SlideShare a Scribd company logo

Starting up Containers Super Fast With Lazy Pulling of Images

Kohei Tokunaga
Kohei Tokunaga

Talked at Container Plumbing Days about speeding up container startup by lazy pulling images on Kubernetes, containerd, BuildKit, Podman and CRI-O with eStargz and zstd:chunked. eStargz and Stargz Snapshotter: https://github.com/containerd/stargz-snapshotter zstd:chunked proposal: https://github.com/containers/storage/pull/775 Patch set to enable lazy pulling on Podman and CRI-O (a.k.a. Additional Layer Store): https://github.com/containers/storage/pull/795 https://github.com/containerd/stargz-snapshotter/pull/281

1 of 27
Downloaded 21 times
Copyright(c)2021 NTT Corp. All Rights Reserved Star%ng up Containers Super Fast With Lazy Pulling of Images Kohei Tokunaga, NTT Corporation Container Plumbing Days (March 10)
Copyright(c)2021 NTT Corp. All Rights Reserved TL;DR l Pull is one of the ?me-consuming steps in the container lifecycle l OCI-alterna?ve but OCI-compa?ble image formats are trying to solve it by lazy pulling • Legacy (lazy-pull-agnos?c) run?mes can run them (zstd requires recent run?mes). • eStargz by containerd Stargz SnapshoJer subproject • zstd:chunked discussed in Podman community l Collabora9on in community • Lazy pulling (eStargz) is available on: containerd, Kubernetes, BuildKit, Kaniko, go-containerregistry, nerdctl • On-going discussion of “Addi9onal Layer Store” feature to enable lazy pulling on Podman and CRI-O • hJps://github.com/containers/storage/pull/795 l On-going in 2021: Standardizing eStargz in OCI and improvements for stabilizing Stargz SnapshoJer Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04) Registry: GitHub Container Registry (ghcr.io) Run?me: containerd + Stargz SnapshoJer (47596d3) (See detailed info in the later slides) [sec] 0 5 10 15 20 25 30 zstd:chunked estargz estargz-noopt legacy gcc:10.2.0 (Compiles and runs printf("hello")) pull create run
Copyright(c)2021 NTT Corp. All Rights Reserved Pull is 'me-consuming pulling packages accounts for 76% of container start Cme, but only 6.4% of that data is read [Harter et al. 2016] [Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast DistribuCon with Lazy Docker Containers". 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA Caching images Minimizing image size Cold start is still slow Not all images are minimizable Language runtimes, frameworks, etc. Workarounds are known but not enough Node Registry Image Container pull run
Copyright(c)2021 NTT Corp. All Rights Reserved Problem on the current OCI/Docker image sha256:deadbeaf… sha256:1a3b5c… sha256:ffe63c… sha256:6ccde1… GET /v2/<image-name>/blobs/ bin/bash bin/ls etc/passwd etc/group usr/bin/apt layer = tarball (+compression) A container is a set of tarball layers A container can’t be started until the all layers become locally available l Need to scan the entire blob even for extracting single file entry • If the blob is gzip-compressed, it’s non-seekable anymore l No parallel extraction • Need to scan the blob from the top, sequentially
Copyright(c)2021 NTT Corp. All Rights Reserved Alterna(ve image formats: eStargz and zstd:chunked OCI run?mes Container Registry lazypull doesn’t download the entire image on pull operation but fetches necessary chunks of contents on-demand eStargz zstd:chunked BuildKit l Enable lazy pulling of container images from the registry l Compa?ble to OCI Image Specifica?on so lazy-pulling-agnos(c run(mes s(ll can run them • eStargz by containerd Stargz SnapshoJer subproject is compa?ble to gzip layers • zstd:chunked discussed in Podman community is compa?ble to zstd layers • Note: zstd requires recent run?mes (discussed later) CRI-O Podman
Copyright(c)2021 NTT Corp. All Rights Reserved eStargz
Copyright(c)2021 NTT Corp. All Rights Reserved eStargz overview l A variant of gzip compression. Compa@ble to RFC1952 (gzip) • Proposed by containerd Stargz SnapshoGer hGps://github.com/containerd/stargz-snapshoGer • Based on the stargz by Google CRFS (hGps://github.com/google/crfs) • eStargz comes with content verifica@on and performance op@miza@on l gzip-compressed layer is supported by OCI/Docker Image Spec and common in the current ecosystem • Legacy (lazy-pulling-agnos@c) run@mes s@ll can run eStargz (but without lazy pulling) l Lazy pulling of eStargz starts to be supported in community • Crea@ng eStargz: Kaniko, nerdctl, go-containerregistry, etc. • Lazy pulling of eStargz: containerd (and Kubernetes), BuildKit • Tracking at hGps://github.com/containerd/stargz-snapshoGer/issues/258
Copyright(c)2021 NTT Corp. All Rights Reserved The structure of eStargz l Seekable: Each file payload is compressed separately so can be extracted separately • SEll compaEble to RFC 1952 (gzip) • Each file/chunk can be fetched from the registry on-demand, using HTTP Range Request l Metadata (name, type, owner, …) of all files are stored to TOC (Table Of Contents) entry • Filesystem can be mounted without fetching the enEre blob l PrioriAzed files enables to prefetch likely accessed files ⚠ eStargz is incompaEble to stargz: “footer” is changed to make eStargz compaEble to RFC 1952 eStargz bin/ls usr/bin/apt entrypoint.sh bin/bash PrioriAzed files Prefetched by a single HTTP Range Request TOC(Table Of Contents) and footer l TOC contains files metadata, offset, etc… l footer contains offset of TOC ⚠ footer is incompaEble to stargz Files fetched on demand Can also be aggressively downloadeed in background gzip member per regular file/chunk Each chunk can be fetched and extracted separately, using HTTP Range Request of registry stargz bin/ls usr/bin/apt entrypoint.sh bin/bash For more details: hUps://github.com/containerd/stargz-snapshoUer/blob/master/docs/stargz-estargz.md
