • Several formats are being proposed 5 Lazy-pulling with eStargz/SOCI/Nydus/OverlayBD Format Implementation for containerd Description eStargz github.com/containerd/stargz-snapshotter Optimizes gzip granularity for seek()-ability; Forward compatible with OCI v1 tar.gz SOCI github.com/awslabs/soci-snapshotter Captures a checkpoint of tar.gz decoder state; Forward compatible with OCI v1 tar.gz Nydus github.com/containerd/nydus-snapshotter An alternate image format; Not compatible with OCI v1 tar.gz OverlayBD github.com/containerd/overlaybd Block devices as container images; Not compatible with OCI v1 tar.gz https://github.com/containerd/nerdctl/blob/main/docs/stargz.md
  • 7. 7 Registry-less P2P image distribution with IPFS Experimental https://medium.com/nttlabs/nerdctl-ipfs-975569520e3d https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md $ nerdctl pull ipfs://<CID>
  • 8. • OCI Image Layers can be encrypted to protect secret files (OCI Image Config, e.g., env vars, are not encrypted) • Encrypted layers can be decrypted transparently 8 Image encryption with OCIcrypt Experimental $ nerdctl image encrypt --recipient=jwe:mypubkey.pem foo example.com/foo:encrypted $ nerdctl push example.com/foo:encrypted https://github.com/containerd/nerdctl/blob/main/docs/ocicrypt.md $ nerdctl pull example.com/foo:encrypted
  • 9. • Docker CLI supports DOCKER_CONTENT_TRUST (Notary v1), but it didn’t see wide adoption • DOCKER_CONTENT_TRUST is not implemented for nerdctl • Instead, nerdctl supports Cosign and Notation (“Notary v2”) 9 Image signing with Cosign / Notation Experimental $ nerdctl pull --verify=(cosign|notation) https://github.com/containerd/nerdctl/blob/main/docs/cosign.md https://github.com/containerd/nerdctl/blob/main/docs/notation.md
  • 10. • Surprisingly docker run -v /mnt:/mnt:ro doesn’t really make /mnt inside the container read-only • Submounts like /mnt/usbdisk are writable • nerdctl supports RRO: recursively-read-only mounts nerdctl run -v /mnt:/mnt:rro – Implemented using MOUNT_ATTR_RDONLY (kernel >= 5.12) 10 “Real” read-only mounts with mount_setattr
  • 11. • Bypass slirp4netns (usermode TCP/IP), by using SECCOMP_IOCTL_NOTIF_ADDFD • Even faster than rootful 11 Slirp-less rootless containers with bypass4netns Experimental https://github.com/containerd/nerdctl/blob/main/docs/rootless.md#bypass4netns https://speakerdeck.com/mt2naoki/ip-communications-in-rootless-containers-by-socket-switching?slide=4 $ nerdctl run --label=nerdctl/bypass4netns=1
  • 12. • Breakpoints for Dockerfiles 12 Interactive debugging of Dockerfiles, with buildg Experimental https://github.com/containerd/nerdctl/blob/main/docs/builder-debug.md https://github.com/ktock/buildg $ nerdctl builder debug . .... => 1| FROM ubuntu AS dev 2| RUN echo hello > /hello 3| RUN echo world > /world 4| (buildg) break 3 (buildg) continue ... Breakpoint[0]: reached line: Dockerfile:3 (buildg) exec /bin/sh #
  • 13. • Namespacing: nerdctl --namespace=<NS> ps • Connecting a container to multiple networks at once: nerdctl run --net foo --net bar ... • AppArmor for rootless containers ( Although still needs sudo nerdctl apparmor load ) • FreeBSD containers • Windows containers • And more... 13 Other features
  • 14. • ctr: a CLI included in containerd • ctr is often misbelieved to be the standard CLI for containerd • But ctr is just a debugging tool written for containerd developers • ctr lacks lots of high-level features that are present in Docker and nerdctl • Exposing ports (nerdctl run -p <PORT>) • Re-startable containers w/ networking (nerdctl run --restart=always) • Support for ~/.docker/config.json , docker-credential-ecr-login, etc. • Reading logs of background containers (nerdctl logs) 14 FAQ: Why not ctr?
  • 15. • crictl is similar to ctr but uses a different API • crictl has similar restrictions as ctr • CRI API has very tight scope compared to the containerd native API • Negotiation for modifying the CRI API is relatively hard 15 FAQ: Why not crictl? containerd CRI API Native API kubelet crictl nerdctl ctr
  • 16. • Docker doesn’t/didn’t use the containerd API for image management • Can’t/Couldn’t be used for experimenting lazy-pulling, etc. • Work is in progress toward Docker v24+ • Release cycle is/was slow – Docker v19.03: Jul 2019 – Docker v20.10: Dec 2020 – Docker v23: Feb 2023 • Not trying to “defeat” Docker; Experiments in nerdctl are being ported to Docker too 16 FAQ: Why not Docker?
  • 17. • Podman doesn’t work as a Kubernetes runtime • CRI-O doesn’t support non-CRI API, and lacks Docker-like CLI • podman ps , etc. works for CRI-O too, but still Podman != CRI-O • Not trying to “defeat” Podman/CRI-O either; Experiments in containerd/nerdctl are being ported to Podman/CRI-O too – e.g., eStargz 17 FAQ: Why not Podman/CRI-O ?
  • 18. • https://github.com/containerd/nerdctl/releases • nerdctl-full-<VERSION>-linux-amd64.tar.gz contains all the dependencies (containerd, runc, …) 18 Getting started $ sudo systemctl enable --now containerd $ sudo nerdctl run -d --name nginx -p 80:80 nginx:alpine $ containerd-rootless-setuptool.sh install $ nerdctl run -d --name nginx -p 8080:80 nginx:alpine
  • 19. • macOS users should try Lima • Lima: Linux Machine, originally designed as “nerdctl Machine” • CNCF Sandbox Project • Automatic port forwarding & host filesystem mounting • nerdctl is also included in AWS Finch, Colima, Rancher Desktop, ... 19 Getting started $ brew install lima $ alias nerdctl=nerdctl.lima $ nerdctl run -d --name nginx -p 80:80 nginx:alpine Colima
  • 20. • nerdctl = contaiNERD CTL • Made for facilitating new experiments in the containerd platform 20 Wrap-up https://github.com/containerd/nerdctl Slack: #containerd at slack.cncf.io • Lazy-pulling with eStargz/SOCI/Nydus/OverlayBD • Registry-less P2P image distribution with IPFS • Image encryption with OCIcrypt • Image signing with Cosign / Notation • “Real” read-only mounts with mount_setattr • Slirp-less rootless containers with bypass4netns • Interactive debugging of Dockerfiles, with buildg • And more!