logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Maksym Pavlenko, Samuel Karp
2023-04-20

tldr - powered by Generative AI

Containerd is an open-source container runtime that provides a standard interface for managing container lifecycles and images across different platforms and operating systems.
  • Containerd is a CNCF project that provides a standard interface for managing container lifecycles and images across different platforms and operating systems.
  • It is designed to be lightweight and portable, with a focus on simplicity and modularity.
  • Containerd is used by many popular container platforms, including Docker, Kubernetes, and Amazon ECS.
  • It supports pluggable storage and networking, allowing users to customize their container environments.
  • Containerd is actively developed and maintained by a community of contributors from various organizations.
Authors: Ethan Lowman
2023-04-20

tldr - powered by Generative AI

Datadog's unique approach to image signing and verification at scale in a Kubernetes environment
  • Image signing and verification is crucial for securing the software supply chain and ensuring the integrity of container images
  • Datadog's engineering teams use a wide variety of languages and CI/CD configurations, constantly deploying images to tens of thousands of nodes across dozens of Kubernetes clusters, spanning multiple cloud providers and datacenters
  • To ease adoption and maintenance of image signing across heterogenous build environments, Datadog takes a service-oriented approach, encapsulating cryptographic complexity within a gRPC signing service
  • To verify image signatures at runtime, Datadog uses an image verification plugin system contributed upstream to containerd, instead of using Kubernetes admission controllers
  • Datadog's approach balances the need for fast developer feedback and better security properties
  • Datadog's approach improves performance and reliability by diverting most of the registry load to the read path and avoiding introducing new cluster-level dependencies
Authors: Krisztian Litkey, Mike Brown
2022-10-28

tldr - powered by Generative AI

The presentation discusses the use of NRI plugins in container and cryo configuration to simplify manual steps and reduce the chances of failure. The plugins provide a mechanism for unsolicited customizations and real-world examples of plugins are provided.
  • NRI plugins can simplify manual steps and reduce the chances of failure in container and cryo configuration
  • Plugins provide a mechanism for unsolicited customizations
  • Real-world examples of plugins are provided, including annotation-based device injection, CDI device injection, and OCI hook injection
Authors: Mike Brown, Phil Estes, Maksym Pavlenko, Michael Zappa
2022-10-26

After five years as a CNCF project, containerd is still actively growing in contributors and maintainers who are busy working on interesting features and capabilities in the core and non-core containerd projects. During this project update from maintainers you'll learn about the latest work in containerd, including our recent addition of sandboxes, a handful of CRI and CNI improvements, as well as various improvements to the architecture and services that drive containerd's use by other projects and platforms. Outside of the core containerd project, our "non-core" projects have grown in number, including several Rust-based projects, new snapshotter implementations, and the increasingly popular client-focused project, nerdctl. Come join us for a fast-paced update on all these areas and to ask your containerd questions with the handful of on-site containerd maintainers.
Authors: Akihiro Suda, Jan Dubois
2022-05-19

It has been very hard to use Mac for developing containerized apps. A typical way is to use Docker for Mac, but it is not FLOSS. Another option is to install Docker and/or Kubernetes into VirtualBox, often via minikube, but it doesn't propagate localhost ports, and VirtualBox also doesn't support the ARM architecture. This session will show how to run containerd and k3s on macOS, using Lima and Rancher Desktop. Lima wraps QEMU in a simple CLI, with neat features for container users, such as filesystem sharing and automatic localhost port forwarding, as well as DNS and proxy propagation for enterprise networks. Rancher Desktop wraps Lima with k3s integration and GUI.Click here to view captioning/translation in the MeetingPlay platform!
Authors: Anusha Ragunathan
2022-05-19

tldr - powered by Generative AI

The presentation discusses Intuit's migration from 'dockerd' to 'containerd' as the CRI runtime for their Kubernetes clusters, and the challenges they faced during the process.
  • Intuit had over 200 Kubernetes clusters with 20,000 nodes running 'dockerd' as the CRI runtime
  • The upcoming removal of dockerd from upstream Kubernetes prompted the migration to containerd
  • Lessons learned during the migration process, including issues with log management, SELinux, and GPU support
  • Rollout of containerd to production clusters and handling compatibility issues during cluster upgrades
  • Performance analysis showed that containerd had lower startup times and CPU consumption compared to dockerd
Authors: Phil Estes, Derek McGowan
2022-05-18

tldr - powered by Generative AI

Containerd is a stable and growing project that has seen increased usage due to the deprecation of dockershim in Kubernetes. The project has many exciting features in development, including the new sub-project nerdctl. The presentation provides an introduction and deep dive into containerd's architecture and configuration for Kubernetes users.
  • Containerd has seen tremendous growth in the last year, with increased usage due to the deprecation of dockershim in Kubernetes
  • Nerdctl is a new sub-project that has filled a crucial usability gap for operators and developers coming to containerd
  • Containerd's architecture is designed around using plugins, with a thin and lightweight shim layer that manages the container process
  • The transfer service is a new addition to containerd that handles image distribution and provides a better experience for clients
  • Documentation improvements are needed for the project, and contributions are welcome
Authors: Peter Hunt, Antti Kervinen
2021-10-15

tldr - powered by Generative AI

The presentation discusses the implementation of QoS (Quality of Service) in Kubernetes using block I/O classes and CPU manager policies to prioritize critical workloads.
  • QoS can be implemented in Kubernetes using block I/O classes and CPU manager policies
  • Block I/O classes can be used to prioritize workloads based on their importance
  • CPU manager policies can be used to assign specific CPU affinity to critical processes
  • Throttling can be used to limit resource contention and prioritize critical workloads
  • An anecdote is provided to illustrate the importance of prioritizing critical workloads
Authors: Mike Brown, Phil Estes, Derek McGowan, Maksym Pavlenko
2021-10-13

Join containerd maintainers for an introduction and deep dive into the latest updates on containerd. This last year has seen tremendous growth in both project usage and contribution. From end user CLI to low level runtime implementations, there have been exciting developments and proposals toward making containerd more stable and shaping the next generation of container use cases. The maintainers will go over internal changes to containerd which help make the core project interfaces cleaner and easier to integrate with from different components and plugins. For Kubernetes use cases, we will cover related changes happening in containerd including updates in the CRI implementation. Finally, the maintainers will cover exciting new features and sub-projects such as nerdctl, lazy-pulling (stargz), shim plugability, and more.