You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Youki is a low-level container runtime written in Rust. A low-level container runtime is the software responsible for creating and setting up the container process. Youki adheres to the container specification as defined in the OCI runtime specification, similar to runc, and thus can be used along with other OCI conforming softwares such as Containerd or CRI-O. Apart from specification conformance, Youki also passes the OCI runtime tests and containerd tests, proving its reliability.
The differences between youki and runc are:
Youki is an alternative implementation of a container runtime conforming to the OCI runtime spec, while runc is the reference implementation. The project allows for a different set of trade-offs compared to runc and enables a new set of innovations in this space. For example, youki incorporates a first-class Wasm support while consciously decide to forego support of older kernels in order to take advantage of new kernel features.
Youki is implemented in Rust and thus does not have certain constraints faced by other runtimes written in other languages. For example, the Go runtime's constraints in runc have led to a mixed implementation with C1, which has sometimes resulted in security vulnerabilities2. While runc's contributions to the containers is immense, Rust allows for a pure Rust implementation3, enabling a simpler, more secure, memory-safe, and higher-performing architecture. As proven in Android4, the choice of Rust for this layer is currently one of the best solutions
Here are some reference benchmark measured from container creation to deletion. With the increasing adoption of cloud-native workloads, even small differences in these can have a large impact.
Runtime
Time (mean ± σ)
Range (min … max)
vs youki(mean)
Version
youki
111.5 ms ± 11.6 ms
84.0 ms ± 142.5 ms
100%
0.3.3
runc
224.6 ms ± 12.0 ms
190.5 ms ± 255.4 ms
200%
1.1.7
crun
47.3 ms ± 2.8 ms
42.4 ms ± 56.2 ms
42%
1.15
Details about this benchmark
A command to run the above benchmark. Before running it, you have to prepare the ./turorial dir following this instruction
$ hyperfine --prepare 'sudo sync; echo 3 | sudo tee /proc/sys/vm/drop_caches' --warmup 10 --min-runs 100 'sudo ./youki create -b tutorial a && sudo ./youki start a && sudo ./youki delete -f a'
Benchmarked environment
$ ./youki info
Version 0.3.3
Commit 4f3c8307
Kernel-Release 6.5.0-35-generic
Kernel-Version #35~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue May 7 09:00:52 UTC 2
Architecture x86_64
Operating System Ubuntu 22.04.4 LTS
Cores 16
Total Memory 63870
Cgroup setup unified
Cgroup mounts
Namespaces enabled
mount enabled
uts enabled
ipc enabled
user enabled
pid enabled
network enabled
cgroup enabled
Capabilities
CAP_BPF available
CAP_PERFMON available
CAP_CHECKPOINT_RESTORE available
Youki also plays an important role in the Rust container community as a library. The main part of youki, libcontainer5, is designed to be used as a library and is indeed used in this way. Additionally, there are useful libraries developed during youki's development that are widely used6.
Org repo URL (provide if all repos under the org are in the scope of the application)
N/A - Youki is currently under cotainers organization, but youki works independently based on its own community governance.
If the project is accepted, I agree the project will follow the CNCF IP Policy
Trademark and accounts
If the project is accepted, I agree to donate all project trademarks and accounts to the CNCF
Why CNCF?
Containers are a fundamental piece of technology for CNCF, and having a community-driven and vendor-neural low-level (OCI) Container Runtime within CNCF projects is crucial. Despite the crucial role of low-level container runtimes, they often do not receive the attention they deserve. Including youki in CNCF would raise the profile and awareness of low-level container runtimes, benefiting both the OCI and the entire Cloud Native community.
Also, having youki in CNCF makes it easier for other CNCF projects to use youki as a dependency.
The youki community is vendor-neutral, which is important to the maintainers and the community, and I believe CNCF is the perfect place for that.
Benefit to the Landscape
One of the core benefits that youki brings to the landscape is a solid, feature-rich, OCI-compatible low-level layer that encourages innovation in layers above it.
For instance, to integrate Wasm as a first-class citizen into the Kubernetes ecosystem, we were able to leverage youki as the low-level container runtime.
This allows running Wasm artifacts and Linux containers side-by-side within a Kubernetes Pod. It significantly reduces the time and resources required to develop a new category of containers without worrying about the details of setting up cgroups, namespaces, and other security mechanisms that make containers possible.
Increasing the visibility of low-level container runtimes would significantly benefit the landscape, encouraging the continued development and evolution in this sector.
Also, there is a growing ecosystem of system components written in Rust within CNCF Landscape. For example, containerd/runwasi is a containerd shim written in Rust that facilitates Wasm workloads and uses youki as a Rust library.
