Containers & CaaS
4 likes1,296 views
This document discusses containers and related technologies: 1. Containers provide isolated, portable environments for running applications and their dependencies. Docker is a popular container platform that packages applications into containers using Linux kernel features like namespaces and cgroups. 2. The Open Container Initiative (OCI) aims to develop standards around container formats and runtime. Technologies like Docker, rkt, and AppC implement the OCI specifications. 3. Container orchestration systems like Kubernetes and Mesos manage the deployment and lifecycles of containers at scale across clusters of hosts.
Containers & CaaS
- 2. Who am I? Yujie Du About: https://about.me/Yujie.Du Twitter: @ben_duyujie Email: duyujie.dyj@gmail.com Linkedin: https://www.linkedin.com/in/duyujie Download: https://www.slideshare.net/ben_duyujie/containers-caas/
- 5. One company has certainly found growth by injecting software into its industry. source: http://thenewstack.io/uber-netflix-and-the-dreams-of-devops-and-microservices/ 5 Uber's rumored net revenue 2013 2014 2015 2000 400 108 Since 2000, 52% of the Fortune 500 are no longer on the list. The pace of change has increased.
- 6. Docker will play a central role for every player in that market. Private Hybrid Public IT Pros DeploymentPackaging Architects Developers Docker is also the contract between Developers and Operations. Developers and Operations often have very different attitudes when it comes to choosing tools and environments.
- 7. IT Pros DeploymentPackaging Architects Developers Waterfall Agile DevOps Monolithic N-Tier Microservices Datacenter Hosted Cloud Physical Servers Virtual Servers Containers Cloud Native Application
- 8. Figure from M. Schwarzkopf, “Operating system support for warehouse-scale computing”, PhD thesis, University of Cambridge, 2015 (to appear). Details & Bibliography: http://malteschwarzkopf.de/research/assets/google-stack.pdf
- 9. Retail Finance Media Transportation App Container
- 10. App Dev “Monolithic” Systems Management 1 VMware Microsoft Linux Hardware App Dev “Cloud-native” Systems Management 2 OpenStack Cloud Foundry AWS etc. Hardware Systems Management 3 Docker Mesos CoreOS Kubernetes etc. Hardware Plain old virtualization Cloud, public and private Management tools always(?) change What runs everything, most of attention is here Hardware no longer eating the world - cheaper, faster Shift from web, to web + mobile A single API for managing applications on 4 infrastructures
- 12. Physical Processor Virtual Processor Operating System Libraries User Code Private Copy Shared Virtual Machines Physical Processor Virtual Processor Operating System Libraries User Code Containers ISA syscall Containers: less overhead, enable more “magic” Sandboxing(chroot jails) Various projects... chroot (1979) jail Linux-VServer OpenVZ ... Linux container(chroot + OS isolation) brought into the kernel... namespaces cgroups SELinux AppArmor btrs/aufs/ device mapper/etc ... Docker (LXC + packaging) and packaged up. systemd-nspawn LXC lmctfy libvirt-lxc Docker / libcontainer rkt / appc ... Containers are isolated, portable environments where you can run applications along with all the libraries and dependencies they need.
- 13. User request Linux Kernel hardware shell Application Each user has a home directory and process directory Run in memory
- 14. A paradigm shift for the O/S : Redefines “Kernel Space” & “User Space” Better fit for distributed computing
- 15. Who built this image? What’s its purpose? Was it created to support a demo? Is it safe to consume? Who maintains it? RED HAT CERTIFIED Trusted source for the host and the containers Trusted content inside the container with security Dxes available as part of an enterprise lifecycle Portability across hosts HW HostOS Containers Certify
- 16. Process A fork() Process A continues Process B execev() exit() wait() ZOMBIE SIGCHLD clean up Child - new PID executes a different program ! Parent - original PID Reference: http://www.lynx.com/the-fork-call-posix-processes-and-parent-child-relationships 1. Docker Daemon process fork exec dockerinit ENTRYPOINT CMD (your application) 2. 3. new namespaces init namespaces the only process (same PID) cgroups applied Docker Container process process process process Docker Container is born just by syscall fork and exec a process 1.
- 17. CGROUPS NAMESPACES IMAGES DOCKER CONTAINER • Kernel Feature • Groups of Processes • Control Resource Allocation • CPU, CPU Sets • Memory • Disk • Block I/O • Not a File System • Not a VHD • Basically a tar file • Has a Hierarchy • Arbitrary Depth • Fits into Docker Registry • The real magic behind containers • It creates barriers between processes • Different Namespaces • PID Namespace • Net Namespace • IPC Namespace • MNT Namespace • Linux Kernel Namespace introduced between kernel 2.6.15 – 2.6.26 docker run lxc-start
- 21. ACS ACS ACI ID Signed Encrypted Archive Manifest Rootfs veth ipvlan macvlan raw dev FS Volume Environment Logging Isolators Capabilities Linux Isolators Resource Isolators block network cpu memory Runtime Env Pods UUID Manifest Executor Image Discovery Simple Discovery Meta Discovery Network loopback ip overlay DM cgroup Application Containers “An application container is a way of packaging and executing processes on a computer system that isolates the application from the underlying host operating system” https://github.com/appc/spec, 2015.
- 22. CNM & CNI Libnetwork: Docker 1.7 Container Network Model,CNM AppC Container Network Interface,CNI
- 23. https://www.ibm.com/developerworks/community/blogs/1ba56fe3-efad-432f-a1ab-58ba3910b073/entry/thoughts_on_future_of_resource_managers_and_schedulers_in_the_cloud?lang=en IaaSCapacity (VM, Storage…) PaaSApp (code) CaaSApp container
- 24. CNCF & OCI Application definition and orchestration Resource scheduling Distributed system services Container Runtime agent Container registry Container repositoryComputing node OS Software define network Software define storage Infrastructure provisioning Out of scope Api specification OCI and specification Reference implementation OCI api spec . .….N
- 26. The End~