SlideShare a Scribd company logo

State of Union - Containerz

Shiva Narayanaswamy, profile picture
Shiva Narayanaswamy

This document provides an overview of containerization and container orchestration technologies. It discusses schedulers like Kubernetes, Docker Swarm and Mesos and how they provide services for scheduling, resource management and service discovery. It also covers container networking with options like Flannel, Calico and WeaveNet. Container security topics like host security, Docker daemon security and container image security are outlined. Micro operating systems designed for containers like CoreOS, RancherOS and Ubuntu Snappy are presented. PaaS solutions like Convox and Docker Data Center are mentioned. The document is intended to provide information on containerization in no particular order.

Internet
1 of 42
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
State of Union - Containerz --------------------- Shiva (narshiva@) -------------------- ^__^ (oo)_______ (__) )/ ||----w | || ||
TO BEGIN AT THE BEGINNING… Let’s start, shall we?
Containerized Microservices Dom 0 Instance Instance Instance OS OS OS Container Runtime Container Runtime Container Runtime App App Service Service App App Service Service App App Service Service
Container Orchestration Dom 0 Instance Instance Instance OS OS OS Container Runtime Container Runtime Container Runtime App Service App App Service Service Container Orchestration
Container Orchestration Dom 0 Instance/OS Instance/OS Instance/OS App Service App App Service Service Service Management Scheduling Resource Management Orchestration Service Management §Labels §Groups/Namespaces §Dependencies §Load Balancing §Health Check §Service Discovery
Container Orchestration Dom 0 Instance/OS Instance/OS Instance/OS App Service App App Service Service Service Management Scheduling Resource Management Orchestration Scheduling §Placement §Replication/Scaling §Resurrection §Rescheduling §Rolling deploys §Upgrades §Downgrades §Colocation
Container Orchestration Dom 0 Instance/OS Instance/OS Instance/OS App Service App App Service Service Service Management Scheduling Resource Management Orchestration Resource Management §Memory §CPU §GPU §Volumes §Ports §IPs
Non Functional Capabilities Scalability Performance, Responsiveness, Efficiency Availability Fault Tolerance, Reliability, DR Flexibility Extensibility, Portability, Interoperability Usability Familiarity, Debuggability, Maintainability Portability Container Runtime, Host OS, Cloud Provider, On-prem Security Isolation, Encryption, Secrets Management, Auditability
Container Operations Development Lifecycle Source repo, CI-CD, Artefact repo Container Orchestration Scheduling, Resource Management, Service Management BAU Operations Monitoring and Metrics, Maintenance, Debugging Did you hear that?
In no particular order… [ ] Schedulers and Orchestration [ ] Networking [ ] Security [ ] Operating Systems [ ] PaaS [ ] Storage [ ] Monitoring [ ] Container Integration and Container Deployment [ ] Miscellaneous
In no particular order… [ ] Schedulers and Orchestration [ ] General Blurb [ ] ECS [ ] Kubernetes [ ] Mesos [ ] Docker Swarm [ ] Orchestration Wars
Schedulers – General Blurb Cluster Machines Cluster State Information Monolothic Two-Level Shared State No Concurrency Pessimistic Concurrency (offers) Optimistic Concurrency (transactions) Scheduling Logic
Docker Task Container Instance Amazon ECS Container ECS Agent ELB Internet ELB User / Scheduler API Cluster Management Engine Task Container Docker Task Container Instance Container ECS Agent Task Container Docker Task Container Instance Container ECS Agent Task Container AZ 1 AZ 2 Key/Value Store Agent Communication Service ECS
Mesos Master Marathon ZooKeeper Mesos + Marathon Mesos Slaves Long Running Tasks Jobs Coordination & Configuration
Kubernetes Replication Controller API Server Kubernetes Master Kubelet KubeProxy Docker Container Container Pod Pod Kubelet KubeProxy Docker Container Container Pod Pod Kubernetes Cluster etcd
Docker Swarm
I hope we win
In no particular order… [X] Schedulers and Orchestration [ ] Networking [ ] Security [ ] Operating Systems [ ] PaaS [ ] Storage [ ] Monitoring [ ] Container Integration and Container Deployment [ ] Miscellaneous
Container Networking Dom 0 Instance Instance Instance OS OS OS Container Runtime Container Runtime Container Runtime Container Container Container Container Container Container
Overlay all of the thingz • Flannel • Calico • WeaveNet • Swarm Mode
WeaveNet
Mode Swarm Mode Manager Swarm Mode Node TLS CA Load Balancing Service Discovery Distributed Store Docker Engine Libnetwork Volumes Plugins Container Runtime
In no particular order… [X] Schedulers and Orchestration [X] Networking [ ] Security [ ] Operating Systems [ ] PaaS [ ] Storage [ ] Monitoring [ ] Container Integration and Container Deployment [ ] Miscellaneous
Sekkirity is everybodys biznezz
Host Security • Lock it down! • Namespaces and cgroups are your friends • Select few belong to docker UNIX group • SELinux is also your friend • Docker daemon runs as root!
Whale-say "Only trusted users should be allowed to control your Docker daemon"
Docker daemon security • Do not run in privileged mode • Lock down inter container comms –icc=false • Secure APIs with TLS certificates
Whale-say “If you run Docker on a server, it is recommended to run exclusively Docker in the server, and move all other services within containers controlled by Docker”
Container Image Security • Use a small selection of trusted images • Scan your images • CoreOS’s Clair scans Quay.io, • Docker Security Scanning works with Docker Trusted Registry • Red Hat has built a new scanner in Project Atomic for its Atomic Registry. • Other scanners are such as Aqua Peekr, Anchore, and Twistlock Trust work independently of specific registries
Lot more prescriptive advice here… https://benchmarks.cisecurity.org/tools2/docker/CIS _Docker_1.6_Benchmark_v1.0.0.pdf
In no particular order… [X] Schedulers and Orchestration [X] Networking [X] Security [ ] Operating Systems [ ] PaaS [ ] Storage [ ] Monitoring [ ] Container Integration and Container Deployment [ ] Miscellaneous
Micro OS • CoreOS • RancherOS • Ubuntu Snappy • RedHat Atom • VmWare Photon • ECS Optimized Amazon Linux RedHat Atomic VmWare Photon Ubuntu Snappy CoreOS RancherOS 395 MB 317 MB 215 MB 20 MB 150 MB
In no particular order… [X] Schedulers and Orchestration [X] Networking [X] Security [X] Operating Systems [ ] PaaS [ ] Storage [ ] Monitoring [ ] Container Integration and Container Deployment [ ] Miscellaneous
Remind Empire Twelve-Factor
Convox $ convox apps create go-app $ convox deploy $ convox apps info go-app $ convox build --app go-app –d "Hello Build” $ convox releases promote RLYSUALSGCT $ convox ps $ convox scale main --count=2
Docker Data Center Universal Control Plane (UCP) Security Content Trust Docker Trusted Registry Orchestration Swarm Container Runtime Engine Operating System
Others
In no particular order… [X] Schedulers and Orchestration [X] Networking [X] Security [X] Operating Systems [X] PaaS [ ] Storage [ ] Monitoring [ ] Container Integration and Container Deployment [ ] Miscellaneous
Are we there yet?
In no particular order… [X] Schedulers and Orchestration [X] Networking [X] Security [X] Operating Systems [X] PaaS [-] Storage [-] Monitoring [-] Container Integration and Container Deployment [-] Miscellaneous
Demoz • Marathon scheduler on ECS (Credit : Ryosuke-san) • Convox • Docker Swarm • Weave Net and Weave Scope • ECS (ALB, Task AutoScaling, Task IAM Role)
--------------------- T H A N K Y O U -------------------- ^__^ (oo)_______ (__) )/ ||----w | || ||