Copyright(c)2021 NTT Corp. All Rights Reserved Workload-based Op/miza/on proc container Input image Output image Convert & Op/mize Profile file access l Downloading each file/chunk on-demand costs extra overhead on each file access. l Leveraging eStargz, CLI converter command ctr-remote provides workload-based op/miza/on • Workload: entrypoint, envvar, etc… specified in Dockerfile (e.g. ENTRYPOINT) l ctr-remote (opRmizer tool) analyzes which files are likely accessed during runRme • Runs provided image and profiles all file accesses • Regards accessed files are also likely accessed during runRme (= priori/zed files) • Stargz SnapshoTer will prefetch these files when mounts this image eStargz For more details: hTps://github.com/containerd/stargz-snapshoTer/blob/master/docs/ctr-remote.md
Copyright(c)2021 NTT Corp. All Rights Reserved Content Verifica-on in eStargz chunkDigest chunkDigest chunkDigest containerd.io/snapshot/stargz/toc.digest file/chunk data file/chunk data file/chunk data Verified on resolve Verified on mount Verified on each fetch references by digest references by digest OCI Manifest TOC (metadata of all files) l Chunks are lazily pulled from registry on-demand • so they cannot verified when mounKng the layer l Chunks are “lazily” verified • TOC (metadata file) records digests per chunk • Each chunk can be verified when it’s fetched to the node • TOC itself is verified when mounKng that layer using the digest wriPen in the manifest (OCI AnnotaKon) For more details: hPps://github.com/containerd/stargz-snapshoPer/blob/master/docs/verificaKon.md (the above figure is from this doc)
Copyright(c)2021 NTT Corp. All Rights Reserved Discussion status of zstd:chunked
Copyright(c)2021 NTT Corp. All Rights Reserved zstd:chunked overview l A variant of zstd compression discussed in Podman community. • Proposed by Giuseppe Scrivano, Red Hat: hHps://github.com/containers/storage/pull/775 • Fast decompression by zstd • The idea is based on stargz (i.e. compresses each file separately) l Our lazy pulling implementaOon for zstd:chunked • hHps://github.com/containerd/stargz-snapshoHer/pull/281 l zstd-compressed (non-chunked) layer is start to be supported by recent runOmes • OCI image spec supports since August 2019 • hHps://github.com/opencontainers/image-spec/pull/788 • Containerd (v1.5 beta) supports zstd compressed layers. • CRI-O, Podman (github.com/containers/storage) supports zstd layers. • Docker: In progress hHps://github.com/moby/moby/issues/28394
Copyright(c)2021 NTT Corp. All Rights Reserved The structure of zstd:chunked Figure is from the proposal by Giuseppe Scrivano, Red Hat: hGps://github.com/containers/storage/pull/775 l Seekable: Each file payload is compressed separately so can be extracted separately l Metadata (name, type, owner, …) of all files are stored to the Manifest(= TOC of eStargz/stargz) Ø Filesystem can be mounted without fetching the enUre blob l Manifest(TOC) and Footer are prefixed by skippable frame Ø Invisible to zstd:chunked-agnosUc runUmes (decompressor) l Prefetch is not supported (currently)
Copyright(c)2021 NTT Corp. All Rights Reserved Content Verifica-on in zstd:chunked digest digest digest io.containers.zstd-chunked.manifest-checksum File payload File payload File payload Verified on resolve Verified on mount Verified on each fetch references by digest references by digest OCI Manifest TOC Manifest (metadata of all files) l “lazy” verificaJon based on eStargz • Manifest (TOC; metadata file) records digests of all files payload • Each file payload can be verified when it’s fetched to the node • TOC itself is verified when mounJng that layer using the digest wriPen in the manifest (OCI AnnotaJon)
Copyright(c)2021 NTT Corp. All Rights Reserved Startup (me of eStargz and zstd:chunked
Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup l Measures the container startup ?me which includes: • Pulling an image from GitHub Container Registry • For language container, running “print hello world” program in the container • For server container, wai?ng for the readiness (un?l “up and running” message is printed) • This method is based on Hello Bench [Harter, et al. 2016] l Takes 95 percen?le of 100 opera?ons l Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04) l Registry: GitHub Container Registry (ghcr.io) l Run?me: containerd + Stargz Snapsho[er (patched for enabling zstd:chunked) • h[ps://github.com/containerd/stargz-snapsho[er/pull/281 • Commit: 47596d33fa737ada970432938e36e9eff93c19f [Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast Distribu?on with Lazy Docker Containers". 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA
Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup [sec] Waits for prefetch compleAon 0 5 10 15 20 25 30 zstd:chunked estargz estargz-noopt legacy gcc:10.2.0 (Compiles and runs prinJ("hello")) pull create run
Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup [sec] Waits for prefetch compleAon 0 5 10 15 20 25 zstd:chunked estargz estargz-noopt legacy tomcat:10.0.0-jdk15-openjdk-buster(runs unAl "Server startup" is printed) pull create run
