Runc on scratch

C is a better fit for tools like an OCI runtime

Mon, 23 Oct 2017 21:21:19 +0000

I’ve spent some of the last weeks working on a replacement for runC, the most used/known OCI runtime for running containers. It might not be very well known, but it is a key component for running containers. Every Docker container ultimately runs through runC. The OCI runtime is the thin layer between the container engine and the kernel: it reads a JSON configuration file, creates the necessary namespaces and cgroups, sets up mounts and capabilities, and finally execs the container process. Because it runs for such a short time and its workload is almost entirely syscalls, the implementation language matters for startup latency.

System containers presentation

Mon, 30 Jan 2017 18:41:37 +0000

Here are the slides for the Atomic System Containers talk I gave at Devconf.cz 2017. System containers are a way to run infrastructure services — such as etcd and Flannel — outside of Docker, managed directly by runc and systemd, which removes the circular dependency that arises when a container runtime depends on components that must themselves be running inside containers.

http://scrivano.org/static/system-containers-demo/

If you are interested in the video, it is on YouTube:

System containers for Atomic

Thu, 24 Mar 2016 15:41:50 +0000

The main reason behind system containers was the inability to run Flannel in a Docker container as Flannel is required by Docker itself. CoreOS solved this chicken and egg problem by using another instance of Docker (called early-docker) that is used to setup only Etcd and Flannel. Atomic system containers take a different approach: instead of a second Docker daemon, they are managed directly by runc and systemd, so the dependency on Docker is removed entirely and the chicken-and-egg problem simply does not arise.

Runc on *scratch*

C is a better fit for tools like an OCI runtime

System containers presentation

System containers for Atomic

Runc on scratch