SlideShare una empresa de Scribd logo

runC – Open Container Initiative

Jeeva Chelladhurai
Jeeva Chelladhurai

Deep Dive into OCI ( Open Container Initiative) and runC

Tecnología
1 de 26
runC – Open Container Initiative Jeeva S. Chelladhurai https://www.linkedin.com/in/jeevachelladhurai/ @Docker Meetup #34 Author of Learning Docker https://www.packtpub.com/networking-and-servers/learning-docker-second-edition
About OCI • Open Container Initiative • Open Industry Standard • Common, minimal, open standards and specification • Container Format and Runtime • Linux Foundation Collaborative Project • Launched June 22 2015 • Docker, CoreOS and etc. • Docker donated libcontainer • https://github.com/opencontainers/runc
Why OCI • Removes vendor lock-in • Portability • Interoperability • Agility • Rootless container • Init system & Cron integration
OCI Scope [1/4] • Runtime executable reference • OCI Base Layer • RunC - reference implementation • https://github.com/opencontainers/runc • Runtime Spec • OCI Base Layer • https://github.com/opencontainers/runtime-spec • Defines the parameters needed to run the container
OCI Scope [2/4] • Bundle Format • OCI Base Layer • https://github.com/opencontainers/image-spec • Defines the filesystem layout • Standardization needed for various runtimes • Hashing for Content Integrity • OCI Base Layer • https://github.com/opencontainers/go-digest • Ensure content integrity
OCI Scope [3/4] • Content Addressable name • OCI Base Layer • Using hash as address for immutable containers • Early stage of discussion • Archival Format • OCI Base Layer • Serialization of filesystem bundle • Yet to start
OCI Scope [4/4] • Compliance Test Suite • OCI Base Layer • Test cases and tools to ensure the implementations comply with the specs • OCI Optional Layers • Signature • DNS based naming
runC • Client wrapper around libcontainer • libcontainer is OS interface • runC requires • OCI config (json) • OCI bundle (filesystem)
Environment • Vagrant https://www.vagrantup.com • VirtualBox https://www.virtualbox.org • Vagrant Box used: ubuntu/xenial64 • vagrant flow  create a directory in the host system, and from that directory run below vagrant commands  vagrant init ubuntu/xenial64  vagrant ssh
Installing runC thru docker • Docker uses runC as its runtime • It is shipped with docker as docker-runc ubuntu@ubuntu-xenial:~$ docker --version Docker version 17.06.0-ce, build 02c1d87 ubuntu@ubuntu-xenial:~$ docker-runc --version runc version 1.0.0-rc3 commit: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4 spec: 1.0.0-rc5
Installing runC from Release • Release binary can be downloaded from https://github.com/opencontainers/runc/releases/
Installing runC from source • install go lang 1.8.3 (might work with older versions too) • set GOROOT & GOPATH path • also install libseccomp-dev, gcc, make, pkg-config • cd $GOPATH/src/github.com/opencontainers • git clone https://github.com/opencontainers/runc • cd runc && make && sudo make install ubuntu@ubuntu-xenial:~$ runc --version runc version 1.0.0-rc4+dev commit: ae2948042b08ad3d6d13cd09f40a50ffff4fc688 spec: 1.0.0
runc CLI
docker-runc CLI
OCI runC flow nnkn Config.json -platform -env -user -hostname -root + r rootfs / bin/ etc/ home/ opt/ …… Container Runtime ContainerContainer Filesystem Bundle
Creating an OCI Bundle 1. Choose a directory $ cd ${HOME}/myalpine 2. Create rootfs $ mkdir rootfs 3. Create a docker container $ docker create --name myalpine alpine 4. Export the container to a tar file $ docker container export myalpine -o myalpine.tar 5. Untar the file into rootfs $ tar -C rootfs -xvf myalpine.tar 6. Generate config.json spec $ runc spec
Create a bundle in a single stroke 1. Choose a directory $ cd ${HOME}/myalpine2 2. Create rootfs $ mkdir rootfs 3. Create bundle with chain of commands $ docker export $(docker create alpine) | tar -C rootfs -xvf - 4. Generate config.json spec $ runc spec
Running your first runc container 1. Change to the OCI Bundle directory $ cd ${HOME}/myalpine 2. Run the alpine bundle as root $ sudo runc run myalpine
config.json snippet
Working with spec false “ip”, “addr” Remove netwrok namespace for host network
runc on host network config.json https://gist.github.com/sjeeva/903de797838882082af7921bac5fbfd4
rootless containers • Running container as non-root user • runc binary should be owned by root • Create a spec for rootless container • runc spec --rootless • Launch runc with --root option • runc --root /tmp/runc run myalpine
Mounting host directories • Edit the config.json spec and added the mount point to the mounts section • Example:
Hooks • Supports three hooks to perform specific action • prestart – before launching the container • poststart – after launching the user process inside the container • poststop – after stopping the user process inside the container
Thank You https://www.linkedin.com/in/jeevachelladhurai/

