containerd provides the low-level functionality that enables the Docker Engine to run containers. containerd events provide a simple, yet powerful mechanism to integrate with virtually any other system with minimal effort. This talk will cover what containerd events are and how to use them for integration with systems ranging from monitoring and logging to container networking using CNI (Container Network Interface) plugins.

1. Leveraging
Containerd Events
Evan Hazlett
Software Engineer,
Docker

2. ● container executor and supervisor
● image distribution
● local storage
● builtin metrics
● plumbing level API
containerd
what is containerd?

3. ● No build
● No logging
● No volumes
● No networking
containerd
what it is not...

4. containerd: ecosystem

5. ● content
● images
● rootfs
● execution
● shim
containerd: GRPC APIs
containerd/api/services/

6. service ContainerService {
rpc Create(CreateRequest) returns (CreateResponse);
rpc Start(StartRequest) returns (google.protobuf.Empty);
rpc Delete(DeleteRequest) returns (DeleteResponse);
rpc Info(InfoRequest) returns (containerd.v1.types.Container);
rpc List(ListRequest) returns (ListResponse);
rpc Kill(KillRequest) returns (google.protobuf.Empty);
rpc Events(EventsRequest) returns (stream containerd.v1.types.Event);
rpc Exec(ExecRequest) returns (ExecResponse);
}
containerd: GRPC APIs
execution

7. ● Create
● Start
● Delete
containerd: container lifecycle

9. $> ctr events
TYPE ID PID EXIT_STATUS
CREATE redis 1402 0
START redis 1402 0
EXIT redis 1402 0
containerd: events

10. svc, _ := execution.NewContainerServiceClient(conn)
events, _ := svc.Events(context.Background(),
&execution.EventsRequest{})
for {
e, _ := events.Recv()
handleEvent(e)
}
containerd: events

12. cmdline, err := getProcCommand(int(evt.Pid))
fields := logrus.Fields{
"id": evt.ID,
"type": evt.Type.String(),
"pid": evt.Pid,
"exit_status": evt.ExitStatus,
"cmdline": cmdline,
}
if evt.Type.String() != "EXIT" {
utime, stime, threads, vsize, rss, _ := getProcStat(int(evt.Pid))
fields["utime"] = utime
fields["stime"] = stime
fields["threads"] = threads
fields["vsize"] = vsize
fields["rss"] = rss
}
containerd: events

14. ● Prometheus compatible
● container metrics
● cgroup stats
● oom events
containerd: metrics

16. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
containerd: networking

17. CNI is a specification and set of libraries for creating
plugins to configure network interfaces in Linux
containers.
container networking initiative

18. Builtin
● bridge
● ipvlan
● loopback
● macvlan
● ptp
container networking initiative
available plugins
Third Party
● Project Calico
● Weave
● Contiv
● Infoblox
● ...more

19. {
"cniVersion": "0.3.0",
"name": "default",
"type": "bridge",
"bridge": "cni0",
"ipMasq": true,
"isGateway": true,
"ipam": {...}
}
containerd: networking with cni

20. netconf, _ := libcni.LoadConf(confPath, networkName)
cniConf := &libcni.CNIConfig{
Path: cniPluginPath,
}
runtime := &libcni.RuntimeConf{
ContainerID: containerPid,
NetNS: fmt.Sprintf("/proc/%d/ns/net", containerPid),
IfName: “eth0”,
}
// connect
r, _ := cniConf.AddNetwork(netconf, runtime)
containerd: networking with cni

21. ● manages cni networks
● standard cli for operations
○ connect, disconnect, view
containerd: networking
cni management via circuit

23. ● receives “START” event
● uses cni to connect container to
network
● upon “EXIT” event, removes container
from network
containerd: networking
automatic container networking with events and circuit

25. Thank you!
● containerd: github.com/containerd/containerd
● cni: github.com/containernetworking/cni
Demo Source
● ctrd-events: github.com/ehazlett/ctrd-events
● circuit: github.com/ehazlett/circuit
@ehazlett #dockercon