a4fadc596b
Now that we have most of the services required for use with containerd, it was found that common patterns were used throughout services. By defining a central `errdefs` package, we ensure that services will map errors to and from grpc consistently and cleanly. One can decorate an error with as much context as necessary, using `pkg/errors` and still have the error mapped correctly via grpc. We make a few sacrifices. At this point, the common errors we use across the repository all map directly to grpc error codes. While this seems positively crazy, it actually works out quite well. The error conditions that were specific weren't super necessary and the ones that were necessary now simply have better context information. We lose the ability to add new codes, but this constraint may not be a bad thing. Effectively, as long as one uses the errors defined in `errdefs`, the error class will be mapped correctly across the grpc boundary and everything will be good. If you don't use those definitions, the error maps to "unknown" and the error message is preserved. Signed-off-by: Stephen J Day <stephen.day@docker.com> |
||
|---|---|---|
| api | ||
| archive | ||
| cmd | ||
| containers | ||
| content | ||
| design | ||
| differ | ||
| docs | ||
| errdefs | ||
| events | ||
| filters | ||
| fs | ||
| gc | ||
| identifiers | ||
| images | ||
| linux | ||
| log | ||
| metadata | ||
| metrics/cgroups | ||
| mount | ||
| namespaces | ||
| oci | ||
| plugin | ||
| progress | ||
| reaper | ||
| reference | ||
| remotes | ||
| reports | ||
| rootfs | ||
| server | ||
| services | ||
| snapshot | ||
| sys | ||
| testutil | ||
| vendor | ||
| version | ||
| windows | ||
| .gitignore | ||
| .travis.yml | ||
| benchmark_test.go | ||
| BUILDING.md | ||
| checkpoint_test.go | ||
| client_test.go | ||
| client_unix.go | ||
| client_windows.go | ||
| client.go | ||
| code-of-conduct.md | ||
| container_test.go | ||
| container_unix.go | ||
| container.go | ||
| containerd.service | ||
| CONTRIBUTING.md | ||
| grpc.go | ||
| image.go | ||
| io_unix.go | ||
| io_windows.go | ||
| io.go | ||
| LICENSE.code | ||
| LICENSE.docs | ||
| MAINTAINERS | ||
| Makefile | ||
| NOTICE | ||
| process.go | ||
| README.md | ||
| ROADMAP.md | ||
| RUNC.md | ||
| SCOPE.md | ||
| spec_unix_test.go | ||
| spec_unix.go | ||
| spec_windows.go | ||
| spec.go | ||
| task.go | ||
| vendor.conf | ||
containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.
containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users.
Features
Client
containerd offers a full client package to help you integrate containerd into your platform.
import "github.com/containerd/containerd"
func main() {
client, err := containerd.New("/run/containerd/containerd.sock")
defer client.Close()
}
Namespaces
Namespaces allow multiple consumers to use the same containerd without conflicting with each other. It has the benefit of sharing content but still having separation with containers and images.
To set a namespace for requests to the API:
context = context.Background()
// create a context for docker
docker = namespaces.WithNamespace(context, "docker")
containerd, err := client.NewContainer(docker, "id")
To set a default namespace on the client:
client, err := containerd.New(address, containerd.WithDefaultNamespace("docker"))
Distribution
// pull an image
image, err := client.Pull(context, "docker.io/library/redis:latest")
// push an image
err := client.Push(context, "docker.io/library/redis:latest", image.Target())
OCI Runtime Specification
containerd fully supports the OCI runtime specification for running containers. We have built in functions to help you generate runtime specifications based on images as well as custom parameters.
spec, err := containerd.GenerateSpec(containerd.WithImageConfig(context, image))
Containers
In containerd, a container is a metadata object. Resources such as an OCI runtime specification, image, root filesystem, and other metadata can be attached to a container.
redis, err := client.NewContainer(context, "redis-master",
containerd.WithSpec(spec),
)
defer redis.Delete(context)
Root Filesystems
containerd allows you to use overlay or snapshot filesystems with your containers. It comes with builtin support for overlayfs and btrfs.
// pull an image and unpack it into the configured snapshotter
image, err := client.Pull(context, "docker.io/library/redis:latest", containerd.WithPullUnpack)
// allocate a new RW root filesystem for a container based on the image
redis, err := client.NewContainer(context, "redis-master",
containerd.WithSpec(spec),
containerd.WithNewRootFS("redis-rootfs", image),
)
// use a readonly filesystem with multiple containers
for i := 0; i < 10; i++ {
id := fmt.Sprintf("id-%s", i)
container, err := client.NewContainer(ctx, id,
containerd.WithSpec(spec),
containerd.WithNewReadonlyRootFS(id, image),
)
}
Tasks
Taking a container object and turning it into a runnable process on a system is done by creating a new Task from the container. A task represents the runnable object within containerd.