More Related Content

PPTX
Leveraging elastic web scale computing with AWS
Shiva Narayanaswamy
 
PDF
DevOps and AWS
Shiva Narayanaswamy
 
PPTX
Introduction to DevOps on AWS
Shiva Narayanaswamy
 
PPTX
AWS Security and SecOps
Shiva Narayanaswamy
 
PPTX
Continuous delivery and deployment on AWS
Shiva Narayanaswamy
 
PDF
Devops with Amazon Web Services (January 2017)
Julien SIMON
 
PPTX
Application Lifecycle Management and Event Driven Programming on AWS
Shiva Narayanaswamy
 
PDF
AWS + Puppet = Dynamic Scale
Shiva Narayanaswamy
 
Leveraging elastic web scale computing with AWS
Shiva Narayanaswamy
 
DevOps and AWS
Shiva Narayanaswamy
 
Introduction to DevOps on AWS
Shiva Narayanaswamy
 
AWS Security and SecOps
Shiva Narayanaswamy
 
Continuous delivery and deployment on AWS
Shiva Narayanaswamy
 
Devops with Amazon Web Services (January 2017)
Julien SIMON
 
Application Lifecycle Management and Event Driven Programming on AWS
Shiva Narayanaswamy
 
AWS + Puppet = Dynamic Scale
Shiva Narayanaswamy
 

Viewers also liked (18)

