Kubernetes - Docker, CRI-O, Podman, RunC

 Kubernetes - Docker, CRI-O, Podman, RunC 

 3-31-2021

Today's topic:- CRI-O/ Podman

- Understand internals about container technology.
- Create your own container

why docker is fast?
- why docker is depcriciated from k8s engine?
- why k8s want to use CRI-O?
- Why redhat is giving podman free?

At the end of the day: create your own docker project.

LAB Setup
------------
You can use your local machines but to save time, you can use cloud env as well.

Go to aws and create 2 instances
- AMAzon linux
tag
Name: cri-o

Note: Openshift and k8s both by default use CRI-O.

when you run any container from docker, you need two things
Docker -> Container

1. Container Image (Docker image)
2. Run time program (RunC)

does docker actually launch the container?
No, docker just sends instruction that I want to launch the container.
Program actually laucn the container.
The program is container runtime
(- start/restart/remove container )

docker actually helps you to connect to this program.

RunC is the program (Software)
docker sends instruction to RunC and RunC

Docker -> sends -> instruction (code) -> to RunC -> Reads the doc -> and -> Launch the container

the document is spec file.
spec is a file we define what we need on the container.

# docker info

you will see Default_Runtime = Runc

when you run any command, it runs for certain time,
prcess starts, does the job, process completes, program terminates.

like that, container also runs like that.

1. Docker is like a process, thats why its fast.

# date
# docker images | grep centos

# docker run -it --name os1 centos

you are login to docker and it has its own ip filesystem and all.
almost all we need within os can be found.

it looks like an independent system.

# yum imstall net-tools -y

To exit off the bash, type exit at the prompt


@host
# ps -aux | grep bash
# docker history centos

2.

When you launch a container, it looks like a entire OS.

when you launch a process, it has personal namespace.
it has its own process, user, storage, network namespace.
whatever process needed, it will have its own namespace.
this total env looks like a base OS.
- bash

- it has its own root user
- its own process not related to base os
- Network, storage and user processes.

whatever contant we need, we have it inside this thats why we called container

@hostos

#
# docker inspect os101 | grep -i pid

docker send special instruction with config file to RunC to launch a container.
Config file contains,
what command to run: bash
what namespace: network
....

filessytem (storae)
process tree,
hostname
user

RunC has capability of creating / (mount)

@ conainter run
# ls tab for other commands

you see all os content at /
- this info comes from the image.
- You have to bundle everything inside the image.


# docker --help
review the commands

# docker ps

docker is running with server program called containerd server program.

Containerd server program contacts the Runc.

# ps aux | grep containerd

There is one program running.

Go to your os instance @aws
# ec2user@ip-addr



# yum install runc

runc is use to install containers
# docker
# crio
noth program not running

Run the command,
# runc list

lets create a specification file

# mkdir /ws1; cd ws1
# runc spec
config.jason

this file contains everything.
review this file,
using this file, it creates a process will create
- terminal
- user (root)
- sh (shell)
- capabilities
- hostname
- mounts
- shared mem
- cgroups,
- namespace (pid, network, mount)

this file is used by runc
what type of container we need to have, will define in this file.

Runc will not provide image.

image contains filesystems, commands. so you need os image.

process need program, that program need to be executable.

in c.c++, go languages, there are program as
- static link programming
- dynamic link programming

lets create a simple program called 'hello World'

# vi lw.go
package main

import "os"
impor "fmt"
func main() {
    fmt.Println(os.Hostname())
}

compile the code
# go build -o lw.go

if not isntalled, install it
# yum install go

this program has its own resource, not the shared resource

# go build -o lw
# ./lw

# mkdir rootfs
# mv lw roofs

$ lsns    # namespace

lets create a conainter with this program

# runc create myc1


you can change the termial= false on jason file

# runc list


# nsenter (to enter any of the namespaces)

# list namespace
# lsns
what namespace you want to go, copy the ip
# nsenter -t -n 12345
@base os type,
# nsenter -u -n -t 16876
you are on container
# hostname
# ifconfig
# exit

this is the contianer we just created.

to see internal command output

# runc start myc1

# runc --help (-h)
start/list/stop //