Presentation: Optimizing For Production Workloads

Track: Operating Systems: LinuxKit, Unikernels, & Beyond

Location: Windsor, 5th flr.

Duration: 4:10pm - 5:00pm

Day of week: Wednesday

Level: Intermediate

Share this on:


Breaking down the containers runtimes into their base functionality and then building them up into a series or core libraries and tools to specialize in core capabilities. Our goal is, rather then have one monolithic daemon to do all container management, to build up a series of tools that specialize in each different function of container management.
The tooling landscape for containers is evolving rapidly--to keep things running smoothly in production, you need to keep your eye on the latest developments in container infrastructure. This talk will introduce the following:

  1. containers/Image: Library used by other tools for pulling and pushing container images to and from a container registry like and into other types of container storage
  2. containers/storage: Library used for storing container images on disk supporting multiple container backends including Overlay, Devicemapper, and Btrfs
  3. libpod : Library for managing the lifecycle of pods and containers
  4. Skopeo: CLI tool that uses containers/image and containers/storage to move container images between different types of containers storage, including container registries, container storage, Docker storage, OCI Directories etc. Think of it as scp for container images.
  5. Buildah: CLI tool that allows you to build OCI container images using standard linux tools, no daemon necessary, also has support for Dockerfile
  6. CRI-O : API server daemon for the Kubernetes Container Runtime Interface. optimized for serving the Kubernetes and OpenShift Workloads. Supports multiple container runtimes like runc and kata containers out of the box.
  7. Podman: Simple CLI tool used to create pods and containers without requiring a daemon.

Tools share the same container storage and infrastructure, allowing users to pick and choose the best tool for their workloads.

Speaker: Samuel Ortiz

Principal Engineer @Intel Open Source Technology Center

Samuel is a Principal Engineer at Intel's Open Source Technology Center, where he currently leads the Kata Containers and Clear Containers project. He's also the Linux kernel NFC maintainer and one of the CRI-O maintainers. In previous lives Samuel worked on networking and connectivity, maintaining pieces of the kernel, entire wireless stacks and dealing with obsolete protocols like infrared. He also worked on scaling and lowering production costs for Android by building the IRDA stack. Samuel holds a MS in Computer Science and Automation from Ecole des Mines de Paris.

Find Samuel Ortiz at

Speaker: Daniel Walsh

Engineer @Redhat working on CRI-O Container Runtime

Daniel Walsh has worked in the computer security field for over 35 years. Dan is a Consulting Engineer at Red Hat. He joined Red Hat in August 2001. Dan leads the Red Hat Container Engineering team since August 2013, but has been working on container technology for several years. Dan currently focusess on the CRI-O Container Runtime, Buildah for building container images, containers/storage and containers/image. Dan has made many contributions to the Docker project. Dan has also developed a lot of the software on Project Atomic. He has led the SELinux project, concentrating on the application space and policy development. Dan helped developed sVirt, Secure Virtualization as well as the SELinux Sandbox back in RHEL6 an early desktop container tool. Previously, Dan worked Netect/Bindview's on Vulnerability Assessment Products and at Digital Equipment Corporation working on the Athena Project, AltaVista Firewall/Tunnel (VPN) Products. Dan has a BA in Mathematics from the College of the Holy Cross and a MS in Computer Science from Worcester Polytechnic Institute. Twitter: rhatdan Blog: 

Find Daniel Walsh at

Last Year's Tracks

Monday, 5 March

Tuesday, 6 March

Wednesday, 7 March