Copyright(c)2021 NTT Corp. All Rights Reserved Adop%on status of eStargz and zstd:chunked
Copyright(c)2021 NTT Corp. All Rights Reserved Lazy pulling on Kubernetes (eStargz) Nodes Stargz Snapsho9er External process gRPC API kubelet Lazy pull Container Registry Stargz Snapsho9er Stargz Snapsho9er l Lazy pulling can be enabled on Kubernetes without patches (eStargz is only supported currently) l containerd + Stargz SnapshoEer (discussed later) are needed on each node (CRI-O is WIP) l Real-world use-case at CERN for speeding up analysis pipeline [1] (13x faster pull for 5GB image) l On-going integraUon with KinD and k3s • KinD: hEps://github.com/k3s-io/k3s/pull/2936 • k3s: hEps://github.com/kubernetes-sigs/kind/pull/2076 [1] Ricardo Rocha & Spyridon Trigazis, CERN. “Speeding Up Analysis Pipelines with Remote Container Images”. KubeCon+CloudNaUveCon 2020 NA. hEps://sched.co/ekDj image
Copyright(c)2021 NTT Corp. All Rights Reserved Lazy pulling on containerd (eStargz) proc container Node Stargz Snapsho8er Lazy pull Container Registry Fetching files/chunks on demand MounAng rooBs as FUSE l Stargz Snapsho?er plugin enables lazy pulling of eStargz on containerd (zstd:chunked is on-proposal) • Stargz Snapsho?er is developed in a non-core subproject of containerd • h?ps://github.com/containerd/stargz-snapsho?er l Mounts rooJs snapshots from registry as FUSE and downloads accessed file contents on-demand • Mountable from arbitrary remote store by implemenPng dedicated remote snapsho?er l nerdctl (Docker-compaPble CLI for containerd; h?ps://github.com/AkihiroSuda/nerdctl) supports lazy pulling of eStargz on containerd Implemented as a “remote snapsho?er” image
Copyright(c)2021 NTT Corp. All Rights Reserved FROM ghcr.io/stargz-containers/golang:1.15.3-esgz as dev COPY ./hello.go /hello.go RUN go build -o hello /hello.go COPY and RUN without wai2ng for the pull comple2on Container Registry Lazy pulling on BuildKit (eStargz) golang:1.15.3-esgz • /usr/local/go/bin/go • /usr/local/go/src/fmt/… etc... Fetch files/chunks on demand Build on node Lazy pull l BuildKit > v0.8.0 experimentally supports lazy pulling of eStargz base images during build • FROM instrucMon is skipped and chunks are lazily pulled on-demand during COPY/RUN/etc. l Can shorten the Mme of build e.g. on temporary (and fresh) CI instances with big base images. l More details at blog: hVps://medium.com/nVlabs/buildkit-lazypull-66c37690963f • speeding up building ”hello world” image from tens of seconds to a few seconds at the best image
Copyright(c)2021 NTT Corp. All Rights Reserved Lazy pulling on Podman & CRI-O (eStargz,zstd:chunked) [WIP] l AddiFonal layer store enables lazy pulling on Podman and CRI-O • Patches are WIP: hGps://github.com/containers/storage/pull/795 l Podman/CRI-O use layers provided by addiLonal layer store for rooNs instead of pulling the image from the registry Node AddiFonal Layer Store Lazy pull Remote Store proc container Provides layers Podman, CRI-O Using layers for rooKs image
Copyright(c)2021 NTT Corp. All Rights Reserved Discussion status of addi-onal layer store l Our PoC of addi@onal layer store: hCps://github.com/containerd/stargz-snapshoCer/pull/281 • Lazily pulls eStargz and zstd:chunked from the standard container registries • Mounts image layers from the registry to the node l On-going discussions: • chunk verifica@on, expor@ng layers from addi@onal layer store, and GC Node proc container Moun-ng layers as FUSE Podman, CRI-O Using layers for rooFs Addi-onal Layer Store Lazy pull Container Registry Fetching files/chunks on demand image
Copyright(c)2021 NTT Corp. All Rights Reserved Demo Podman + Addi@onal Layer Store PoC + zstd:chunked
Copyright(c)2021 NTT Corp. All Rights Reserved Updates will come in 2021 Standardizing Lazy pulling l eStargz is proposed to OCI Image Spec l Discussion is on-going l Backward-compaHble extensions hKps://github.com/opencontainers/image-spec/issues/815 Enabling lazy pulling in more projects hKps://github.com/containerd/stargz-snapshoKer/issues/258 l KinD: hKps://github.com/kubernetes-sigs/kind/pull/2076 l K3s: hKps://github.com/k3s-io/k3s/pull/2936 Features and improvements for stabilizing Stargz SnapshoAer & AddiDonal Layer Store l Less-privileged authenHcaHon on Kubernetes: hKps://github.com/containerd/containerd/issues/5105 l Higher availability of Stargz SnapshoKer (mounHng images from mulHple backend registries) l Improvements on memory consumpHon of Stargz SnapshoKer l Speeding up image conversion l StaHc opHmizaHon of images l etc…
Copyright(c)2021 NTT Corp. All Rights Reserved Summary l Pull is one of the ?me-consuming steps in the container lifecycle l OCI-alterna?ve but OCI-compa?ble image formats are trying to solve it by lazy pulling • Legacy (lazy-pull-agnos?c) run?mes can run them (zstd requires recent run?mes). • eStargz by containerd Stargz SnapshoJer subproject • zstd:chunked discussed in Podman community l Collabora6on in community • Lazy pulling (eStargz) is available on: containerd, Kubernetes, BuildKit, Kaniko, go-containerregistry, nerdctl • On-going discussion of “Addi6onal Layer Store” feature to enable lazy pulling on Podman and CRI-O • hJps://github.com/containers/storage/pull/795 l On-going in 2021: Standardizing eStargz in OCI and improvements for stabilizing Stargz SnapshoJer
Ad