Recomendados

Containerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimeContainerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimePhil Estes
 
Hardening Kafka Replication
Hardening Kafka Replication Hardening Kafka Replication
Hardening Kafka Replication confluent
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault pptShrey Agarwal
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesAmazon Web Services
 
Introduction to CI/CD
Introduction to CI/CDIntroduction to CI/CD
Introduction to CI/CDSteve Mactaggart
 
Write microservice in golang
Write microservice in golangWrite microservice in golang
Write microservice in golangBo-Yi Wu
 
Securing Kafka
Securing Kafka Securing Kafka
Securing Kafka confluent
 
[NDC17] Kubernetes로 개발서버 간단히 찍어내기
[NDC17] Kubernetes로 개발서버 간단히 찍어내기[NDC17] Kubernetes로 개발서버 간단히 찍어내기
[NDC17] Kubernetes로 개발서버 간단히 찍어내기SeungYong Oh
 

Recomendados

Containerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimeContainerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimePhil Estes
 
Hardening Kafka Replication
Hardening Kafka Replication Hardening Kafka Replication
Hardening Kafka Replication confluent
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault pptShrey Agarwal
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesAmazon Web Services
 
Introduction to CI/CD
Introduction to CI/CDIntroduction to CI/CD
Introduction to CI/CDSteve Mactaggart
 
Write microservice in golang
Write microservice in golangWrite microservice in golang
Write microservice in golangBo-Yi Wu
 
Securing Kafka
Securing Kafka Securing Kafka
Securing Kafka confluent
 
[NDC17] Kubernetes로 개발서버 간단히 찍어내기
[NDC17] Kubernetes로 개발서버 간단히 찍어내기[NDC17] Kubernetes로 개발서버 간단히 찍어내기
[NDC17] Kubernetes로 개발서버 간단히 찍어내기SeungYong Oh
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
Jenkins Overview
Jenkins OverviewJenkins Overview
Jenkins OverviewAhmed M. Gomaa
 
Kubernetes
KubernetesKubernetes
KubernetesHenry He
 
Hunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackHunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackElasticsearch
 
CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton Araf Karsh Hamid
 
Add Redis to Postgres to Make Your Microservices Go Boom!
Add Redis to Postgres to Make Your Microservices Go Boom!Add Redis to Postgres to Make Your Microservices Go Boom!
Add Redis to Postgres to Make Your Microservices Go Boom!Dave Nielsen
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseStenio Ferreira
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsOCTO Technology
 
ELK introduction
ELK introductionELK introduction
ELK introductionWaldemar Neto
 
The journey to GitOps
The journey to GitOpsThe journey to GitOps
The journey to GitOpsNicola Baldi
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Stenio Ferreira
 
Introduction of CCE and DevCloud
Introduction of CCE and DevCloudIntroduction of CCE and DevCloud
Introduction of CCE and DevCloudOpsta
 
Docker swarm
Docker swarmDocker swarm
Docker swarmAlberto Guimarães Viana
 
DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDiego Gabriel Cardoso
 
DevOps Monitoring and Alerting
DevOps Monitoring and AlertingDevOps Monitoring and Alerting
DevOps Monitoring and AlertingKhairul Zebua
 
