The open-source containerd project is a foundational element for the modern cloud-native landscape, providing the container runtime used by millions of applications every day.
On Feb. 28, the containerd project hit a major milestone, officially graduating from the Cloud Native Computing Foundation (CNCF), highlighting the project’s overall maturity and stability. Graduation is the highest level of a project within the CNCF, which is host to more than 40 cloud-native projects, including the Kubernetes container orchestration system.
“For a lot of external users, especially at the enterprise level, graduation shows a form of maturity for the project,” Michael Crosby, containerd maintainer and Docker engineer, told eWEEK. “We have all the criteria from the foundation checked off, in terms of governance and fairness with how code is contributed and is managed for the project.”
Crosby is among a core group of developers that helped create containerd. Back in December 2016, Docker announced that it would be refactoring how its container runtime would work and be structured. At the time, the Docker Engine included the runtime and all the associated components for container application delivery in a single project. With containerd, the effort was disaggregated to create a more open, agile method for just the container runtime component.
The containerd project officially joined the CNCF in March 2017. The CNCF has multiple levels of projects, beginning with the sandbox level, then progressing to incubation and then ultimately to the graduated level.
Security Audit
A core element of reaching the graduated status at the CNCF is for a project to undergo a rigorous security audit. Crosby said that the auditors looked at different areas including API memory exploits, general code quality and maintenance.
“Both the containerd container runtime and the Kubernetes cri plugin are very well written from a security standpoint,” the audit stated. “The choice of the Go language made it difficult to find any sort of memory corruptions or similar bugs during this assignment, ultimately leading to no such problems being uncovered. The majority of the code was written in a clean manner, thus easing the process of the code audit.”
Stability
A core element of containerd is the project’s stability, which is particularly important given that it is the cornerstone of tens of millions of cloud-native computing deployments.
“Containerd is the boring runtime, so our priorities have always been performance, stability and reliability,” Crosby said.
Part of being stable is the ability to handle patches for bug and security fixes in a reliable way that doesn’t break user deployments. Crosby explained that from the containerd 1.0 to the 1.2 branch, the project can backport patches, since there is a well-maintained release process.
“We have a really nice process where stability happens over time, and we have architected the project to handle backports effortlessly,” he said.
When containerd started it was a Docker effort, but as part of the CNCF it has benefited from a diversity of contributions from multiple organizations, including IBM, Google, Alibaba and Huawei. Crosby said the project has a great group of contributors that work well together.
“This is a vibrant multi-vendor project that is now used millions of times over and for us in the context of Docker, it’s the underpinnings of our technology,” Dave Messina, EVP of Strategic Alliances at Docker, told eWEEK. “The ability to collaborate here allows us to focus on things that are kind of even higher level in our stack and fuel broader adoption across our desktop technology, our engine and across our enterprise platform.”
Containerd 1.3
Now that containerd has graduated, Crosby doesn’t actually expect that anything will change for the day-to-day efforts of the project as it continues forward. Developers are now working on version 1.3 of containerd, which will provide new features that enable it for the Microsoft Windows operating system.
“For the project, we just want to make something that is really good and is used by everyone using containers,” Crosby said. “We’ll continue making it faster and better, and we’ll see where we end up.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.