Recommended

[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
Akihiro Suda
 
Introduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdIntroduction and Deep Dive Into Containerd
Introduction and Deep Dive Into Containerd
Kohei Tokunaga
 
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy PullingFaster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Kohei Tokunaga
 
Containerd + buildkit breakout
Containerd + buildkit breakoutContainerd + buildkit breakout
Containerd + buildkit breakout
Docker, Inc.
 
eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動
Kohei Tokunaga
 
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterThe overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
Kohei Tokunaga
 
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
TomBarron
 
BlueStore, A New Storage Backend for Ceph, One Year In
BlueStore, A New Storage Backend for Ceph, One Year InBlueStore, A New Storage Backend for Ceph, One Year In
BlueStore, A New Storage Backend for Ceph, One Year In
Sage Weil
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShift
Kangaroot
 
Building images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitBuilding images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKit
NTT Software Innovation Center
 
Ceph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveCeph Block Devices: A Deep Dive
Ceph Block Devices: A Deep Dive
Red_Hat_Storage
 
Steering the Course with Helm
Steering the Course with HelmSteering the Course with Helm
Steering the Course with Helm
Dirk Jablonski
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
Araf Karsh Hamid
 
Containers 101
Containers 101Containers 101
Containers 101
Black Duck by Synopsys
 
Ceph Performance and Sizing Guide
Ceph Performance and Sizing GuideCeph Performance and Sizing Guide
Ceph Performance and Sizing Guide
Jose De La Rosa
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
Sreenivas Makam
 
P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctl
Kohei Tokunaga
 
Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileUsing Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfile
Rainer Gerhards
 
Exploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on KubernetesExploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on Kubernetes
Red Hat Developers
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能
Kohei Tokunaga
 
Cloud Native PostgreSQL
Cloud Native PostgreSQLCloud Native PostgreSQL
Cloud Native PostgreSQL
EDB
 
Ceph Object Storage Performance Secrets and Ceph Data Lake Solution
Ceph Object Storage Performance Secrets and Ceph Data Lake SolutionCeph Object Storage Performance Secrets and Ceph Data Lake Solution
Ceph Object Storage Performance Secrets and Ceph Data Lake Solution
Karan Singh
 
Introduction to yocto
Introduction to yoctoIntroduction to yocto
Introduction to yocto
Alex Gonzalez
 
OpenTelemetry For Operators
OpenTelemetry For OperatorsOpenTelemetry For Operators
OpenTelemetry For Operators
Kevin Brockhoff
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issues
Akihiro Suda
 
Kubernetes
KubernetesKubernetes
Kubernetes
Meng-Ze Lee
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps Toolkit
Weaveworks
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
Jérôme Petazzoni
 
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Kohei Tokunaga
 
Startup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image DistributionStartup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image Distribution
Kohei Tokunaga
 
Ad

More Related Content

What's hot (20)

Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShift
Kangaroot
 
Building images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitBuilding images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKit
NTT Software Innovation Center
 
Ceph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveCeph Block Devices: A Deep Dive
Ceph Block Devices: A Deep Dive
Red_Hat_Storage
 
Steering the Course with Helm
Steering the Course with HelmSteering the Course with Helm
Steering the Course with Helm
Dirk Jablonski
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
Araf Karsh Hamid
 
Containers 101
Containers 101Containers 101
Containers 101
Black Duck by Synopsys
 
Ceph Performance and Sizing Guide
Ceph Performance and Sizing GuideCeph Performance and Sizing Guide
Ceph Performance and Sizing Guide
Jose De La Rosa
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
Sreenivas Makam
 
P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctl
Kohei Tokunaga
 
Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileUsing Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfile
Rainer Gerhards
 
Exploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on KubernetesExploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on Kubernetes
Red Hat Developers
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能
Kohei Tokunaga
 
Cloud Native PostgreSQL
Cloud Native PostgreSQLCloud Native PostgreSQL
Cloud Native PostgreSQL
EDB
 
Ceph Object Storage Performance Secrets and Ceph Data Lake Solution
Ceph Object Storage Performance Secrets and Ceph Data Lake SolutionCeph Object Storage Performance Secrets and Ceph Data Lake Solution
Ceph Object Storage Performance Secrets and Ceph Data Lake Solution
Karan Singh
 
Introduction to yocto
Introduction to yoctoIntroduction to yocto
Introduction to yocto
Alex Gonzalez
 
OpenTelemetry For Operators
OpenTelemetry For OperatorsOpenTelemetry For Operators
OpenTelemetry For Operators
Kevin Brockhoff
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issues
Akihiro Suda
 
Kubernetes
KubernetesKubernetes
Kubernetes
Meng-Ze Lee
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps Toolkit
Weaveworks
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
Jérôme Petazzoni
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShift
Kangaroot
 
Building images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitBuilding images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKit
NTT Software Innovation Center
 
Ceph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveCeph Block Devices: A Deep Dive
Ceph Block Devices: A Deep Dive
Red_Hat_Storage
 
Steering the Course with Helm
Steering the Course with HelmSteering the Course with Helm
Steering the Course with Helm
Dirk Jablonski
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
Araf Karsh Hamid
 
Containers 101
Containers 101Containers 101
Containers 101
Black Duck by Synopsys
 
Ceph Performance and Sizing Guide
Ceph Performance and Sizing GuideCeph Performance and Sizing Guide
Ceph Performance and Sizing Guide
Jose De La Rosa
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
Sreenivas Makam
 
P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctl
Kohei Tokunaga
 
Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileUsing Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfile
Rainer Gerhards
 
Exploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on KubernetesExploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on Kubernetes
Red Hat Developers
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能
Kohei Tokunaga
 
Cloud Native PostgreSQL
Cloud Native PostgreSQLCloud Native PostgreSQL
Cloud Native PostgreSQL
EDB
 
Ceph Object Storage Performance Secrets and Ceph Data Lake Solution
Ceph Object Storage Performance Secrets and Ceph Data Lake SolutionCeph Object Storage Performance Secrets and Ceph Data Lake Solution
Ceph Object Storage Performance Secrets and Ceph Data Lake Solution
Karan Singh
 
Introduction to yocto
Introduction to yoctoIntroduction to yocto
Introduction to yocto
Alex Gonzalez
 
