Moby projects and Kubernetes

How Moby and Kubernetes work together

There have always been close relations between the Moby open source projects, led by Docker, and Kubernetes, since Kubernetes was launched at DockerCon 2014. The Kubernetes and the Moby communities often include the same people, attending the same meetups, using the same languages and design patterns, and trying to solve the same problems. The containerd project was started last year in collaboration with all of the major cloud providers and has worked with the Kubernetes community to provide an open and reliable container runtime for higher level orchestration projects and container platforms, including Kubernetes.

This page summarizes how each Moby Project integrates Kubernetes and how to get involved.

docker con 2017

containerd and cri-containerd

Code: https://github.com/containerd/containerd

The containerd project was designed to be used as the core container runtime for future editions of Docker, Kubernetes, and many other projects. The project is currently approaching the 1.0 milestone.

Code: https://github.com/kubernetes-incubator/cri-containerd

To use containerd with Kubernetes, you need to use the cri-containerd CRI (common runtime interface) adaptor. This is currently largely feature complete, and works with Kubernetes 1.7 or later, and is in the final stabilisation process. There are outstanding issues that need help and you can find out more on the cri-containerd issue tracker. Any bugs you find should be reported there too. Below are slides from the Moby Summit in Los Angeles, which cover the Kubernetes containerd integration by Liu Lantao.

There are several ways you can set up a Kubernetes cluster with containerd and cri-containerd:

To try it out there is a quick start with Ansible (see the README)
You can try it with Kelsey Hightower’s Kubernetes the Hard Way to create a cluster from scratch on Google Cloud.
Install from the release tarball using kubeadm (see the instructions)
Install with LinuxKit on a local VM (see the instructions).

You can join the discussions on the #containerd channel on the Community Slack.

LinuxKit

Code: https://github.com/linuxkit/linuxkit

LinuxKit is a tool for building custom secure, portable and lean operating systems for containers. It was launched at DockerCon 2017 with a demo of Kubernetes, and has continued to improve this support since then. There is a detailed set of getting started instructions for both Kubernetes with Docker and with containerd. This can be customised further as required.

You can see the see the LinuxKit Kubernetes demo from DockerCon in the video below

You can join the discussions on the #linuxkit channel on the Community Slack.

InfraKit

Code: https://github.com/docker/infrakit

InfraKit is a toolkit for creating and managing declarative, self-healing infrastructure. It has a Plugin included for creating and managing Kubernetes clusters. More information is in the repository’s README and below is a video of InfraKit bootstrapping and scaling a Kubernetes cluster:

You can join the discussions on the #infrakit channel on the Community Slack.

libnetwork

Code: https://github.com/docker/libnetwork

Support has been submitted to libnetwork to make it a CNI provider, the base API for Kubernetes network drivers. This enables all the existing Docker network drivers to work with Kubernetes

Kubernetes has merged alpha support for IPVS based L4 load-balancing using the IPVS library support in libnetwork developed originally for Docker Swarm, which was extended for the Kubernetes use cases. For more information, see the pull request at kubernetes/kubernetes#46580.

Notary

Code: https://github.com/docker/notary

Notary aims to make the internet more secure by making it easy for people to publish and verify content. It is used for signing and verification of containers by Docker and other container projects. Both Notary and The Update Framework that it is based on are in the process of being donated to the CNCF and there will be further direct integration with other CNCF projects, such as Kubernetes, soon.

You can join the discussions on the #notary channel on the Community Slack.

libentitlement

Code: https://github.com/docker/libentitlement

This is a work-in-progress library to support a common high level security entitlement interface for Docker and Kubernetes, a similar type of interface to Apple’s entitlements for macOS. It is being developed in conjunction with the Kubernetes community.