Containerd Brings More Container Runtime Options for Kubernetes

Authors: Lantao Liu (Google), and Mike Brown (IBM)

Update: Kubernetes support for Docker via dockershim is now deprecated. For more information, read the deprecation notice. You can also discuss the deprecation via a dedicated .

A container runtime is software that executes containers and manages container images on a node. Today, the most widely known container runtime is

Kubernetes 1.5 introduced an internal plugin API named

Over the past 6 months, engineers from Google, Docker, IBM, ZTE, and ZJU have worked to implement CRI for containerd. The project is called

containerd

Containerd has a much smaller scope than Docker, provides a golang client API, and is more focused on being embeddable.The smaller scope results in a smaller codebase that’s easier to maintain and support over time, matching Kubernetes requirements as shown in the following table:

	Containerd Scope (In/Out)	Kubernetes Requirement
Container Lifecycle Management	In	Container Create/Start/Stop/Delete/List/Inspect (✔️)
Image Management	In	Pull/List/Inspect (✔️)
Networking	Out No concrete network solution. User can setup network namespace and put containers into it.	Kubernetes networking deals with pods, rather than containers, so container runtimes should not provide complex networking solutions that don't satisfy requirements. (✔️)
Volumes	Out, No volume management. User can setup host path, and mount it into container.	Kubernetes manages volumes. Container runtimes should not provide internal volume management that may conflict with Kubernetes. (✔️)
Persistent Container Logging	Out, No persistent container log. Container STDIO is provided as FIFOs, which can be redirected/decorated as is required.	Kubernetes has specific requirements for persistent container logs, such as format and path etc. Container runtimes should not  persist an unmanageable container log. (✔️)
Metrics	In Containerd provides container and snapshot metrics as part of the API.	Kubernetes expects container runtime to provide container metrics (CPU, Memory, writable layer size, etc.) and image filesystem usage (disk, inode usage, etc.). (✔️)
Overall, from a technical perspective, containerd is a very good alternative container runtime for Kubernetes.

cri-containerd

Compared with the current Docker CRI implementation (

Architecture

Cri-containerd uses containerd to manage the full container lifecycle and all container images. As also shown below, cri-containerd manages pod networking via

Let’s use an example to demonstrate how cri-containerd works for the case when Kubelet creates a single-container pod:

1. Kubelet calls cri-containerd, via the CRI runtime service API, to create a pod;
2. cri-containerd uses containerd to create and start a special
3. cri-containerd configures the pod’s network namespace using CNI;
4. Kubelet subsequently calls cri-containerd, via the CRI image service API, to pull the application container image;
5. cri-containerd further uses containerd to pull the image if the image is not present on the node;
6. Kubelet then calls cri-containerd, via the CRI runtime service API, to create and start the application container inside the pod using the pulled container image;
7. cri-containerd finally calls containerd to create the application container, put it inside the pod’s cgroups and namespace, then to start the pod’s new application container. After these steps, a pod and its corresponding application container is created and running.

Status

Cri-containerd v1.0.0-alpha.0 was released on Sep. 25, 2017.

It is feature complete. All Kubernetes features are supported.

All

All regular

To learn more about the v1.0.0-alpha.0 release, see the .

Try it Out

For a multi-node cluster installer and bring up steps using ansible and kubeadm, see .

For creating a cluster from scratch on Google Cloud, see .

For a custom installation from release tarball, see .

For a installation with LinuxKit on a local VM, see .

Next Steps

We are focused on stability and usability improvements as our next steps.

• Stability:

  • Set up a full set of Kubernetes integration test in the Kubernetes test infrastructure on various OS distros such as Ubuntu, COS (
  • Actively fix any test failures and other issues reported by users.

• Usability:

  • Improve the user experience of
  • Integrate cri-containerd with kube-up.sh, to help users bring up a production quality Kubernetes cluster using cri-containerd and containerd.
  • Improve our documentation for users and admins alike.

We plan to release our v1.0.0-beta.0 by the end of 2017.

Contribute

Cri-containerd is a Kubernetes incubator project located at

Community

Cri-containerd is developed and maintained by the Kubernetes SIG-Node community. We’d love to hear feedback from you. To join the community:

• Slack: #sig-node channel in Kubernetes (kubernetes.slack.com)
• Mailing List:

• ←Previous
Next→