OpenTelemetry For Operators
OpenTelemetry For OperatorsOpenTelemetry For Operators
OpenTelemetry For Operators
Kevin Brockhoff
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issues
Akihiro Suda
 
Kubernetes
KubernetesKubernetes
Kubernetes
Meng-Ze Lee
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps Toolkit
Weaveworks
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
Jérôme Petazzoni
 

Similar to Starting up Containers Super Fast With Lazy Pulling of Images (20)

Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Kohei Tokunaga
 
Startup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image DistributionStartup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image Distribution
Kohei Tokunaga
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images
Akihiro Suda
 
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...
Akihiro Suda
 
Docker_AGH_v0.1.3
Docker_AGH_v0.1.3Docker_AGH_v0.1.3
Docker_AGH_v0.1.3
Witold 'Ficio' Kopel
 
Ippevent : openshift Introduction
Ippevent : openshift IntroductionIppevent : openshift Introduction
Ippevent : openshift Introduction
kanedafromparis
 
BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話
Kohei Tokunaga
 
Scale11x lxc talk
Scale11x lxc talkScale11x lxc talk
Scale11x lxc talk
dotCloud
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive
Akihiro Suda
 
Git Presentation - Purple Scout AB Malmö
Git Presentation - Purple Scout AB MalmöGit Presentation - Purple Scout AB Malmö
Git Presentation - Purple Scout AB Malmö
Emil Erlandsson
 
Infinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloadedInfinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloaded
Infinit
 
Continuous delivery workflow with Docker
Continuous delivery workflow with DockerContinuous delivery workflow with Docker
Continuous delivery workflow with Docker
Igor Moochnick
 
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
Akihiro Suda
 
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
JiandSon
 
Debugging ZFS: From Illumos to Linux
Debugging ZFS: From Illumos to LinuxDebugging ZFS: From Illumos to Linux
Debugging ZFS: From Illumos to Linux
Serapheim-Nikolaos Dimitropoulos
 
LXC Containers and AUFs
LXC Containers and AUFsLXC Containers and AUFs
LXC Containers and AUFs
Docker, Inc.
 
Pune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCDPune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCD
Prashant Rane
 
Docker.io
Docker.ioDocker.io
Docker.io
Ladislav Prskavec
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Nissan Dookeran
 
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Kohei Tokunaga
 
Startup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image DistributionStartup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image Distribution
Kohei Tokunaga
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images
Akihiro Suda
 
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...
Akihiro Suda
 
Docker_AGH_v0.1.3
Docker_AGH_v0.1.3Docker_AGH_v0.1.3
Docker_AGH_v0.1.3
Witold 'Ficio' Kopel
 
Ippevent : openshift Introduction
Ippevent : openshift IntroductionIppevent : openshift Introduction
Ippevent : openshift Introduction
kanedafromparis
 
BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話
Kohei Tokunaga
 
Scale11x lxc talk
Scale11x lxc talkScale11x lxc talk
Scale11x lxc talk
dotCloud
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive
Akihiro Suda
 
Git Presentation - Purple Scout AB Malmö
Git Presentation - Purple Scout AB MalmöGit Presentation - Purple Scout AB Malmö
Git Presentation - Purple Scout AB Malmö
Emil Erlandsson
 
Infinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloadedInfinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloaded
Infinit
 
Continuous delivery workflow with Docker
Continuous delivery workflow with DockerContinuous delivery workflow with Docker
Continuous delivery workflow with Docker
Igor Moochnick
 
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
Akihiro Suda
 
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
JiandSon
 
Debugging ZFS: From Illumos to Linux
Debugging ZFS: From Illumos to LinuxDebugging ZFS: From Illumos to Linux
Debugging ZFS: From Illumos to Linux
Serapheim-Nikolaos Dimitropoulos
 
LXC Containers and AUFs
LXC Containers and AUFsLXC Containers and AUFs
LXC Containers and AUFs
Docker, Inc.
 
Pune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCDPune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCD
Prashant Rane
 
Docker.io
Docker.ioDocker.io
Docker.io
Ladislav Prskavec
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Nissan Dookeran
 
Ad

More from Kohei Tokunaga (10)

BuildKitの概要と最近の機能
BuildKitの概要と最近の機能BuildKitの概要と最近の機能
BuildKitの概要と最近の機能
Kohei Tokunaga
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行
Kohei Tokunaga
 
DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐる
Kohei Tokunaga
 
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Kohei Tokunaga
 
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Kohei Tokunaga
 
OCIランタイムの筆頭「runc」を俯瞰する
OCIランタイムの筆頭「runc」を俯瞰するOCIランタイムの筆頭「runc」を俯瞰する
OCIランタイムの筆頭「runc」を俯瞰する
Kohei Tokunaga
 
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
Kohei Tokunaga
 
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
Kohei Tokunaga
 
今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた
Kohei Tokunaga
 
コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門
Kohei Tokunaga
 
BuildKitの概要と最近の機能
BuildKitの概要と最近の機能BuildKitの概要と最近の機能
BuildKitの概要と最近の機能
Kohei Tokunaga
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行
Kohei Tokunaga
 
DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐる
Kohei Tokunaga
 
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Kohei Tokunaga
 
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Kohei Tokunaga
 
OCIランタイムの筆頭「runc」を俯瞰する
OCIランタイムの筆頭「runc」を俯瞰するOCIランタイムの筆頭「runc」を俯瞰する
OCIランタイムの筆頭「runc」を俯瞰する
Kohei Tokunaga
 
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
Kohei Tokunaga
 
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
Kohei Tokunaga
 
今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた
Kohei Tokunaga
 
コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門
Kohei Tokunaga
 
Ad

Recently uploaded (20)

Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest VersionAdobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Version
kashifyounis067
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
Maxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINKMaxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINK
younisnoman75
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
How can one start with crypto wallet development.pptx
How can one start with crypto wallet development.pptxHow can one start with crypto wallet development.pptx
How can one start with crypto wallet development.pptx
laravinson24
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New VersionF-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
saimabibi60507
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)
sh607827
 
