Share this page!

Ivan Velichko Profile picture
Twitter logo
18 Dec, 14 tweets, 3 min read
Kubernetes is deprecating Docker as a container runtime after v1.20. But nobody cares. Why? Because images built with Docker will keep working on Kubernetes.
So does images created with Podman and most of the other build tools around. Why? Because of the great standardization effort called OCI!

opencontainers.org
OCI contains two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec).
But there is no such thing as Container Specification! I.e no one tells you what a standard container should look like. Only what a tool running containers should look like - the runtime.
There is a dominating OCI-compliant container runtime called runc. It used to be a part of Docker, but it's a standalone tool and project now. Containers created via runc are based on Linux namespaces and cgroups.
There is an alternative but similar runtime called crun. Same thing, but written in C.
However, there is also a gVisor project with a tool called runsc which also an OCI-compliant runtime. And a user-space Linux kernel implementation at the same time! Mind-blowing.
But there is more! Kata containers project offers an OCI-compliant runtime that is Hypervisor-based! I.e Kata containers are rather traditional (well, probably more lightweight) virtual machines!
By the way, the main difference between containers and VMs was supposed to be a virtualization layer. VMs provide hardware virtualization. Containers - operating system virtualization. But Kata containers are VMs. Wait, what?! 🤯
Getting back to the benefits of standardization. Kubernetes defines its own standard of container runtime - Container Runtime Interface (CRI). It's more high-level thingy than OCI runtime-spec. It also introduces the concept of Pod.

github.com/kubernetes/cri…
Kubelet (a Kubernetes node agent) can work with any CRI-compliant runtime. Containerd - is a CRI-compliant runtime. CRI-O is a CRI-compliant runtime. Docker is not. At least for now.
Both Containerd and CRI-O (theoretically) can operate any OCI-compliant runtime under the hood. Hence, kubelet -> CRI-O -> Kata runtime is a totally viable setup making VM-based Pods a reality. Standardization rules!
Well-known OCI-runtime implementations:

github.com/opencontainers…
Well-known Linux containers implementations:

en.wikipedia.org/wiki/List_of_L…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ivan Velichko

Ivan Velichko Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @iximiuz

Ivan Velichko Profile picture
20 Dec
The great rise of cloud-native projects (thread).

Microservices don't solve any technical problems. Instead, microservices are trying to solve org challenges.

...by turning org problems into new tech challenges.
In accordance with the complexity conservation law, microservice architectures should be bringing a lot of new problems yet to be solved.

ferd.ca/complexity-has…
Thesis: the goal of the majority of the CNCF projects is to solve those technical problems originated by the microservice transition.

landscape.cncf.io
Read 9 tweets
Ivan Velichko Profile picture
19 Dec
Kubernetes is a Distributed Operating System (thread):

1. One of the primary goals of a traditional operating system (e.g Linux) is to share a machine's resources between apps. While "Kubernetes is all about sharing machines between applications."
2. An operating system gives you a handy way to launch your apps. So does Kubernetes.
3. An operating system gives you a handy way to install apps. So does Kubernetes (through raw YAML or a package manager like Helm).
Read 5 tweets
Ivan Velichko Profile picture
12 Dec
One of the Kubernetes superpowers is how it tackles the networking problem. Here is my approach to gaining a comprehensive understanding of the topic.

1. Learn the super-simple Kubernetes Network Model: much like VMs, every Pod gets its own IP address.

kubernetes.io/docs/concepts/…
2. Learn that achieving simplicity is hard:

2.1. Networking on a single Node. How containers communicate within a Pod, how Pods talk to each other within a Node. Long story short, it's all about Linux namespaces and network virtualization capabilities.

iximiuz.com/en/posts/conta…
2.2. Cross-node Pod-to-Pod networking. Kubernetes demands that every Pod should get its own IP. But it doesn't say how. Makes sense actually, because it's highly infra-specific. Use a plugin like Flannel or Calico instead. Keyword - overlay networks.

kubernetes.io/docs/concepts/…
Read 18 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @iximiuz has new unrolls!

Check out other threads from @iximiuz!

Read all threads by @iximiuz