Hello, youki!
tech rust youki
Published: 2021-12-27

Hello, youki!

Hi, I'm Toru Komatsu(@utam0k), first committer of youki.
This article was written in celebration of youki's v0.0.1 release

View Relase Note

🤔 What is youki?

Youki is a low level container runtime written in Rust that implements the OCI Runtime Specification. Simply put, youki is a commandline tool that can create containers. Other runtimes in the same category you might have heard about are runc and crun. When you create a container using Docker or Podman the actual container creation is delegated to a tool like youki.

Why another container runtime?

Currently many container tools are implemented in Go which requires special handling when it comes to implementing a container runtime. Runc for example embeds a C program into its exectuable that handles setting up the namespaces as this is not possible in Go due to the multithreaded nature of the Go runtime.

On the other hand C could be used as a implementation language but this comes at the cost of memory safety and in addition C lacks high level language constructs that we have come to expect from a modern language.

Therefore while Go and C are perfectly fine languages, for this particular use case we believe that Rust with its cross section of low level control, memory safety and high level abstractions is uniquely suited for implementing a container runtime.

Youki has the potential to be faster and use less memory than runc, and therefore work in environments with tight memory usage requirements. Here is a simple benchmark of a container from creation to deletion. As with all benchmarks, this might not be representative of your own workloads

RuntimeTime (mean ± σ)Range (min … max)
youki198.4 ms ± 52.1 ms97.2 ms … 296.1 ms
runc352.3 ms ± 53.3 ms248.3 ms … 772.2 ms
crun153.5 ms ± 21.6 ms80.9 ms … 196.6 ms
Details about the benchmark
  • A command used for the benchmark
    $ hyperfine --prepare 'sudo sync; echo 3 | sudo tee /proc/sys/vm/drop_caches' --warmup 10 --min-runs 100 'sudo ./youki create -b tutorial a && sudo ./youki start a && sudo ./youki delete -f a'
    
  • Enviroment
    $ ./youki info
    Version           0.0.1
    Kernel-Release    5.11.0-41-generic
    Kernel-Version    #45-Ubuntu SMP Fri Nov 5 11:37:01 UTC 2021
    Architecture      x86_64
    Operating System  Ubuntu 21.04
    Cores             12
    Total Memory      32025
    Cgroup setup      hybrid
    Cgroup mounts
      blkio           /sys/fs/cgroup/blkio
      cpu             /sys/fs/cgroup/cpu,cpuacct
      cpuacct         /sys/fs/cgroup/cpu,cpuacct
      cpuset          /sys/fs/cgroup/cpuset
      devices         /sys/fs/cgroup/devices
      freezer         /sys/fs/cgroup/freezer
      hugetlb         /sys/fs/cgroup/hugetlb
      memory          /sys/fs/cgroup/memory
      net_cls         /sys/fs/cgroup/net_cls,net_prio
      net_prio        /sys/fs/cgroup/net_cls,net_prio
      perf_event      /sys/fs/cgroup/perf_event
      pids            /sys/fs/cgroup/pids
      unified         /sys/fs/cgroup/unified
    CGroup v2 controllers
      cpu             detached
      cpuset          detached
      hugetlb         detached
      io              detached
      memory          detached
      pids            detached
      device          attached
    Namespaces        enabled
      mount           enabled
      uts             enabled
      ipc             enabled
      user            enabled
      pid             enabled
      network         enabled
      cgroup          enabled
    $ ./youki --version
    youki version 0.0.1
    commit: 0.0.1-0-0be33bf
    $ runc -v
    runc version 1.0.0-rc93
    commit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
    spec: 1.0.2-dev
    go: go1.13.15
    libseccomp: 2.5.1
    $ crun --version
    crun version 0.19.1.45-4cc7
    commit: 4cc7fa1124cce75dc26e12186d9cbeabded2b710
    spec: 1.0.0
    +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
    

Implementation status

A container runtime needs to implement many features that users have come to expect from a container runtime, that have not yet been incorporated into the OCI Runtime Specification. Despite this being the first release of youki, many features have already been implemented.

FeatureDescriptionState
DockerRunning via Docker
PodmanRunning via Podman
pivot_rootChange the root directory
MountsMount files and directories to container
NamespacesIsolation of various resources
CapabilitiesLimiting root privileges
Cgroups v1Resource limitations, etc
Cgroups v2Improved version of v1Support is complete except for devices. WIP on #78
Systemd cgroup driverSetting up a cgroup using systemd
SeccompFiltering system calls
HooksAdd custom processing during container creation
RootlessRunning a container without root privileges
OCI ComplianceCompliance with OCI Runtime Spec✅ 50 out of 50 test cases passing

How to get started

Download youki from the release page and follow the tutorial. See the mdbook for more details.

💪 Motivation

Why do we keep implementing youki?

  • Contribution to the container runtime community
    We are trying to provide as much of the crates used to make youki to the community. Currently we are providing containers/oci-spec-rs as a crate, separated from youki’s main code. We have already crates available for cgroups, container creation, seccomp and oci-cli parsing which will be released at a later point in time.

  • Explore
    Youki does not provide any support for older kernels. By doing so, it has the potential to use new features such as io_uring, clone3 and webassembly.

  • Fun We have fun implementing this. In fact, this might be the most important part.

🤝 Join youki!

Youki is always looking for people who want to learn about container runtimes in Rust, and for your input.

We also have good first issue as the first way to participate in development. If you cannot find a good first issue that fits you, please ask on Discord or Twitter.

👣 A short history of youki

utam0k found a book about Docker & Kubernetes written by Kohei Tokunaga in Japanese
Studied railcar which is implemented by Oracle and already archived
Started implementing the container runtime in Rust, which later became youki
Attracted attention of developers on Reddit and elsewhere
Transfer from utam0k's personal account to the containers organization
More attention, more developers
First release of youki

🥰 Acknowledgement

Thanks to all the wonderful collaborators.
Thomas Schubart, yihuaf, YJDoc2, tommady, Yukang and Travis Sturzl

Thanks to the members of containers for their cooperation.
Thank you especially to Sascha Grunert, Giuseppe Scrivano and Daniel J Walsh.

Thanks to all the people who already contributed!

This article has been reviewed by Thomas Schubart and some additions have been made. Thank you very much.

💬 Conclusion

We are always eager for new contributers. We don’t have a sponsor feature on GitHub, so please give us a star to encourage us.

Star
Share on:
comments powered by Disqus