Talks

containerd: Project Update and Deep Dive (KubeCon + CloudNativeCon Europe 2023)

April 20, 2023 at 5:25 PM (Presented with Maksym Pavlenko) - View in catalog
Join containerd maintainers for an introduction and deep dive into the latest updates on containerd. For Kubernetes users, we will cover how to get started and configure containerd. We’ll then dive into the exciting work going on in the containerd ecosystem. In 1.7, exciting new experimental features like the Sandbox API bring the ability to better-model non-traditional runtime environments while the Transfer Service builds a new model of extensibility for image operations. 2.0 is around the corner, and will bring stability to the new features and form a strong base for long-term maintenance through the removal of deprecated functionality. The ecosystem is vibrant and expanding, with subprojects of containerd (nerdctl, wasm, some snapshotters) and as vendor- or community-driven projects for image streaming, developer experience, and new OS platforms. Rust has made its appearance in the containerd ecosystem too, with a new non-core library to build Rust-based shims.

Keeping your host operating system secure with Bottlerocket (AWS re:Invent 2021)

December 3, 2021 at 9:15 AM (Presented with Vaishnavi Venkatesan) - Session CON320
Bottlerocket is an open-source, minimal, Linux-based, container-optimized operating system that is purpose built to host container workloads. It only includes tools needed to run containers, significantly reducing the attack surface and impact of vulnerabilities. This chalk talk demonstrates many aspects of Bottlerocket, including how you can restrict container privileges and limit access to host-level entities, such as sockets and block devices. Learn how Bottlerocket blocks configurations that are designed to exploit vulnerabilities, keeping your host operating system secure.

Getting started as a Bottlerocket contributor (AWS re:Invent 2021)

November 30, 2021 at 11:45 AM (Presented with Curtis Rissi) - Session OPN206
Bottlerocket is a minimal, secure, Linux-based, container-optimized operating system. It is an open-source system, and its developers love collaborating with their contributors. In this chalk talk, explore how you can start contributing to Bottlerocket, learn how you can use developer tooling to build and test a potential contribution, and hear some examples of developer interactions with contributors.

Linux Container Primitives (LinuxFest Northwest 2020)

Online - View in catalog

In this session, we’ll explore the different Linux primitives that are commonly used in implementing container runtimes. We’ll learn about the Linux primitives that underlie container runtimes like Docker, including cgroups, namespaces, and union filesystems. We’ll see how Docker uses these primitives, and how the OCI standard makes it possible to customize how your containers run. We’ll also discuss alternative container runtimes like CRI-O, rkt, and systemd-nspawn and what makes them different. This will be an interactive session with a live demo and open questions.

This session is a repeat of the session from last year.

Extending containerd (SCALE 18x)

March 6, 2020 at 2:00 PM - View in catalog
containerd, a graduated CNCF project, is a widely used container runtime that provides core functionality for Docker. containerd was designed to be small and simple, but also very modular and extensible. This talk covers the architecture of containerd, explains the responsibilities of each component, and dives deep into containerd’s facility for extension. We’ll cover the individual gRPC services that make up containerd and show how they can be extended with proxy plugins, Go plugins, process interfaces (OCI runtimes and process-based logging), thick client implementations, and build-your-own containerd for compiled-in extension. These extension mechanisms can be shown with simple examples and real-world use in the firecracker-containerd project.

Deep Dive into firecracker-containerd (AWS re:Invent 2019)

December 2, 2019 at 12:15 PM and December 3, 2019 at 4:45 PM - Session CON408
Last year, we released the Firecracker virtual machine monitor (VMM) built on top of the Linux KVM subsystem, which is optimized for lightweight, container-like “microVMs.” In this session, we dive deep into the architecture of the firecracker-containerd project, which aims to allow portability between standard OCI container images and the larger container ecosystem with Firecracker microVMs. Topics covered include the standard containerd architecture with the reference OCI runtime (runc), challenges adapting containers into microVMs, and the firecracker-containerd suite.

Extending containerd (KubeCon + CloudNativeCon North America 2019)

November 19, 2019 at 4:25 PM (Presented with Maksym Pavlenko) - View in catalog
containerd, a graduated CNCF project, is a widely used container runtime that provides core functionality for Docker. containerd was designed to be small and simple, but also very modular and extensible. This talk covers the architecture of containerd, explains the responsibilities of each component, and dives deep into containerd’s facility for extension. We’ll cover the individual gRPC services that make up containerd and show how they can be extended with proxy plugins, Go plugins, process interfaces (OCI runtimes and process-based logging), thick client implementations, and build-your-own containerd for compiled-in extension. These extension mechanisms can be shown with simple examples and real-world use in the firecracker-containerd project.

Deep Dive into firecracker-containerd (DockerCon 2019)

April 30, 2019 at 12:00 PM - Session 281969
Amazon Web Services recently released the Firecracker Virtual Machine Monitor (VMM) built on top of the Linux KVM subsystem, which is optimized for lightweight, container-like “microVMs”. This session dives deep into the architecture of the firecracker-containerd project, which aims to allow portability between standard OCI container images and the larger container ecosystem with Firecracker microVMs. Topics covered will include the standard containerd architecture with the reference OCI runtime (runc), challenges adapting containers into microVMs, and the firecracker-containerd suite.

Deep Dive into firecracker-containerd (LinuxFest Northwest 2019)

April 28, 2019 (Presented with Noah Meyerhans)
Amazon Web Services recently released the Firecracker Virtual Machine Monitor (VMM) built on top of the Linux KVM subsystem, which is optimized for lightweight, container-like “microVMs”. This session dives deep into the architecture of the firecracker-containerd project, which aims to allow portability between standard OCI container images and the larger container ecosystem with Firecracker microVMs. Topics covered will include the standard containerd architecture with the reference OCI runtime (runc), challenges adapting containers into microVMs, and the firecracker-containerd suite.

Linux Container Primitives (LinuxFest Northwest 2019)

April 27, 2019
In this session, we’ll explore the different Linux primitives that are commonly used in implementing container runtimes. We’ll learn about the Linux primitives that underlie container runtimes like Docker, including cgroups, namespaces, and union filesystems. We’ll see how Docker uses these primitives, and how the OCI standard makes it possible to customize how your containers run. We’ll also discuss alternative container runtimes like CRI-O, rkt, and systemd-nspawn and what makes them different. This will be an interactive session with a live demo and open questions.

Linux Container Primitives and Runtimes (AWS re:Invent 2018)

November 26 and November 27, 2018 - Session CON407
In this session, we’ll explore the different Linux primitives that are commonly used in implementing container runtimes. Starting with Docker containers and moving down through the stack, we’ll cover containerd, runc, and the underlying Linux primitives like cgroups, namespaces, and union filesystems. We’ll also discuss alternative container runtimes like CRI-O, rkt, and systemd-nspawn and what makes them different. This will be an interactive session with a live demo and open questions.

Windows Containers on Amazon ECS (AWS re:Invent 2017)

November 28, 2017 - Session CON324

Docker containers are commonly regarded as powerful and portable runtime environments for Linux code, but Docker also offers support for running Windows Server applications in containers.

In this talk, we’ll discuss what containers are and why you’d use them, how they work on Windows, and how Windows containers compare to Linux containers.