// create a new task
task, err := redis.NewTask(context, containerd.Stdio)
defer task.Delete(context)
// the task is now running and has a pid that can be use to setup networking
// or other runtime settings outside of containerd
pid := task.Pid()
// start the redis-server process inside the container
err := task.Start(context)
// wait for the task to exit and get the exit status
status, err := task.Wait(context)
Checkpoint and Restore
If you have criu installed on your machine you can checkpoint and restore containers and their tasks. This allow you to clone and/or live migrate containers to other machines.
// checkpoint the task then push it to a registry
checkpoint, err := task.Checkpoint(context, containerd.WithExit)
err := client.Push(context, "myregistry/checkpoints/redis:master", checkpoint)
// on a new machine pull the checkpoint and restore the redis container
image, err := client.Pull(context, "myregistry/checkpoints/redis:master")
checkpoint := image.Target()
redis, err = client.NewContainer(context, "redis-master", containerd.WithCheckpoint(checkpoint, "redis-rootfs"))
defer container.Delete(context)
task, err = redis.NewTask(context, containerd.Stdio, containerd.WithTaskCheckpoint(checkpoint))
defer task.Delete(context)
err := task.Start(context)
Developer Quick-Start
To build the daemon and ctr simple test client, the following build system dependencies are required:
- Go 1.8.x or above (requires 1.8 due to use of golang plugin(s))
- Protoc 3.x compiler and headers (download at the Google protobuf releases page)
- Btrfs headers and libraries for your distribution. Note that building the btrfs driver can be disabled via build tag removing this dependency.
For proper results, install the protoc release into /usr/local on your build system. For example, the following commands will download and install the 3.1.0 release for a 64-bit Linux host:
$ wget -c https://github.com/google/protobuf/releases/download/v3.1.0/protoc-3.1.0-linux-x86_64.zip
$ sudo unzip protoc-3.1.0-linux-x86_64.zip -d /usr/local
With the required dependencies installed, the Makefile target named binaries will compile the ctr and containerd binaries and place them in the bin/ directory. Using sudo make install will place the binaries in /usr/local/bin. When making any changes to the gRPC API, make generate will use the installed protoc compiler to regenerate the API generated code packages.
Note
: A build tag is currently available to disable building the btrfs snapshot driver. Adding
BUILDTAGS=no_btrfsto your environment before calling the binaries Makefile target will disable the btrfs driver within the containerd Go build.
Vendoring of external imports uses the vndr tool which uses a simple config file, vendor.conf, to provide the URL and version or hash details for each vendored import. After modifying vendor.conf run the vndr tool to update the vendor/ directory contents. Combining the vendor.conf update with the changeset in vendor/ after running vndr should become a single commit for a PR which relies on vendored updates.
Please refer to RUNC.md for the currently supported version of runc that is used by containerd.
Releases
containerd will be released with a 1.0 when feature complete and this version will be supported for 1 year with security and bug fixes applied and released.
The upgrade path for containerd is that the 0.0.x patch releases are always backward compatible with its major and minor version. Minor (0.x.0) version will always be compatible with the previous minor release. i.e. 1.2.0 is backwards compatible with 1.1.0 and 1.1.0 is compatible with 1.0.0. There is no compatibility guarantees with upgrades from two minor releases. i.e. 1.0.0 to 1.2.0.
There are not backwards compatibility guarantees with upgrades to major versions. i.e 1.0.0 to 2.0.0. Each major version will be supported for 1 year with bug fixes and security patches.
Development reports.
Weekly summary on the progress and what is being worked on. https://github.com/containerd/containerd/tree/master/reports
Communication
For async communication and long running discussions please use issues and pull requests on the github repo. This will be the best place to discuss design and implementation.
For sync communication we have a community slack with a #containerd channel that everyone is welcome to join and chat about development.
Slack: https://dockr.ly/community
Copyright and license
Copyright ©2016-2017 Docker, Inc. All rights reserved, except as follows. Code is released under the Apache 2.0 license. The README.md file, and files in the "docs" folder are licensed under the Creative Commons Attribution 4.0 International License under the terms and conditions set forth in the file "LICENSE.docs". You may obtain a duplicate copy of the same license, titled CC-BY-SA-4.0, at http://creativecommons.org/licenses/by/4.0/.