Key Takeaways from Docker “Containerd ~ A Core Container Runtime Project” Announcement

With almost every new release, Docker Inc. has open sourced its vital and popular software tools to the community to join hands with all Docker contributors and all Infrastructure plumbers across the globe. Ending 2016 in a GREAT way, Docker Inc. made another big announcement releasing Containerd as an open source project to the community. Check out a glimpse of open sourced component from Docker Inc.(shown below) in the last 4-5 releases:

release_1

In case you are new to containerd – Prior to the version 1.11, Docker engine had a complete responsibility to manage volumes, networks, containers, images etc.. With Engine 1.11, the Docker architecture splitted into four components:

  • Docker engine(binary – docker),
  • containerd(binary – docker-containerd),
  • containerd-shm(binary – docker-containerd-shim) and
  • runC(binary – docker-runc)

docker_dir

When a request is made to Docker Engine , the engine will do all the image management stuff as normal but after that the first thing is to generate an OCI bundle for the container. This will contain information from the image that you pulled and runtime information that you provided via the API. After the configuration has been generated Docker will mount the container’s root filesystem inside the bundle before making the call to containerd to start the container.The containerd then uses runC to run the container.

Containerd is a set of basic components designed to run containers, as part of an open source project. Containerd includes supervisor and executor components that work together to function as the core container runtime that underpins the company’s Docker Engine software. It’s designed to allow companies to build their own software for managing containers while using a consistent foundation.It is available as a daemon for Linux and Windows, which can manage the complete container life cycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.

containerd-pic

For anyone who is still new to OCI definition – The Open Container Initiative (OCI) is a lightweight, open governance structure (project), formed under the auspices of the Linux Foundation, for the express purpose of creating open industry standards around container formats and runtime. The OCI is 1 and 1/2 year old now and currently contains two specifications:

The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk. At a high-level an OCI implementation would download an OCI Image then unpack that image into an OCI Runtime filesystem bundle. At this point the OCI Runtime Bundle would be run by an OCI Runtime.

Docker Inc. contribution to OCI

Key Takeaways from Docker Inc. “Containerd” Announcement:

How will the recent Containerd announcement benefit to Infrastructure operators, providers and end-users? Will containerd still be container runtime? How the future Docker Release would look like ? What about its future roadmap? – this is an important question every Docker enthusiasts would be curious to know about. To answer this and many other questions, I have summarized few of the below points which I learnt from the last Meetup:

1. Containerd is now an independent project (https://containerd.io/) BUT there is NO containerd foundation yet announced.Commitment to donate to a neutral, open foundation expected to happen in Q1 2017.

2. Containerd Repository is open, accessible at the below links:

links_1

3. Containerd is currently 0.2.4 version as of Jan.2017. Containerd 1.0 release is expected to arrive  by Q1 2017.

4. Containerd used in Docker 1.12 covers only container execution and process management. What it actually means is – Under 1.12.1, containerd is just used to execute containers through runC.

containerd_1-12-1                                                                                                                                                                                                                                  Source: Docker Inc.

As shown above, containerd has just the APIs currently necessary to run a container. A GRPC API is called by the Docker Engine, which triggers an execution process. That spins up a supervisor and an executor which is charged with monitoring and running containers. The container is run (i.e. executed) by runC, which is another plumbing project that went open sourced as a reference implementation of the Open Container Initiative runtime standard.

5. Docker Inc. will add more Docker Engine functionality to containerd so that containerd 1.0 will provide all the core primitives you need to manage containers with parity on Linux and Windows hosts.” These will be:

  • Introduction of Metrics API (Standard defined by Prometheus)
  • Distributed & Bundle Subsystem(in addition to Runtime Subsystem which we have today)
  • Additional Components like Content, Metadata & Snapshots.(in addition to Executor & Supervisor).
containerd_future                                                                                                                                                                                                                                Source: Docker Inc.

6. The containerd project will follow a community-defined release process that emphasizes quality over new features and will be branded separately from Docker.

7. containerd is a component that provides the industry with an open, stable and extensible base for building non-Docker products and container solutions.Leading cloud providers Alibaba Cloud, Amazon Web Service (AWS), Google, IBM and Microsoft have already committed to providing maintainers and contributors to the project.

Below figure depicts how other vendors can leverage containerd.

role_of_containerd                                                                                                                                                                                                                                 Source: Docker Inc.

For Example, Kubernetes today uses Docker directly. In a future version Kubernetes can implement container support in the Kubelet by implementing it’s Container Runtime Interface using containerd. Other examples could be of Mesos and other orchestration engines: can leverage containerd for core container runtime functionality as well.

8. Docker Future Architecture will look similar to what is shown below:

containerd_future                                                                                                                                                                                                Source: Docker Inc.

Various high-level components  like System Storage, System Distribution and System Networking will be further splitted as shown above. Example, Containerd is more focus on managing local network interface of per container on per-machine. System Networking will get splitted into Overlay and VXLAN while talking about containerd, GRPC API will be intelligent enough to control Host Storage, Host Distribution and Networking Interfaces/Management.

9. [This statement is still valid] – Docker is NOT a container runtime, Containerd Is.

It is important to note that Containerd doesn’t include Docker API, CLI, Compose & Build features. To say “Docker platform is a container runtime” is not true. The Docker platform isn’t a container runtime. It is in fact a set of integrated tools that allow you to build ship and run distributed applications. That means Docker handles networking, infrastructure, build, orchestration, authorization, security, and a variety of other services that cover the complete distributed application life-cycle.

10.This new announcement brings lots of benefits to end users -Due to containerd being underlying component, this will allow Docker to run on lot more vendor platform, Avoids fragmentation in the container ecosystem, Multi-Cloud Portability which is too HOT requirement from community users and lot more..

Upcoming Containerd Events/Reference:

 

Leave a Reply

Your email address will not be published. Required fields are marked *