PDF
DevOps, Common use cases, Architectures, Best Practices
Shiva Narayanaswamy
 
PDF
Pets, Cattle, Rabbits and Microbes
Shiva Narayanaswamy
 
PDF
Platform for Innovation - AWS
Shiva Narayanaswamy
 
PDF
AWS Tagging Strategy
Shiva Narayanaswamy
 
PDF
Your APIs can be soft and fluffy
Shiva Narayanaswamy
 
PDF
Leveraging Elastic Web Scale Computing with AWS
Shiva Narayanaswamy
 
PDF
Application Delivery Patterns
Shiva Narayanaswamy
 
PDF
Build high performing mobile apps, faster with AWS
Shiva Narayanaswamy
 
PDF
Event driven infrastructure
Shiva Narayanaswamy
 
PDF
Innovation at Scale - Top 10 AWS questions when you start
Shiva Narayanaswamy
 
PDF
ECS and ECR deep dive
Shiva Narayanaswamy
 
PPTX
Running Hybrid Cloud Patterns on AWS
Shiva Narayanaswamy
 
PDF
Best practices for MySQL/MariaDB Server/Percona Server High Availability
Colin Charles
 
PPTX
WINPOT CASINO
WINPOT CASINO
 
PDF
4 logo Cinema One DEGRADE RGB
BATIR DRAGOS-GABRIEL
 
PDF
China cardiovascular system drugs industry market demand forecast and investm...
Qianzhan Intelligence
 
PDF
Dr matthew katz_médias_sociaux_19_avril_2012
laucyn
 
PDF
Project_Completion_12_December_2012
Enric Vinyes
 
DevOps, Common use cases, Architectures, Best Practices
Shiva Narayanaswamy
 
Pets, Cattle, Rabbits and Microbes
Shiva Narayanaswamy
 
Platform for Innovation - AWS
Shiva Narayanaswamy
 
AWS Tagging Strategy
Shiva Narayanaswamy
 
Your APIs can be soft and fluffy
Shiva Narayanaswamy
 
Leveraging Elastic Web Scale Computing with AWS
Shiva Narayanaswamy
 
Application Delivery Patterns
Shiva Narayanaswamy
 
Build high performing mobile apps, faster with AWS
Shiva Narayanaswamy
 
Event driven infrastructure
Shiva Narayanaswamy
 
Innovation at Scale - Top 10 AWS questions when you start
Shiva Narayanaswamy
 
ECS and ECR deep dive
Shiva Narayanaswamy
 
Running Hybrid Cloud Patterns on AWS
Shiva Narayanaswamy
 
Best practices for MySQL/MariaDB Server/Percona Server High Availability
Colin Charles
 
WINPOT CASINO
WINPOT CASINO
 
4 logo Cinema One DEGRADE RGB
BATIR DRAGOS-GABRIEL
 
China cardiovascular system drugs industry market demand forecast and investm...
Qianzhan Intelligence
 
Dr matthew katz_médias_sociaux_19_avril_2012
laucyn
 
Project_Completion_12_December_2012
Enric Vinyes
 
Ad

Similar to State of Union - Containerz (20)

PDF
Container orchestration
Timo Derstappen
 
PDF
Choosing PaaS: Cisco and Open Source Options: an overview
Cisco DevNet
 
PPTX
Docker for the enterprise
Bert Poller
 
PDF
Managing containers at scale
Smruti Ranjan Tripathy
 
PDF
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
NETWAYS
 
PDF
OpenStack Operations Guide 1st Edition Tom Fifield
tuekamrasyid
 
PDF
Introduction to containers, k8s, Microservices & Cloud Native
Terry Wang
 
PPTX
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
Fwdays
 
PDF
On Prem Container Cloud - Lessons Learned
CodeOps Technologies LLP
 
PDF
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
QAware GmbH
 
PDF
You got a couple Microservices, now what? - Adding SRE to DevOps
Gonzalo Maldonado
 
PDF
56k.cloud training
Brian Christner
 
PPTX
Episode 1: Building Kubernetes-as-a-Service
Mesosphere Inc.
 
PDF
DCEU 18: Docker Enterprise Platform and Architecture
Docker, Inc.
 