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIScaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
danshalev
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxKubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeExpand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchange
Fexle Services Pvt. Ltd.
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Dele Amefo
 
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage DashboardsAdobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
BradBedford3
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest VersionAdobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Version
kashifyounis067
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
Maxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINKMaxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINK
younisnoman75
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
How can one start with crypto wallet development.pptx
How can one start with crypto wallet development.pptxHow can one start with crypto wallet development.pptx
How can one start with crypto wallet development.pptx
laravinson24
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New VersionF-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
saimabibi60507
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)
sh607827
 
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIScaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
danshalev
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxKubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeExpand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchange
Fexle Services Pvt. Ltd.
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Dele Amefo
 
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage DashboardsAdobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
BradBedford3
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 

Starting up Containers Super Fast With Lazy Pulling of Images

  • 1. Copyright(c)2021 NTT Corp. All Rights Reserved Star%ng up Containers Super Fast With Lazy Pulling of Images Kohei Tokunaga, NTT Corporation Container Plumbing Days (March 10)
  • 2. Copyright(c)2021 NTT Corp. All Rights Reserved TL;DR l Pull is one of the ?me-consuming steps in the container lifecycle l OCI-alterna?ve but OCI-compa?ble image formats are trying to solve it by lazy pulling • Legacy (lazy-pull-agnos?c) run?mes can run them (zstd requires recent run?mes). • eStargz by containerd Stargz SnapshoJer subproject • zstd:chunked discussed in Podman community l Collabora9on in community • Lazy pulling (eStargz) is available on: containerd, Kubernetes, BuildKit, Kaniko, go-containerregistry, nerdctl • On-going discussion of “Addi9onal Layer Store” feature to enable lazy pulling on Podman and CRI-O • hJps://github.com/containers/storage/pull/795 l On-going in 2021: Standardizing eStargz in OCI and improvements for stabilizing Stargz SnapshoJer Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04) Registry: GitHub Container Registry (ghcr.io) Run?me: containerd + Stargz SnapshoJer (47596d3) (See detailed info in the later slides) [sec] 0 5 10 15 20 25 30 zstd:chunked estargz estargz-noopt legacy gcc:10.2.0 (Compiles and runs printf("hello")) pull create run
  • 3. Copyright(c)2021 NTT Corp. All Rights Reserved Pull is 'me-consuming pulling packages accounts for 76% of container start Cme, but only 6.4% of that data is read [Harter et al. 2016] [Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast DistribuCon with Lazy Docker Containers". 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA Caching images Minimizing image size Cold start is still slow Not all images are minimizable Language runtimes, frameworks, etc. Workarounds are known but not enough Node Registry Image Container pull run
  • 4. Copyright(c)2021 NTT Corp. All Rights Reserved Problem on the current OCI/Docker image sha256:deadbeaf… sha256:1a3b5c… sha256:ffe63c… sha256:6ccde1… GET /v2/<image-name>/blobs/ bin/bash bin/ls etc/passwd etc/group usr/bin/apt layer = tarball (+compression) A container is a set of tarball layers A container can’t be started until the all layers become locally available l Need to scan the entire blob even for extracting single file entry • If the blob is gzip-compressed, it’s non-seekable anymore l No parallel extraction • Need to scan the blob from the top, sequentially
  • 5. Copyright(c)2021 NTT Corp. All Rights Reserved Alterna(ve image formats: eStargz and zstd:chunked OCI run?mes Container Registry lazypull doesn’t download the entire image on pull operation but fetches necessary chunks of contents on-demand eStargz zstd:chunked BuildKit l Enable lazy pulling of container images from the registry l Compa?ble to OCI Image Specifica?on so lazy-pulling-agnos(c run(mes s(ll can run them • eStargz by containerd Stargz SnapshoJer subproject is compa?ble to gzip layers • zstd:chunked discussed in Podman community is compa?ble to zstd layers • Note: zstd requires recent run?mes (discussed later) CRI-O Podman
  • 6. Copyright(c)2021 NTT Corp. All Rights Reserved eStargz
  • 7. Copyright(c)2021 NTT Corp. All Rights Reserved eStargz overview l A variant of gzip compression. Compa@ble to RFC1952 (gzip) • Proposed by containerd Stargz SnapshoGer hGps://github.com/containerd/stargz-snapshoGer • Based on the stargz by Google CRFS (hGps://github.com/google/crfs) • eStargz comes with content verifica@on and performance op@miza@on l gzip-compressed layer is supported by OCI/Docker Image Spec and common in the current ecosystem • Legacy (lazy-pulling-agnos@c) run@mes s@ll can run eStargz (but without lazy pulling) l Lazy pulling of eStargz starts to be supported in community • Crea@ng eStargz: Kaniko, nerdctl, go-containerregistry, etc. • Lazy pulling of eStargz: containerd (and Kubernetes), BuildKit • Tracking at hGps://github.com/containerd/stargz-snapshoGer/issues/258
