containerd
Tags: kubernetes (k8s)
- “Container runtime”
- below docker and kube
- above runc, Kata, Firecracker, gVisor
- Extensible resource manager
- originally built up alongisde docker
- new interface for managing containers and images
- most memory efficient and stable
- most stuff flows through the core
- communicates with grpc
CRI
- Two grpc services
- image and runtime
- responsible for defining the pod and all cgroups
- invokes CNI after the first container is created
Resource management
- current
- CPU manager in kubelet
- strange, difficult to use
- NRI
- kubelet abstraction is too blurry
- hook into container lifecycle is the correct way
- dynamic topology and cpu pinning with NRI
Runtime
- Starts up new runtime shims
- OCI runtime shims
- runc/kata/Firecracker
- OCI runtime shims
Plugin System
- OCI spec outlines how to run a unpacked filesystem bundle
- tar/gzip + overlayFS + runC
- containerd makes external plugins as backend
Generic image layer support
- OCI image layer described the media type
ShimV2 for runtime implementation
- First class shim API
Arch
- Shim has the most state
- API and client have the least state
- 1.4 is the most recent release