Automation CICD
Automation CICDAutomation CICD
Automation CICDLumban Sopian
 
CICD with Jenkins
CICD with JenkinsCICD with Jenkins
CICD with JenkinsVietnam Open Infrastructure User Group
 
12 factor app an introduction
12 factor app an introduction12 factor app an introduction
12 factor app an introductionKrishna-Kumar
 
Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...
Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...
Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...GetInData
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
Runc: The Little Engine That Could (Run Docker Containers)
Runc: The Little Engine That Could (Run Docker Containers)Runc: The Little Engine That Could (Run Docker Containers)
Runc: The Little Engine That Could (Run Docker Containers)Phil Estes
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
 

Más contenido relacionado

La actualidad más candente

Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
Kubernetes
KubernetesKubernetes
KubernetesHenry He
 
Hunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackHunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackElasticsearch
 
CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton Araf Karsh Hamid
 
Add Redis to Postgres to Make Your Microservices Go Boom!
Add Redis to Postgres to Make Your Microservices Go Boom!Add Redis to Postgres to Make Your Microservices Go Boom!
Add Redis to Postgres to Make Your Microservices Go Boom!Dave Nielsen
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseStenio Ferreira
 
The journey to GitOps
The journey to GitOpsThe journey to GitOps
The journey to GitOpsNicola Baldi
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Stenio Ferreira
 
Introduction of CCE and DevCloud
Introduction of CCE and DevCloudIntroduction of CCE and DevCloud
Introduction of CCE and DevCloudOpsta
 
DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDiego Gabriel Cardoso
 
DevOps Monitoring and Alerting
DevOps Monitoring and AlertingDevOps Monitoring and Alerting
DevOps Monitoring and AlertingKhairul Zebua
 
12 factor app an introduction
12 factor app an introduction12 factor app an introduction
12 factor app an introductionKrishna-Kumar
 
Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...
Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...
Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...GetInData
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 

La actualidad más candente (20)

Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
 
Jenkins Overview
Jenkins OverviewJenkins Overview
Jenkins Overview
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Hunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackHunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic Stack
 
CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton
 
Add Redis to Postgres to Make Your Microservices Go Boom!
Add Redis to Postgres to Make Your Microservices Go Boom!Add Redis to Postgres to Make Your Microservices Go Boom!
Add Redis to Postgres to Make Your Microservices Go Boom!
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs Enterprise
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
ELK introduction
ELK introductionELK introduction
ELK introduction
 
The journey to GitOps
The journey to GitOpsThe journey to GitOps
The journey to GitOps
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
 
Introduction of CCE and DevCloud
Introduction of CCE and DevCloudIntroduction of CCE and DevCloud
Introduction of CCE and DevCloud
 
Docker swarm
Docker swarmDocker swarm
Docker swarm
 
DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteira
 
DevOps Monitoring and Alerting
DevOps Monitoring and AlertingDevOps Monitoring and Alerting
DevOps Monitoring and Alerting
 
Automation CICD
Automation CICDAutomation CICD
Automation CICD
 
CICD with Jenkins
CICD with JenkinsCICD with Jenkins
CICD with Jenkins
 
12 factor app an introduction
12 factor app an introduction12 factor app an introduction
12 factor app an introduction
 
Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...
Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...
Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 

Similar a runC – Open Container Initiative

Runc: The Little Engine That Could (Run Docker Containers)
Runc: The Little Engine That Could (Run Docker Containers)Runc: The Little Engine That Could (Run Docker Containers)
Runc: The Little Engine That Could (Run Docker Containers)Phil Estes
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
 
Devoxx 2016: A Developer's Guide to OCI and runC
Devoxx 2016: A Developer's Guide to OCI and runCDevoxx 2016: A Developer's Guide to OCI and runC
Devoxx 2016: A Developer's Guide to OCI and runCPhil Estes
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochranedotCloud
 
Docker introduction
Docker introductionDocker introduction
Docker introductionWalter Liu
 
Innovating Out in the Open
Innovating Out in the Open Innovating Out in the Open
Innovating Out in the Open Dev_Events
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Phil Estes
 
Docker Meetup Rosenheim: Container Runtimes
Docker Meetup Rosenheim: Container RuntimesDocker Meetup Rosenheim: Container Runtimes
Docker Meetup Rosenheim: Container RuntimesNico Meisenzahl
 
Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source John Willis
 
Detailed Introduction To Docker
Detailed Introduction To DockerDetailed Introduction To Docker
Detailed Introduction To Dockernklmish
 
Docker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine EvolutionDocker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine EvolutionPhil Estes
 
containerD
containerDcontainerD
containerDstrikr .
 
