Container runtime is the software that is responsible for running containers.To understand better,lets look at typical Kubernetes cluster,its comprised of a master node and a set of slave nodes.
The Kubernetes master includes following main components:
- API server exposes four APIs; Kubernetes API, Extensions API, Autoscaling API, and Batch API. These are used for communicating with the Kubernetes cluster and executing container cluster operations.
- etcd is a key/value store. Kubernetes uses that as the persistence storage of all of its API objects.
- Scheduler’s responsibility is to monitor the resource usage of each node and scheduling containers according to resource availability.
- Controller manager monitors the current state of the applications deployed on Kubernetes via the API server and makes sure that it meets the desired state.
In each Kubernetes node following components are available:
- Kubelet is the agent that runs on each node. It makes use of the pod specification for creating containers and managing them.
- Kube-proxy runs in each node for load balancing pods. It uses iptable rules for doing simple TCP, UDP stream forwarding or round robin TCP, UDP forwarding.
- Container runtime is software that executes containers and manages container images on a node.
By default Docker is the container runtime but Kubernetes provides support for multiple container runtimes. The Open Container Initiative (OCI) is a Linux foundation effort to create a truly portable software container.To standardize container formats and runtimes, OCI published the runtime-spec as a standard for container runtimes.
In this article,lets look at some of alternative container runtime.
#1.cri / containerd plugin
containerd is an industry-standard container runtime. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system i.e., image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.
cri is a containerd plugin implementation of Kubernetes container runtime interface (CRI).
- Image push and pull support
- Network primitives for creation, modification, and deletion of interfaces
- OCI Runtime Spec support (aka runC)
- OCI Image Spec support
- Multi-tenant supported with CAS storage for global images
- Management of network namespaces containers to join existing namespaces
Checkout Containerd getting started guide for more information about how to set up and using it.
rkt is CLI tool written in go to run a container in linux.rkt is designed to be secure, composable, and standards-based.
To set rkt as container runtime,set it at the kubelet level. The kubelet is the agent that runs on each machine to manage containers. The kubelet provides following option to set rkt as the container runtime:
--container-runtime=rkt Sets the node’s container runtime to rkt.
- Pod-native: rkt’s basic unit of execution is a pod, linking together resources and user applications in a self-contained environment.
- Security: rkt is developed with a principle of “secure-by-default”, and includes a number of important security features.
- Composability: rkt is designed for first-class integration with init systems (like systemd, upstart) and cluster orchestration tools.
- Open standards and compatibility: rkt implements the appc specification, supports the Container Networking Interface specification, and can run Docker images and OCI images.
Checkout rktnetes getting started guide for more information about setting up and using a rktnetes.
Frakti is hypervisor-based container runtime for Kubernetes.We can run pods and containers directly inside hypervisors via runV. It is light weight and portable.
To configure Frakti as container runtime,its endpoint should be configured while starting kubelet.
Checkout quick start for more information about setting up and using a Frakti.
In this post,we have looked at alternative container runtimes.Do check out OCI Runtime specification,Image specification to learn more about Open Container initiative.
Like this post? Don’t forget to share it!