PPTX
Docker Enterprise Workshop - Intro
Patrick Chanezon
 
PDF
Monitoring hybrid container environments
Samuel Vandamme
 
PDF
Kubernetes stack reliability
Oleg Chunikhin
 
PDF
How Self-Healing Nodes and Infrastructure Management Impact Reliability
Kublr
 
PPTX
Dockercon EU 2015
John Fiedler
 
PDF
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...
Codemotion
 
Container orchestration
Timo Derstappen
 
Choosing PaaS: Cisco and Open Source Options: an overview
Cisco DevNet
 
Docker for the enterprise
Bert Poller
 
Managing containers at scale
Smruti Ranjan Tripathy
 
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
NETWAYS
 
OpenStack Operations Guide 1st Edition Tom Fifield
tuekamrasyid
 
Introduction to containers, k8s, Microservices & Cloud Native
Terry Wang
 
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
Fwdays
 
On Prem Container Cloud - Lessons Learned
CodeOps Technologies LLP
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
QAware GmbH
 
You got a couple Microservices, now what? - Adding SRE to DevOps
Gonzalo Maldonado
 
56k.cloud training
Brian Christner
 
Episode 1: Building Kubernetes-as-a-Service
Mesosphere Inc.
 
DCEU 18: Docker Enterprise Platform and Architecture
Docker, Inc.
 
Docker Enterprise Workshop - Intro
Patrick Chanezon
 
Monitoring hybrid container environments
Samuel Vandamme
 
Kubernetes stack reliability
Oleg Chunikhin
 
How Self-Healing Nodes and Infrastructure Management Impact Reliability
Kublr
 
Dockercon EU 2015
John Fiedler
 
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...
Codemotion
 
Ad

Recently uploaded (20)

PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
PPTX
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
PPTX
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
PDF
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PDF
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
PPTX
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
PPTX
Digital Literacy And Online Safety on internet
riksa rifqi
 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
PPTX
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
PDF
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
artificial intelligence overview of it and more
yafotin445
 
Internet___Basics___Styled_ presentation
poonam62133
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
Digital Literacy And Online Safety on internet
riksa rifqi
 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 