  • 8. Copyright(c)2021 NTT Corp. All Rights Reserved The structure of eStargz l Seekable: Each file payload is compressed separately so can be extracted separately • SEll compaEble to RFC 1952 (gzip) • Each file/chunk can be fetched from the registry on-demand, using HTTP Range Request l Metadata (name, type, owner, …) of all files are stored to TOC (Table Of Contents) entry • Filesystem can be mounted without fetching the enEre blob l PrioriAzed files enables to prefetch likely accessed files ⚠ eStargz is incompaEble to stargz: “footer” is changed to make eStargz compaEble to RFC 1952 eStargz bin/ls usr/bin/apt entrypoint.sh bin/bash PrioriAzed files Prefetched by a single HTTP Range Request TOC(Table Of Contents) and footer l TOC contains files metadata, offset, etc… l footer contains offset of TOC ⚠ footer is incompaEble to stargz Files fetched on demand Can also be aggressively downloadeed in background gzip member per regular file/chunk Each chunk can be fetched and extracted separately, using HTTP Range Request of registry stargz bin/ls usr/bin/apt entrypoint.sh bin/bash For more details: hUps://github.com/containerd/stargz-snapshoUer/blob/master/docs/stargz-estargz.md
  • 9. Copyright(c)2021 NTT Corp. All Rights Reserved Workload-based Op/miza/on proc container Input image Output image Convert & Op/mize Profile file access l Downloading each file/chunk on-demand costs extra overhead on each file access. l Leveraging eStargz, CLI converter command ctr-remote provides workload-based op/miza/on • Workload: entrypoint, envvar, etc… specified in Dockerfile (e.g. ENTRYPOINT) l ctr-remote (opRmizer tool) analyzes which files are likely accessed during runRme • Runs provided image and profiles all file accesses • Regards accessed files are also likely accessed during runRme (= priori/zed files) • Stargz SnapshoTer will prefetch these files when mounts this image eStargz For more details: hTps://github.com/containerd/stargz-snapshoTer/blob/master/docs/ctr-remote.md
  • 10. Copyright(c)2021 NTT Corp. All Rights Reserved Content Verifica-on in eStargz chunkDigest chunkDigest chunkDigest containerd.io/snapshot/stargz/toc.digest file/chunk data file/chunk data file/chunk data Verified on resolve Verified on mount Verified on each fetch references by digest references by digest OCI Manifest TOC (metadata of all files) l Chunks are lazily pulled from registry on-demand • so they cannot verified when mounKng the layer l Chunks are “lazily” verified • TOC (metadata file) records digests per chunk • Each chunk can be verified when it’s fetched to the node • TOC itself is verified when mounKng that layer using the digest wriPen in the manifest (OCI AnnotaKon) For more details: hPps://github.com/containerd/stargz-snapshoPer/blob/master/docs/verificaKon.md (the above figure is from this doc)
  • 11. Copyright(c)2021 NTT Corp. All Rights Reserved Discussion status of zstd:chunked
  • 12. Copyright(c)2021 NTT Corp. All Rights Reserved zstd:chunked overview l A variant of zstd compression discussed in Podman community. • Proposed by Giuseppe Scrivano, Red Hat: hHps://github.com/containers/storage/pull/775 • Fast decompression by zstd • The idea is based on stargz (i.e. compresses each file separately) l Our lazy pulling implementaOon for zstd:chunked • hHps://github.com/containerd/stargz-snapshoHer/pull/281 l zstd-compressed (non-chunked) layer is start to be supported by recent runOmes • OCI image spec supports since August 2019 • hHps://github.com/opencontainers/image-spec/pull/788 • Containerd (v1.5 beta) supports zstd compressed layers. • CRI-O, Podman (github.com/containers/storage) supports zstd layers. • Docker: In progress hHps://github.com/moby/moby/issues/28394
  • 13. Copyright(c)2021 NTT Corp. All Rights Reserved The structure of zstd:chunked Figure is from the proposal by Giuseppe Scrivano, Red Hat: hGps://github.com/containers/storage/pull/775 l Seekable: Each file payload is compressed separately so can be extracted separately l Metadata (name, type, owner, …) of all files are stored to the Manifest(= TOC of eStargz/stargz) Ø Filesystem can be mounted without fetching the enUre blob l Manifest(TOC) and Footer are prefixed by skippable frame Ø Invisible to zstd:chunked-agnosUc runUmes (decompressor) l Prefetch is not supported (currently)
  • 14. Copyright(c)2021 NTT Corp. All Rights Reserved Content Verifica-on in zstd:chunked digest digest digest io.containers.zstd-chunked.manifest-checksum File payload File payload File payload Verified on resolve Verified on mount Verified on each fetch references by digest references by digest OCI Manifest TOC Manifest (metadata of all files) l “lazy” verificaJon based on eStargz • Manifest (TOC; metadata file) records digests of all files payload • Each file payload can be verified when it’s fetched to the node • TOC itself is verified when mounJng that layer using the digest wriPen in the manifest (OCI AnnotaJon)
  • 15. Copyright(c)2021 NTT Corp. All Rights Reserved Startup (me of eStargz and zstd:chunked
  • 16. Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup l Measures the container startup ?me which includes: • Pulling an image from GitHub Container Registry • For language container, running “print hello world” program in the container • For server container, wai?ng for the readiness (un?l “up and running” message is printed) • This method is based on Hello Bench [Harter, et al. 2016] l Takes 95 percen?le of 100 opera?ons l Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04) l Registry: GitHub Container Registry (ghcr.io) l Run?me: containerd + Stargz Snapsho[er (patched for enabling zstd:chunked) • h[ps://github.com/containerd/stargz-snapsho[er/pull/281 • Commit: 47596d33fa737ada970432938e36e9eff93c19f [Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast Distribu?on with Lazy Docker Containers". 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA
