Proposal for taking a non-core project "nydus-snapshotter" in

[changweige]

Containerd is awesome. Containerd remote snapshotter design is awesome too. Nydus is a container image acceleration solution. It supports container image lazy loading and a few other nice features. It comes with a remote snapshotter to work smoothly with containerd. We want to propose to add nydus-snapshotter as a non-core subproject to the containerd community.

We started the nydus project from Alibaba Cloud and Ant Group about 3 years ago and it is now deployed in Ant Group in a large scale and provides stable container image services to thousands of container images and dozens of customers varying in business fields. It benefits our internal users and customers by significantly reducing container startup time. Alibaba Cloud Function Compute also utilizes nydus as its code package solution.

Nydus offers a container image oriented and optimized filesystem format which provides the following key features,

• Chunk level data de-duplication among layers in a single repository to reduce storage, transport and memory cost
• Deleted(whiteout) files in certain layer aren't packed into nydus image, therefore, image size may be reduced
• E2E image data integrity check. So security issues like "Supply Chain Attack" can be avoided and detected at runtime
• Integrated with CNCF incubating project Dragonfly to distribute container images in P2P fashion and mitigate the pressure on container registries
• Different container image storage backends are supported. For example, Registry, NAS, Aliyun/OSS and applying other remote storage backend like AWS S3 is also possible.
• Record files access pattern during runtime gathering access trace/log, by which user's abnormal behaviors are easily caught. So we can ensure the image can be trusted

Beyond above essential features, nydus can be flexibly configured as a FUSE-base userspace filesystem or in-kernel EROFS with an on-demand loader userspace daemon and integrating nydus with VM-based container runtime is much easier.

• Lightweight integration with VM-based containers runtime like KataContainers. In fact, KataContainers is considering supporting nydus as a native image acceleration solution. The ongoing PR is add nydusd support to introduce lazy load ability
• Nydus closely cooperates with Linux in-kernel disk filesystem EROFS. Containers' rootfs can directly be set up by EROFS with lazy pulling capability. The corresponding changes had been merged into Linux kernel since v5.16 EROFS_What_Are_We_Doing_Now_For_Containers.pdf

We already gave a presentation on KubeCon NA 2021 about nydus' value Faster Container Image Distribution on
a Variety of Tools with Lazy Pulling

Nydus cooperates with Harbor to develop Harbor Acceleration Service to commodiously convert OCI image to nydus format.

To help to boom the containerd community's snapshotter, provide more choices to adapt various use cases for users and attract more developers. I am asking the containerd community to take nydus-snapshotter in as a non-core project and @changweige and @eryugey will be the initial maintainers

If I misunderstood the process of proposing a non-core project, please correct me.

9 maintainers' LGTMs are required (2/3)

• @AkihiroSuda
• @crosbymichael
• @dchen1107
• @dims
• @dmcgowan
• @estesp
• @fuweid
• @kevpar
• @mikebrow
• @mxpv
• @Random-Liu
• @stevvooe
• @yujuhong

[dmcgowan]

LGTM

Logistics wise, are you proposing making a new repository from https://github.com/dragonflyoss/image-service/tree/master/contrib/nydus-snapshotter under the containerd org?

[changweige]

LGTM

Logistics wise, are you proposing making a new repository from https://github.com/dragonflyoss/image-service/tree/master/contrib/nydus-snapshotter under the containerd org?

Thank @dmcgowan.
True, we are going to migrate the nydus-snapshotter(located at https://github.com/dragonflyoss/image-service/tree/master/contrib/nydus-snapshotter ) to a new repository under the contaienerd org once the community would decide to accept it.

[crosbymichael]

LGTM

I was actually looking at your vfiofs daemon last week :). Would love to work more with you all.

[AkihiroSuda]

LGTM

[changweige]

LGTM

I was actually looking at your vfiofs daemon last week :). Would love to work more with you all.

Thank @crosbymichael . It's our pleasure to work closely with the containerd community. We are considering making our rust virtiofsd more open. Any suggestion to the virtiofsd is welcomed. 😁

[mxpv]

LGTM

[mikebrow]

LGTM

[estesp]

LGTM

[fuweid]

LGTM

[kevpar]

LGTM

[Random-Liu]

LGTM!

[hsiangkao]

LGTM!

hi @Random-Liu, thanks for your vote! would you mind update the original issue as well?
So I think we've already got 9 votes here, am I correct? Thanks all!

[changweige]

Thanks all.

We already got 9 LGTMs from maintainers.
We are going to prepare the initial commit for the newly created repository which can be named as nydus-snapshotter very soon enough.

To make this devotion progress, would you please help create the nydus-snapshotter repository under containerd organization? cc @dmcgowan @crosbymichael

If more have to be done, please let us know.

[dmcgowan]

New repo at https://github.com/containerd/nydus-snapshotter will be available after code is imported. The teams have been setup. Thanks!