State of Union - Containerz

  • 1. State of Union - Containerz --------------------- Shiva (narshiva@) -------------------- ^__^ (oo)_______ (__) )/ ||----w | || ||
  • 2. TO BEGIN AT THE BEGINNING… Let’s start, shall we?
  • 3. Containerized Microservices Dom 0 Instance Instance Instance OS OS OS Container Runtime Container Runtime Container Runtime App App Service Service App App Service Service App App Service Service
  • 4. Container Orchestration Dom 0 Instance Instance Instance OS OS OS Container Runtime Container Runtime Container Runtime App Service App App Service Service Container Orchestration
  • 5. Container Orchestration Dom 0 Instance/OS Instance/OS Instance/OS App Service App App Service Service Service Management Scheduling Resource Management Orchestration Service Management §Labels §Groups/Namespaces §Dependencies §Load Balancing §Health Check §Service Discovery
  • 6. Container Orchestration Dom 0 Instance/OS Instance/OS Instance/OS App Service App App Service Service Service Management Scheduling Resource Management Orchestration Scheduling §Placement §Replication/Scaling §Resurrection §Rescheduling §Rolling deploys §Upgrades §Downgrades §Colocation
  • 7. Container Orchestration Dom 0 Instance/OS Instance/OS Instance/OS App Service App App Service Service Service Management Scheduling Resource Management Orchestration Resource Management §Memory §CPU §GPU §Volumes §Ports §IPs
  • 8. Non Functional Capabilities Scalability Performance, Responsiveness, Efficiency Availability Fault Tolerance, Reliability, DR Flexibility Extensibility, Portability, Interoperability Usability Familiarity, Debuggability, Maintainability Portability Container Runtime, Host OS, Cloud Provider, On-prem Security Isolation, Encryption, Secrets Management, Auditability
  • 9. Container Operations Development Lifecycle Source repo, CI-CD, Artefact repo Container Orchestration Scheduling, Resource Management, Service Management BAU Operations Monitoring and Metrics, Maintenance, Debugging Did you hear that?
  • 10. In no particular order… [ ] Schedulers and Orchestration [ ] Networking [ ] Security [ ] Operating Systems [ ] PaaS [ ] Storage [ ] Monitoring [ ] Container Integration and Container Deployment [ ] Miscellaneous
  • 11. In no particular order… [ ] Schedulers and Orchestration [ ] General Blurb [ ] ECS [ ] Kubernetes [ ] Mesos [ ] Docker Swarm [ ] Orchestration Wars
  • 12. Schedulers – General Blurb Cluster Machines Cluster State Information Monolothic Two-Level Shared State No Concurrency Pessimistic Concurrency (offers) Optimistic Concurrency (transactions) Scheduling Logic
  • 13. Docker Task Container Instance Amazon ECS Container ECS Agent ELB Internet ELB User / Scheduler API Cluster Management Engine Task Container Docker Task Container Instance Container ECS Agent Task Container Docker Task Container Instance Container ECS Agent Task Container AZ 1 AZ 2 Key/Value Store Agent Communication Service ECS
  • 14. Mesos Master Marathon ZooKeeper Mesos + Marathon Mesos Slaves Long Running Tasks Jobs Coordination & Configuration
  • 15. Kubernetes Replication Controller API Server Kubernetes Master Kubelet KubeProxy Docker Container Container Pod Pod Kubelet KubeProxy Docker Container Container Pod Pod Kubernetes Cluster etcd
  • 17. I hope we win
  • 18. In no particular order… [X] Schedulers and Orchestration [ ] Networking [ ] Security [ ] Operating Systems [ ] PaaS [ ] Storage [ ] Monitoring [ ] Container Integration and Container Deployment [ ] Miscellaneous
  • 19. Container Networking Dom 0 Instance Instance Instance OS OS OS Container Runtime Container Runtime Container Runtime Container Container Container Container Container Container
  • 20. Overlay all of the thingz • Flannel • Calico • WeaveNet • Swarm Mode
  • 22. Mode Swarm Mode Manager Swarm Mode Node TLS CA Load Balancing Service Discovery Distributed Store Docker Engine Libnetwork Volumes Plugins Container Runtime
  • 23. In no particular order… [X] Schedulers and Orchestration [X] Networking [ ] Security [ ] Operating Systems [ ] PaaS [ ] Storage [ ] Monitoring [ ] Container Integration and Container Deployment [ ] Miscellaneous
  • 25. Host Security • Lock it down! • Namespaces and cgroups are your friends • Select few belong to docker UNIX group • SELinux is also your friend • Docker daemon runs as root!
  • 26. Whale-say "Only trusted users should be allowed to control your Docker daemon"
  • 27. Docker daemon security • Do not run in privileged mode • Lock down inter container comms –icc=false • Secure APIs with TLS certificates
  • 28. Whale-say “If you run Docker on a server, it is recommended to run exclusively Docker in the server, and move all other services within containers controlled by Docker”
  • 29. Container Image Security • Use a small selection of trusted images • Scan your images • CoreOS’s Clair scans Quay.io, • Docker Security Scanning works with Docker Trusted Registry • Red Hat has built a new scanner in Project Atomic for its Atomic Registry. • Other scanners are such as Aqua Peekr, Anchore, and Twistlock Trust work independently of specific registries
  • 30. Lot more prescriptive advice here… https://benchmarks.cisecurity.org/tools2/docker/CIS _Docker_1.6_Benchmark_v1.0.0.pdf
  • 31. In no particular order… [X] Schedulers and Orchestration [X] Networking [X] Security [ ] Operating Systems [ ] PaaS [ ] Storage [ ] Monitoring [ ] Container Integration and Container Deployment [ ] Miscellaneous
  • 32. Micro OS • CoreOS • RancherOS • Ubuntu Snappy • RedHat Atom • VmWare Photon • ECS Optimized Amazon Linux RedHat Atomic VmWare Photon Ubuntu Snappy CoreOS RancherOS 395 MB 317 MB 215 MB 20 MB 150 MB
  • 33. In no particular order… [X] Schedulers and Orchestration [X] Networking [X] Security [X] Operating Systems [ ] PaaS [ ] Storage [ ] Monitoring [ ] Container Integration and Container Deployment [ ] Miscellaneous
  • 35. Convox $ convox apps create go-app $ convox deploy $ convox apps info go-app $ convox build --app go-app –d "Hello Build” $ convox releases promote RLYSUALSGCT $ convox ps $ convox scale main --count=2
  • 36. Docker Data Center Universal Control Plane (UCP) Security Content Trust Docker Trusted Registry Orchestration Swarm Container Runtime Engine Operating System
  • 38. In no particular order… [X] Schedulers and Orchestration [X] Networking [X] Security [X] Operating Systems [X] PaaS [ ] Storage [ ] Monitoring [ ] Container Integration and Container Deployment [ ] Miscellaneous
  • 39. Are we there yet?
  • 40. In no particular order… [X] Schedulers and Orchestration [X] Networking [X] Security [X] Operating Systems [X] PaaS [-] Storage [-] Monitoring [-] Container Integration and Container Deployment [-] Miscellaneous
  • 41. Demoz • Marathon scheduler on ECS (Credit : Ryosuke-san) • Convox • Docker Swarm • Weave Net and Weave Scope • ECS (ALB, Task AutoScaling, Task IAM Role)
  • 42. --------------------- T H A N K Y O U -------------------- ^__^ (oo)_______ (__) )/ ||----w | || ||