docker run vs. kubectl apply

Márk Sági-Kazár


2022-10-27 @ Let’s Code meetup

Hello!

Márk Sági-Kazár

SRE Tech Lead @ Cisco



@sagikazarmark

https://sagikazarmark.hu

hello@sagikazarmark.hu

Agenda

  • Containers
  • Docker
  • Kubernetes
  • Summary

Containers

What is a container?

  • Isolated Linux process (well…usually)
  • ”Virtualized OS”
    • Filesystem
    • Network
    • etc

Container components

  • Root filesystem (container image)
  • Command (+argumants)
  • Environment variables
  • etc

Advantages of containers

  • Run applications in isolation
  • Package applications into portable bundles

OCI: Open Container Initiative

OCI specs

  • Runtime
  • Image (“Docker image”)
  • Distribution (“Docker registry”)

https://specs.opencontainers.org

OCI Runtime

  • Bundle
    • Root FS
    • Config (command, limits, mounts, etc)
  • Runtime starts the container 1



Container runtime: runc

  • OCI-compatible runtime (ref. implementation)
  • Extracted from Docker
  • Single executable
  • Launches containers as isolated Linux processes

Other OCI runtimes

  • crun (written in C, can be used as a lib)
  • runsc (user-space implementation)

Container management

  • OCI runtime: low-level (manages one container)
  • Need a „high-level” runtime to
    • Manage multiple containers
    • Manage container images
    • Manage cross-container networking
    • etc

Container runtime: containerd

  • Extracted from Docker
  • Used runc as the low-level OCI-runtime (in the past)
  • Pluggable low-level runtimes through shims
  • Available shims: runc, firecracker, etc

Container runtime: cri-o

  • Kubernetes-centric container runtime
  • Integrates OCI-runtimes
  • Implements CRI: Container Runtime Interface

CRI: Container Runtime Interface

  • gRPC API for managing containers
  • Runtimes: containerd, cri-o
  • Remember dockershim?

Container runtime???

  • Low-level: OCI-runtime
  • High-level
    • Container „manager” / „engine”
    • Interacts with low-level runtimes

Docker

Docker environments

  • Docker Engine
  • Docker Swarm
  • Docker Desktop

Kubernetes

Pods vs containers

  • Smallest deployable unit
  • One or more containers
  • Shared storage and networking
  • Scaling unit
apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
    - name: nginx
      image: nginx:1.14.2
      ports:
        - containerPort: 8

Kubernetes API server

  • Control plane frontend
  • Stores desired state
  • Tracks actual state

Scheduler

  • Finds the best Node to run the Pod on
  • Scheduling operation:
    • Filtering
    • Scoring

Kubelet

  • Node agent
  • Gets the list of Pods from the API server
  • Ensures that the containers in Pods are running and healthy

CRI: Container Runtime Interface

  • gRPC API for managing containers
  • Runtimes: containerd, cri-o
  • Remember dockershim?

Summary

Differences

  • Docker: manage containers directly (well…usually)
  • Kube: configure desired state, Kubernetes „makes it happen”


  • Docker: containerd+runc
  • Kube: CRI

Similarities

  • Generally both uses OCI
  • Containerd is the most common runtime

The End

Any questions?



@sagikazarmark

https://sagikazarmark.hu

hello@sagikazarmark.hu

Read more

https://iximiuz.com/en/posts/journey-from-containerization-to-orchestration-and-beyond/

https://mkdev.me/posts/dockerless-part-1-which-tools-to-replace-docker-with-and-why

https://iximiuz.com/en/posts/implementing-container-runtime-shim/

https://twitter.com/iximiuz/status/1433694551940681754

https://kubernetes.io/blog/2016/12/container-runtime-interface-cri-in-kubernetes/

https://unit42.paloaltonetworks.com/making-containers-more-isolated-an-overview-of-sandboxed-container-technologies/