Talks

What's going on in the containerd neighborhood (KubeCon + CloudNativeCon North America 2024)

November 15, 2024 at 2:55 PM (Presented with Kirtana Ashok, Michael Brown, Phil Estes, and Akihiro Suda) - View in catalog
Our recent maintainer sessions have covered the soon-to-launch containerd v2.0. During this session led by maintainers we will give a brief update on 2.0, but will spend more time looking at the ecosystem around us. Why does containerd exist? What value does it bring to the overall cloud native world? How are other projects using it to build and extend containerd in useful ways? We’ll spend some time on containerd’s largest subproject, nerdctl, which also has an upcoming 2.0 release, and additionally catch the community up on activity in our Rust subproject ecosystem, the runwasi containerd shim, and lazy loading snapshotters. Since this is KubeCon, we’ll also provide an update on CRI changes and KEP-driven additions around NRI, DRA, and checkpoint/restore. Attendees will leave with a broad view of the larger containerd ecosystem of projects as well as key information on how to get involved if you are interested to help and contribute in any way to the “containerd neighborhood!”

What containerd 2.0 means for you (KubeCon + CloudNativeCon North America 2024)

November 15, 2024 at 11:55 AM - View in catalog
containerd 2.0 is the first major new version of containerd since 1.0.0 was released in 2017. This new version of containerd introduces new features, new extension points, and new backends for image operations and CRI with the goal of increased flexibility and better efficiency for certain types of workloads. containerd 2.0 also removes some previously-deprecated features in favor of modern replacements. This talk will discuss how to prepare for containerd 2.0 in your production environments, including strategies for incorporating containerd 2.0’s new functionality and detecting/remediating any impact of removed features prior to upgrading.

containerd: Project Update and Deep Dive (KubeCon + CloudNativeCon Europe 2023)

April 20, 2023 at 5:25 PM (Presented with Maksym Pavlenko) - View in catalog
Join containerd maintainers for an introduction and deep dive into the latest updates on containerd. For Kubernetes users, we will cover how to get started and configure containerd. We’ll then dive into the exciting work going on in the containerd ecosystem. In 1.7, exciting new experimental features like the Sandbox API bring the ability to better-model non-traditional runtime environments while the Transfer Service builds a new model of extensibility for image operations. 2.0 is around the corner, and will bring stability to the new features and form a strong base for long-term maintenance through the removal of deprecated functionality. The ecosystem is vibrant and expanding, with subprojects of containerd (nerdctl, wasm, some snapshotters) and as vendor- or community-driven projects for image streaming, developer experience, and new OS platforms. Rust has made its appearance in the containerd ecosystem too, with a new non-core library to build Rust-based shims.

Keeping your host operating system secure with Bottlerocket (AWS re:Invent 2021)

December 3, 2021 at 9:15 AM (Presented with Vaishnavi Venkatesan) - Session CON320
Bottlerocket is an open-source, minimal, Linux-based, container-optimized operating system that is purpose built to host container workloads. It only includes tools needed to run containers, significantly reducing the attack surface and impact of vulnerabilities. This chalk talk demonstrates many aspects of Bottlerocket, including how you can restrict container privileges and limit access to host-level entities, such as sockets and block devices. Learn how Bottlerocket blocks configurations that are designed to exploit vulnerabilities, keeping your host operating system secure.

Getting started as a Bottlerocket contributor (AWS re:Invent 2021)

November 30, 2021 at 11:45 AM (Presented with Curtis Rissi) - Session OPN206
Bottlerocket is a minimal, secure, Linux-based, container-optimized operating system. It is an open-source system, and its developers love collaborating with their contributors. In this chalk talk, explore how you can start contributing to Bottlerocket, learn how you can use developer tooling to build and test a potential contribution, and hear some examples of developer interactions with contributors.

Linux Container Primitives (LinuxFest Northwest 2020)

Online - View in catalog

In this session, we’ll explore the different Linux primitives that are commonly used in implementing container runtimes. We’ll learn about the Linux primitives that underlie container runtimes like Docker, including cgroups, namespaces, and union filesystems. We’ll see how Docker uses these primitives, and how the OCI standard makes it possible to customize how your containers run. We’ll also discuss alternative container runtimes like CRI-O, rkt, and systemd-nspawn and what makes them different. This will be an interactive session with a live demo and open questions.

This session is a repeat of the session from last year.