Youki enriches this ecosystem by implementing an essential container piece in Rust, helping other projects to grow and thrive.
There is a dependency on libseccomp-rs. This library is a wrapper for C. We would argue that the code for youki itself is complete in Rust. We also have a plan to eliminate the dependency on libseccomp. ↩
Application contact emails
k0ma@utam0k.jp, yihuaf@unkies.org, jorge.prendes@gmail.com
Project Summary
An OCI(Low-Level) Container Runtime in Rust
Project Description
Youki is a low-level container runtime written in Rust. A low-level container runtime is the software responsible for creating and setting up the container process. Youki adheres to the container specification as defined in the OCI runtime specification, similar to runc, and thus can be used along with other OCI conforming softwares such as Containerd or CRI-O. Apart from specification conformance, Youki also passes the OCI runtime tests and containerd tests, proving its reliability.
The differences between youki and runc are:
runcis the reference implementation. The project allows for a different set of trade-offs compared toruncand enables a new set of innovations in this space. For example,youkiincorporates a first-class Wasm support while consciously decide to forego support of older kernels in order to take advantage of new kernel features.Here are some reference benchmark measured from container creation to deletion. With the increasing adoption of cloud-native workloads, even small differences in these can have a large impact.
Details about this benchmark
A command to run the above benchmark. Before running it, you have to prepare the
./turorialdir following this instructionBenchmarked environment
Youki also plays an important role in the Rust container community as a library. The main part of youki, libcontainer5, is designed to be used as a library and is indeed used in this way. Additionally, there are useful libraries developed during youki's development that are widely used6.
Org repo URL (provide if all repos under the org are in the scope of the application)
N/A - Youki is currently under cotainers organization, but youki works independently based on its own community governance.
Project repo URL in scope of application
https://github.com/containers/youki
Additional repos in scope of the application
N/A
Website URL
https://containers.github.io/youki/
Roadmap
Contributing Guide
https://containers.github.io/youki/community/contributing.html
Code of Conduct (CoC)
https://containers.github.io/youki/community/governance.html#code-of-conduct
Adopters
Contributing or Sponsoring Org
Maintainers file
https://containers.github.io/youki/community/maintainer.html
IP Policy
Trademark and accounts
Why CNCF?
Containers are a fundamental piece of technology for CNCF, and having a community-driven and vendor-neural low-level (OCI) Container Runtime within CNCF projects is crucial. Despite the crucial role of low-level container runtimes, they often do not receive the attention they deserve. Including youki in CNCF would raise the profile and awareness of low-level container runtimes, benefiting both the OCI and the entire Cloud Native community.
Also, having youki in CNCF makes it easier for other CNCF projects to use youki as a dependency.
The youki community is vendor-neutral, which is important to the maintainers and the community, and I believe CNCF is the perfect place for that.
Benefit to the Landscape
One of the core benefits that youki brings to the landscape is a solid, feature-rich, OCI-compatible low-level layer that encourages innovation in layers above it.
For instance, to integrate Wasm as a first-class citizen into the Kubernetes ecosystem, we were able to leverage youki as the low-level container runtime.
This allows running Wasm artifacts and Linux containers side-by-side within a Kubernetes Pod. It significantly reduces the time and resources required to develop a new category of containers without worrying about the details of setting up cgroups, namespaces, and other security mechanisms that make containers possible.
Increasing the visibility of low-level container runtimes would significantly benefit the landscape, encouraging the continued development and evolution in this sector.
Also, there is a growing ecosystem of system components written in Rust within CNCF Landscape. For example,
containerd/runwasiis a containerd shim written in Rust that facilitates Wasm workloads and uses youki as a Rust library.Youki enriches this ecosystem by implementing an essential container piece in Rust, helping other projects to grow and thrive.
Cloud Native 'Fit'
No response
Cloud Native 'Integration'
No response
Cloud Native Overlap
No response
Similar projects
Landscape
https://landscape.cncf.io/?group=wasm&item=wasm--orchestration-management--youki
Business Product or Service to Project separation
N/A
Project presentations
Project champions
Additional information
No response
Footnotes
https://github.com/opencontainers/runc/tree/v1.1.12/libcontainer/nsenter ↩
https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv ↩
There is a dependency on libseccomp-rs. This library is a wrapper for C. We would argue that the code for youki itself is complete in Rust. We also have a plan to eliminate the dependency on libseccomp. ↩
https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html ↩
https://github.com/containers/youki/tree/v0.3.3/crates/libcontainer ↩
https://crates.io/crates/oci-spec/reverse_dependencies ↩
The text was updated successfully, but these errors were encountered: