![Page 1: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/1.jpg)
OCI-compatible haconiwa
─ hurdles and advantages ─2019-04-12
RejectKaigi 2019 @ pixiv Inc
Yusuke Nakamura (unasuke)
![Page 2: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/2.jpg)
about meYusuke Nakamura (also known as “unasuke”)
Employee of BANK Inc
Develop Rails application, manage Infrastructure https://cash.jp/
RubyKaigi 2019 helper
GitHub @unasuke
Twitter @yu_suke1994
Mastodon @[email protected]
![Page 3: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/3.jpg)
introductionFirst, to clearly where we stand.
![Page 4: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/4.jpg)
Your perception of containersAre you use container?
In production env? or(and) development env?
Use Docker? or the other one?
Orchestrate by ECS? or GKE? or on-premises?
![Page 5: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/5.jpg)
We use Docker mostlyde facto standard of a Linux container
Easy installation
for Mac, for Windows…
The first famous Linux container inplementation
![Page 6: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/6.jpg)
“Container” is not equal “Docker”Before Docker
LXC (Linux)
Jail (FreeBSD)
etc…
After Docker
cri-o
Kata Container
etc…
![Page 7: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/7.jpg)
What’s haconiwaThe Linux contianer runtime written by C and mruby
https://speakerdeck.com/udzura/the-alternative-container?slide=11
OCIのspecを必ずしも満たすことは想定していない
Independent from “Container” world
“Container” means OCI
![Page 8: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/8.jpg)
What’s OCIThe initialism of “Open Container Initiative”
https://www.opencontainers.org/
OCI specs
Image spec
specifitation of the container image format
Runtime spec
specification of the container runtime interface
![Page 9: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/9.jpg)
CRI and Kubernetes world
kubelet uses Container-Runtime-Interface(CRI) to communicate to container runtime
The kubelet is the primary “node agent” that runs on each node.
![Page 10: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/10.jpg)
Diff of OCI/CRI compatible means…CRI compatible
usable as backend of kubelet
OCI compatible
Exchangeable image and runtime
easy → CRI compatible → OCI compatible → hard
![Page 11: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/11.jpg)
Why CRI-compatible?haconiwa is just run container. Doesn’t orchestrate.
Pros
Orchestration by Kubernetes
Cons
Cannot use haconiwa-specific functions (hook)
maybe…
![Page 12: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/12.jpg)
Why OCI-compatible?Pros
possible to share the existing assets
hub.docker.com
Cons
Cannot use haconiwa-specific functions (hook)
https://github.com/haconiwa/haconiwa/blob/master/sample/hooks.haco
maybe…
![Page 13: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/13.jpg)
hurdles and advantageshurdles
it’s hard to comply with the standard
advantages
more users
wealth of existing assets
![Page 14: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/14.jpg)
How to implement CRIhttps://github.com/kubernetes/kubernetes/blob/release-1.14/pkg/kubelet/apis/cri/runtime/v1alpha2/api.proto
Protocol Buffer
RuntimeService
ImageService
and many messages
middleware?
![Page 15: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/15.jpg)
CRI interface and haconiwashould start process to respond rpc
currently, haconiwa is just a command not service(or daemon)
should implement rpc response interface
![Page 16: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/16.jpg)
OCI specification and haconiwaimage spec
should import/export OCI image
https://blog.unasuke.com/2018/read-oci-image-spec-v101/
runtime spec
https://udzura.hatenablog.jp/entry/2016/08/02/155913
![Page 17: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/17.jpg)
conclusionmore resources, more users in OCI/CRI world
but…
compliant to CRI is hard
compliant to OCI is harder than CRI
![Page 18: OCI-compatible haconiwa · OCI-compatible haconiwa ─ hurdles and advantages ─ 2019-04-12 RejectKaigi 2019 @ pixiv Inc Yusuke Nakamura (unasuke)](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f8825a6eb2452472966954d/html5/thumbnails/18.jpg)
conclusion
https://twitter.com/yu_suke1994/status/1068355444928741376