Docker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsDocker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsRamit Surana
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Phil Estes
 
Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introductionJason Hu
 
Deliver Python Apps with Docker
Deliver Python Apps with DockerDeliver Python Apps with Docker
Deliver Python Apps with DockerAnton Egorov
 
Getting Started with Docker
Getting Started with DockerGetting Started with Docker
Getting Started with DockerGeeta Vinnakota
 
Kubernetes Story - Day 1: Build and Manage Containers with Podman
Kubernetes Story - Day 1: Build and Manage Containers with PodmanKubernetes Story - Day 1: Build and Manage Containers with Podman
Kubernetes Story - Day 1: Build and Manage Containers with PodmanMihai Criveti
 
PostgreSQL and Linux Containers
PostgreSQL and Linux ContainersPostgreSQL and Linux Containers
PostgreSQL and Linux ContainersJignesh Shah
 

Similar a runC – Open Container Initiative (20)

Runc: The Little Engine That Could (Run Docker Containers)
Runc: The Little Engine That Could (Run Docker Containers)Runc: The Little Engine That Could (Run Docker Containers)
Runc: The Little Engine That Could (Run Docker Containers)
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
 
Devoxx 2016: A Developer's Guide to OCI and runC
Devoxx 2016: A Developer's Guide to OCI and runCDevoxx 2016: A Developer's Guide to OCI and runC
Devoxx 2016: A Developer's Guide to OCI and runC
 
Django and Docker
Django and DockerDjango and Docker
Django and Docker
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Innovating Out in the Open
Innovating Out in the Open Innovating Out in the Open
Innovating Out in the Open
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016
 
Docker Meetup Rosenheim: Container Runtimes
Docker Meetup Rosenheim: Container RuntimesDocker Meetup Rosenheim: Container Runtimes
Docker Meetup Rosenheim: Container Runtimes
 
Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source
 
Detailed Introduction To Docker
Detailed Introduction To DockerDetailed Introduction To Docker
Detailed Introduction To Docker
 
Docker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine EvolutionDocker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine Evolution
 
containerD
containerDcontainerD
containerD
 
Docker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsDocker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and tools
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
 
Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introduction
 
Deliver Python Apps with Docker
Deliver Python Apps with DockerDeliver Python Apps with Docker
Deliver Python Apps with Docker
 
Getting Started with Docker
Getting Started with DockerGetting Started with Docker
Getting Started with Docker
 
Kubernetes Story - Day 1: Build and Manage Containers with Podman
Kubernetes Story - Day 1: Build and Manage Containers with PodmanKubernetes Story - Day 1: Build and Manage Containers with Podman
Kubernetes Story - Day 1: Build and Manage Containers with Podman
 
PostgreSQL and Linux Containers
PostgreSQL and Linux ContainersPostgreSQL and Linux Containers
PostgreSQL and Linux Containers
 

Último

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Último (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

