►
Description
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Graduated Project Lightning Talk: containerd Project Update - Derek McGowan
Come to this Lightning Talk to meet containerd's new sub projects.
A
Hello,
welcome
to
the
container
d
sub
project
lightning
talk
today,
we're
going
to
give
a
brief
overview
of
containerd's
subprojects.
We
will
quickly
go
over
the
different
projects
and
what
it
takes
to
become
a
container
d
sub
project.
We
will
also
have
a
demo
of
kennedy's
latest
subproject
called
nerd,
ctl
or
nerd
cuddle.
If
you
prefer.
A
First,
though,
let's
briefly
go
over
what
continuity
is
and
what
its
architecture
looks
like
container
d
is
a
container
runtime
designed
to
be
simple,
stable
and
easily
customized,
using
plugins.
Think
of
it
more
as
a
resource
manager
for
everything
related
to
containers,
whether
that
is
container
file
systems
or
the
container
execution
environment
continuity
keeps
track
of
it.
Architecturally
continuity
is
divided
into
simple
components
and
accessed
via
grpc
apis.
It
communicates
with
lower
level
container
runtimes,
which
do
the
actual
container
execution
via
grpc,
like
protocol
called
ttrpc.
A
A
The
client
can
directly
use
containerities
components
to
implement
whatever
it
needs
which
allows
it
to
do
things
like
building
or
distributing
images
any
way
at
once.
This
leads
to
the
first
sub-project
image.
Crypt.
This
tool
in
library
makes
use
of
continuity's
extension
points
to
support
encrypted
containers.
A
It
contains
a
command
to
encrypt
and
decrypt
images
from
a
client.
It
also
has
a
stream
processor
which
allows
container
to
e
to
decrypt
images
during
the
unpack
phase
of
a
poll.
This
can
be
enabled
by
configuring,
a
stream
processor
plugin
in
container
d,
which
is
configured
to
handle
specific
media
types
and
images.
In
this
case,
the
media
type
is
an
encrypted
tar
archive.
A
Next,
let's
take
a
look
at
the
star
gz
snapshotter.
This
snapshotter
enables
lazy,
pulling
of
any
image
which
has
layers
in
the
star
gz
format.
The
sarg
format
is
a
backwards,
compatible
form
of
a
gzip
tar,
but
with
an
extra
index
that
allows
retrieving
individual
files,
the
star
gc
snapshotter
utilizes,
this
design
to
quickly
start
a
container
before
all
the
file
system.
Content
is
locally
available.
A
A
We
also
have
the
rust
ttrpc
project.
This
is
a
rust
implementation
of
ttrpc,
which
enables
rust
container
runtimes
to
implement
container
dhm
api.
There's
a
lot
of
interest
in
multiple
projects
right
now
that
are
implementing
container
runtimes
in
rust.
This
library
enables
them
to
easily
utilize
them
in
container
d
in
the
most
efficient
way
possible.
Lastly,
I
want
to
discuss
nerd
cuddle
and
show
a
quick
demo.
Nerd
cuddle
is
the
latest
container
d
sub
project
and
aims
to
make
containity
more
accessible
to
end
users
and
developers.
A
It
provides
a
cli
experience,
familiar
to
docker
users
with
a
higher
level
functionality
than
implemented
in
container
dies
core.
This
includes
the
ability
to
create,
manage
images,
do
higher
level
container
management
and
even
support
for
compose
alright.
Let's
demo,
it
all
right
now,
let's
take
a
look
at
the
nerd
cuddle
command.
So
if
we
run
it
without
any
other
options,
you
can
see
what
commands
are
available.
So
you
have
run
you
have
exact.
You
have
build,
pull
push
everything
you
might
expect
if
you're
familiar
with
docker.
A
Now,
if
we
run
nerd
cuddle
info,
we
can
also
see
what
container
d
version
we're
running
so
we're
running
community
1.5,
the
rc2
we're
also
running
in
root
list
mode.
So
what
that
means?
If
we
take
a
look
at
our
c
groups
here,
container
d
is
actually
running
as
a
local
user
in
a
in
a
local
user
c
group.
A
It's
using
this
rootless
kit,
which
is
this
amazing
work-
that's
been
done
by
akihiro
to
enable
this
all
right.
Let's
look
at
what
images
we
have
available
so
right
now
we
don't
have
any
images.
So
let's
go
ahead
and
pull
alpine
you
can
see.
The
output
here
is
the
output
that
you
might
be
familiar
with
from
container
d,
not
necessarily
the
output
from
docker.
This
is
because
it's
using
container
d's
client
library
underneath
so
now,
let's
take
a
look
at
the
images
you
can
see.
A
A
We
can
go
over
and
see
what
processes
are
actually
running.
As
my
local
user
on
the
machine,
you
can
see
that
container
d,
as
well
as
the
container,
are
all
running
as
my
local
user.
Here
all
right.
Now,
let's
make
a
modification
inside
the
container.
Let's
write
hello
there
to
some
file.
It's
called
etsy
greetings.txt,
okay,
we're
gonna
exit
the
container.
A
So
what
commit
does
is
it
takes
the
changes
that
were
done
inside
of
your
container
and
it
creates
a
new
image
out
of
them
based
off
the
container
that
that
was
running
so
we're
going
to
run
commits
from
my
alpine,
I'm
going
to
call
it
the
mcgowan
alpine
modified
all
right,
so
that
created
a
new
image.
So
if
we
run
your
couple
images,
we
can
actually
see
that
image
there.
Now,
let's
output
that
image
to
the
file
system,
so
we're
going
to
save
it
into
a
modified.tar.
A
Okay,
so
if
we
take
a
look
at
that
file,
you
can
see
it's
a
normal
oci
image
archive.
We
have
all
the
blobs,
we
have
the
index.
We
can
take
a
look
at
that
index
as
well.
A
You
can
see
the
the
image
name
that
it
was
created
from.
We
can
also
see
we
can
see
within
the
manifest.
So
let's
take
a
look
at
manifest
as
well.
A
A
A
A
All
right
there
we
go
so
we
can
see
that
greetings.txt
that
was
created
so
there's
also
nerd
cuddle
build.
I
don't
have
build
kit
installed
right
now,
but
if
you
have
build
kit
set
up,
you
can
go
ahead
and
do
your
normal
building
container
building
that
you'd
expect.
If
you
were
using
docker,
build
right.
That's
all
for
the
demo,
if
you're,
building
a
project
which
uses
container
d
and
want
to
propose
it
as
a
sub
project,
please
reach
out
to
a
container
d.
Maintainer
sub
projects
can
be
run
independently
with
their
own
maintainers.