  • 17. Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup [sec] Waits for prefetch compleAon 0 5 10 15 20 25 30 zstd:chunked estargz estargz-noopt legacy gcc:10.2.0 (Compiles and runs prinJ("hello")) pull create run
  • 18. Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup [sec] Waits for prefetch compleAon 0 5 10 15 20 25 zstd:chunked estargz estargz-noopt legacy tomcat:10.0.0-jdk15-openjdk-buster(runs unAl "Server startup" is printed) pull create run
  • 19. Copyright(c)2021 NTT Corp. All Rights Reserved Adop%on status of eStargz and zstd:chunked
  • 20. Copyright(c)2021 NTT Corp. All Rights Reserved Lazy pulling on Kubernetes (eStargz) Nodes Stargz Snapsho9er External process gRPC API kubelet Lazy pull Container Registry Stargz Snapsho9er Stargz Snapsho9er l Lazy pulling can be enabled on Kubernetes without patches (eStargz is only supported currently) l containerd + Stargz SnapshoEer (discussed later) are needed on each node (CRI-O is WIP) l Real-world use-case at CERN for speeding up analysis pipeline [1] (13x faster pull for 5GB image) l On-going integraUon with KinD and k3s • KinD: hEps://github.com/k3s-io/k3s/pull/2936 • k3s: hEps://github.com/kubernetes-sigs/kind/pull/2076 [1] Ricardo Rocha & Spyridon Trigazis, CERN. “Speeding Up Analysis Pipelines with Remote Container Images”. KubeCon+CloudNaUveCon 2020 NA. hEps://sched.co/ekDj image
  • 21. Copyright(c)2021 NTT Corp. All Rights Reserved Lazy pulling on containerd (eStargz) proc container Node Stargz Snapsho8er Lazy pull Container Registry Fetching files/chunks on demand MounAng rooBs as FUSE l Stargz Snapsho?er plugin enables lazy pulling of eStargz on containerd (zstd:chunked is on-proposal) • Stargz Snapsho?er is developed in a non-core subproject of containerd • h?ps://github.com/containerd/stargz-snapsho?er l Mounts rooJs snapshots from registry as FUSE and downloads accessed file contents on-demand • Mountable from arbitrary remote store by implemenPng dedicated remote snapsho?er l nerdctl (Docker-compaPble CLI for containerd; h?ps://github.com/AkihiroSuda/nerdctl) supports lazy pulling of eStargz on containerd Implemented as a “remote snapsho?er” image
  • 22. Copyright(c)2021 NTT Corp. All Rights Reserved FROM ghcr.io/stargz-containers/golang:1.15.3-esgz as dev COPY ./hello.go /hello.go RUN go build -o hello /hello.go COPY and RUN without wai2ng for the pull comple2on Container Registry Lazy pulling on BuildKit (eStargz) golang:1.15.3-esgz • /usr/local/go/bin/go • /usr/local/go/src/fmt/… etc... Fetch files/chunks on demand Build on node Lazy pull l BuildKit > v0.8.0 experimentally supports lazy pulling of eStargz base images during build • FROM instrucMon is skipped and chunks are lazily pulled on-demand during COPY/RUN/etc. l Can shorten the Mme of build e.g. on temporary (and fresh) CI instances with big base images. l More details at blog: hVps://medium.com/nVlabs/buildkit-lazypull-66c37690963f • speeding up building ”hello world” image from tens of seconds to a few seconds at the best image
  • 23. Copyright(c)2021 NTT Corp. All Rights Reserved Lazy pulling on Podman & CRI-O (eStargz,zstd:chunked) [WIP] l AddiFonal layer store enables lazy pulling on Podman and CRI-O • Patches are WIP: hGps://github.com/containers/storage/pull/795 l Podman/CRI-O use layers provided by addiLonal layer store for rooNs instead of pulling the image from the registry Node AddiFonal Layer Store Lazy pull Remote Store proc container Provides layers Podman, CRI-O Using layers for rooKs image
  • 24. Copyright(c)2021 NTT Corp. All Rights Reserved Discussion status of addi-onal layer store l Our PoC of addi@onal layer store: hCps://github.com/containerd/stargz-snapshoCer/pull/281 • Lazily pulls eStargz and zstd:chunked from the standard container registries • Mounts image layers from the registry to the node l On-going discussions: • chunk verifica@on, expor@ng layers from addi@onal layer store, and GC Node proc container Moun-ng layers as FUSE Podman, CRI-O Using layers for rooFs Addi-onal Layer Store Lazy pull Container Registry Fetching files/chunks on demand image
  • 25. Copyright(c)2021 NTT Corp. All Rights Reserved Demo Podman + Addi@onal Layer Store PoC + zstd:chunked
  • 26. Copyright(c)2021 NTT Corp. All Rights Reserved Updates will come in 2021 Standardizing Lazy pulling l eStargz is proposed to OCI Image Spec l Discussion is on-going l Backward-compaHble extensions hKps://github.com/opencontainers/image-spec/issues/815 Enabling lazy pulling in more projects hKps://github.com/containerd/stargz-snapshoKer/issues/258 l KinD: hKps://github.com/kubernetes-sigs/kind/pull/2076 l K3s: hKps://github.com/k3s-io/k3s/pull/2936 Features and improvements for stabilizing Stargz SnapshoAer & AddiDonal Layer Store l Less-privileged authenHcaHon on Kubernetes: hKps://github.com/containerd/containerd/issues/5105 l Higher availability of Stargz SnapshoKer (mounHng images from mulHple backend registries) l Improvements on memory consumpHon of Stargz SnapshoKer l Speeding up image conversion l StaHc opHmizaHon of images l etc…
  • 27. Copyright(c)2021 NTT Corp. All Rights Reserved Summary l Pull is one of the ?me-consuming steps in the container lifecycle l OCI-alterna?ve but OCI-compa?ble image formats are trying to solve it by lazy pulling • Legacy (lazy-pull-agnos?c) run?mes can run them (zstd requires recent run?mes). • eStargz by containerd Stargz SnapshoJer subproject • zstd:chunked discussed in Podman community l Collabora6on in community • Lazy pulling (eStargz) is available on: containerd, Kubernetes, BuildKit, Kaniko, go-containerregistry, nerdctl • On-going discussion of “Addi6onal Layer Store” feature to enable lazy pulling on Podman and CRI-O • hJps://github.com/containers/storage/pull/795 l On-going in 2021: Standardizing eStargz in OCI and improvements for stabilizing Stargz SnapshoJer