Extending containerd (SCALE 18x)

March 6, 2020 at 2:00 PM - View in catalog
containerd, a graduated CNCF project, is a widely used container runtime that provides core functionality for Docker. containerd was designed to be small and simple, but also very modular and extensible. This talk covers the architecture of containerd, explains the responsibilities of each component, and dives deep into containerd’s facility for extension. We’ll cover the individual gRPC services that make up containerd and show how they can be extended with proxy plugins, Go plugins, process interfaces (OCI runtimes and process-based logging), thick client implementations, and build-your-own containerd for compiled-in extension. These extension mechanisms can be shown with simple examples and real-world use in the firecracker-containerd project.

Deep Dive into firecracker-containerd (AWS re:Invent 2019)

December 2, 2019 at 12:15 PM and December 3, 2019 at 4:45 PM - Session CON408
Last year, we released the Firecracker virtual machine monitor (VMM) built on top of the Linux KVM subsystem, which is optimized for lightweight, container-like “microVMs.” In this session, we dive deep into the architecture of the firecracker-containerd project, which aims to allow portability between standard OCI container images and the larger container ecosystem with Firecracker microVMs. Topics covered include the standard containerd architecture with the reference OCI runtime (runc), challenges adapting containers into microVMs, and the firecracker-containerd suite.

Extending containerd (KubeCon + CloudNativeCon North America 2019)

November 19, 2019 at 4:25 PM (Presented with Maksym Pavlenko) - View in catalog
containerd, a graduated CNCF project, is a widely used container runtime that provides core functionality for Docker. containerd was designed to be small and simple, but also very modular and extensible. This talk covers the architecture of containerd, explains the responsibilities of each component, and dives deep into containerd’s facility for extension. We’ll cover the individual gRPC services that make up containerd and show how they can be extended with proxy plugins, Go plugins, process interfaces (OCI runtimes and process-based logging), thick client implementations, and build-your-own containerd for compiled-in extension. These extension mechanisms can be shown with simple examples and real-world use in the firecracker-containerd project.

Deep Dive into firecracker-containerd (DockerCon 2019)

April 30, 2019 at 12:00 PM - Session 281969
Amazon Web Services recently released the Firecracker Virtual Machine Monitor (VMM) built on top of the Linux KVM subsystem, which is optimized for lightweight, container-like “microVMs”. This session dives deep into the architecture of the firecracker-containerd project, which aims to allow portability between standard OCI container images and the larger container ecosystem with Firecracker microVMs. Topics covered will include the standard containerd architecture with the reference OCI runtime (runc), challenges adapting containers into microVMs, and the firecracker-containerd suite.

Deep Dive into firecracker-containerd (LinuxFest Northwest 2019)

April 28, 2019 (Presented with Noah Meyerhans)
Amazon Web Services recently released the Firecracker Virtual Machine Monitor (VMM) built on top of the Linux KVM subsystem, which is optimized for lightweight, container-like “microVMs”. This session dives deep into the architecture of the firecracker-containerd project, which aims to allow portability between standard OCI container images and the larger container ecosystem with Firecracker microVMs. Topics covered will include the standard containerd architecture with the reference OCI runtime (runc), challenges adapting containers into microVMs, and the firecracker-containerd suite.

Linux Container Primitives (LinuxFest Northwest 2019)

April 27, 2019
In this session, we’ll explore the different Linux primitives that are commonly used in implementing container runtimes. We’ll learn about the Linux primitives that underlie container runtimes like Docker, including cgroups, namespaces, and union filesystems. We’ll see how Docker uses these primitives, and how the OCI standard makes it possible to customize how your containers run. We’ll also discuss alternative container runtimes like CRI-O, rkt, and systemd-nspawn and what makes them different. This will be an interactive session with a live demo and open questions.

Linux Container Primitives and Runtimes (AWS re:Invent 2018)

November 26 and November 27, 2018 - Session CON407
In this session, we’ll explore the different Linux primitives that are commonly used in implementing container runtimes. Starting with Docker containers and moving down through the stack, we’ll cover containerd, runc, and the underlying Linux primitives like cgroups, namespaces, and union filesystems. We’ll also discuss alternative container runtimes like CRI-O, rkt, and systemd-nspawn and what makes them different. This will be an interactive session with a live demo and open questions.

Windows Containers on Amazon ECS (AWS re:Invent 2017)

November 28, 2017 - Session CON324

Docker containers are commonly regarded as powerful and portable runtime environments for Linux code, but Docker also offers support for running Windows Server applications in containers.

In this talk, we’ll discuss what containers are and why you’d use them, how they work on Windows, and how Windows containers compare to Linux containers.