runC – Open Container Initiative

  • 1. runC – Open Container Initiative Jeeva S. Chelladhurai https://www.linkedin.com/in/jeevachelladhurai/ @Docker Meetup #34 Author of Learning Docker https://www.packtpub.com/networking-and-servers/learning-docker-second-edition
  • 2.
  • 3. About OCI • Open Container Initiative • Open Industry Standard • Common, minimal, open standards and specification • Container Format and Runtime • Linux Foundation Collaborative Project • Launched June 22 2015 • Docker, CoreOS and etc. • Docker donated libcontainer • https://github.com/opencontainers/runc
  • 4. Why OCI • Removes vendor lock-in • Portability • Interoperability • Agility • Rootless container • Init system & Cron integration
  • 5. OCI Scope [1/4] • Runtime executable reference • OCI Base Layer • RunC - reference implementation • https://github.com/opencontainers/runc • Runtime Spec • OCI Base Layer • https://github.com/opencontainers/runtime-spec • Defines the parameters needed to run the container
  • 6. OCI Scope [2/4] • Bundle Format • OCI Base Layer • https://github.com/opencontainers/image-spec • Defines the filesystem layout • Standardization needed for various runtimes • Hashing for Content Integrity • OCI Base Layer • https://github.com/opencontainers/go-digest • Ensure content integrity
  • 7. OCI Scope [3/4] • Content Addressable name • OCI Base Layer • Using hash as address for immutable containers • Early stage of discussion • Archival Format • OCI Base Layer • Serialization of filesystem bundle • Yet to start
  • 8. OCI Scope [4/4] • Compliance Test Suite • OCI Base Layer • Test cases and tools to ensure the implementations comply with the specs • OCI Optional Layers • Signature • DNS based naming
  • 9. runC • Client wrapper around libcontainer • libcontainer is OS interface • runC requires • OCI config (json) • OCI bundle (filesystem)
  • 10. Environment • Vagrant https://www.vagrantup.com • VirtualBox https://www.virtualbox.org • Vagrant Box used: ubuntu/xenial64 • vagrant flow  create a directory in the host system, and from that directory run below vagrant commands  vagrant init ubuntu/xenial64  vagrant ssh
  • 11. Installing runC thru docker • Docker uses runC as its runtime • It is shipped with docker as docker-runc ubuntu@ubuntu-xenial:~$ docker --version Docker version 17.06.0-ce, build 02c1d87 ubuntu@ubuntu-xenial:~$ docker-runc --version runc version 1.0.0-rc3 commit: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4 spec: 1.0.0-rc5
  • 12. Installing runC from Release • Release binary can be downloaded from https://github.com/opencontainers/runc/releases/
  • 13. Installing runC from source • install go lang 1.8.3 (might work with older versions too) • set GOROOT & GOPATH path • also install libseccomp-dev, gcc, make, pkg-config • cd $GOPATH/src/github.com/opencontainers • git clone https://github.com/opencontainers/runc • cd runc && make && sudo make install ubuntu@ubuntu-xenial:~$ runc --version runc version 1.0.0-rc4+dev commit: ae2948042b08ad3d6d13cd09f40a50ffff4fc688 spec: 1.0.0
  • 16. OCI runC flow nnkn Config.json -platform -env -user -hostname -root + r rootfs / bin/ etc/ home/ opt/ …… Container Runtime ContainerContainer Filesystem Bundle
  • 17. Creating an OCI Bundle 1. Choose a directory $ cd ${HOME}/myalpine 2. Create rootfs $ mkdir rootfs 3. Create a docker container $ docker create --name myalpine alpine 4. Export the container to a tar file $ docker container export myalpine -o myalpine.tar 5. Untar the file into rootfs $ tar -C rootfs -xvf myalpine.tar 6. Generate config.json spec $ runc spec
  • 18. Create a bundle in a single stroke 1. Choose a directory $ cd ${HOME}/myalpine2 2. Create rootfs $ mkdir rootfs 3. Create bundle with chain of commands $ docker export $(docker create alpine) | tar -C rootfs -xvf - 4. Generate config.json spec $ runc spec
  • 19. Running your first runc container 1. Change to the OCI Bundle directory $ cd ${HOME}/myalpine 2. Run the alpine bundle as root $ sudo runc run myalpine
  • 21. Working with spec false “ip”, “addr” Remove netwrok namespace for host network
  • 22. runc on host network config.json https://gist.github.com/sjeeva/903de797838882082af7921bac5fbfd4
  • 23. rootless containers • Running container as non-root user • runc binary should be owned by root • Create a spec for rootless container • runc spec --rootless • Launch runc with --root option • runc --root /tmp/runc run myalpine
  • 24. Mounting host directories • Edit the config.json spec and added the mount point to the mounts section • Example:
  • 25. Hooks • Supports three hooks to perform specific action • prestart – before launching the container • poststart – after launching the user process inside the container • poststop – after stopping the user process inside the container