Derrick J. WipplerBlog: http://thrawn01.org

Twitter: @thrawn01

Android Super NES Emulatorhttp://www.superretro16.com/

Containers

What Containers Are NOT

DOCKER != CONTAINERS

Container Technology is provided by the Linux

Kernel

NOT LXC

Linux Kernel Containers

Everything you need to create and run containers already exists in the

linux kernel

Everything you need to create and run containers already exists in the

linux kernel

However…….

CHROOT

CHROOT PROVIDES

Isolate Process & File systems

CHROOT

CHROOTKernel Namespaces

CGroups

Namespaces

PID Namespaces

NET Namespaces

PID Namespaces ProvideProcess Isolation

PID NameSpace 1

PID NameSpace 1

PID NameSpace 2

PID NameSpace 3

PID NameSpace 4

PID NameSpace 1

PID NameSpace 2

PID NameSpace 3

PID NameSpace 4

CHROOT ?

NET Namespaces

NET Namespaces ProvideNetwork Isolation

Root NET Namespace

NET Namespace 1

NET Namespace 2

Root NET Namespace

NET Namespace 1

NET Namespace 2

Network your chroots together inside the kernel

Network your chroots together inside the kernel

Sounds like - VM Hypervisor

Container is NOT a VM

Container is NOT a VM

VM’s run entire OS

Container is NOT a VM

VM’s run entire OS

Containers run a single process

<demo>

Prepare for coolness

Remember, when you start a container, you are just starting a process with namespaces

Existing container workloads on VMs

1X DataCenters

Configuration Management

Infrastructure is in a known state.Prevent Infrastructure drift.

Self Healing

Container Images treated as immutable

No more Infrastructure Drift

Prevent Infrastructure driftInfrastructure is in a known state

Self Healing

Clustering

What is KubernetesKubernetes is an open source orchestration system for Docker containers. It handles scheduling onto nodes in a compute cluster and actively manages workloads to ensure that their state matches the user's declared intentions.

Kubernetes MonitoringBuiltin support for application level health checks

(DB Checks, Socket & Http checks, etc…)

Automatically restart crashed processes (aka containers)

Natively React to Monitor Events

Prevent Infrastructure driftInfrastructure is in a known state

Self Healing

MANAGED BY KUBERNETES

Self healingNo Infrastructure Drift

Infrastructure is in a known state

Reliability

Why do we need Configuration Management?

What about Operating System Configuration?

Immutable Operating Systems

Immutable InfrastructureAKA

Brandon Phillips CTO Alex Polvi CEO

All you need is a OS that can run Containers

No Package Manager

Immutable Config files

Why configure the OS?

Our containers can contain all OS config files and daemons necessary for our

application to run

How to configure all the disparate containers?

Consistent Distributed Key Store

Why do we need Configuration Management?

Brian Redbeard

Principal Architect CoreOS

“If we do our job correctly, future releases of CoreOS will NOT have SSH server

installed”

“If we do our job correctly, future releases of CoreOS will NOT have SSH server

installed”

How you would design your infrastructure/software if you were unable

to SSH into the host OS?

Typical Operating System

Kernel

Configuration

Storage

Workloads

Typical Operating System

Kernel

Configuration

Storage

Linux Kernel

/etc

FileSystems EXT4

Workloads Processes

Typical Operating System

Kernel

Configuration

Storage

Linux Kernel

/etc

FileSystems EXT4

Kubernetes

etcd

ISCSI Block or FSAS

Workloads Processes Containers

Cloud Operating System

Infinite CPU Power

Distributed Scale

Self Healing

Always Available

GIFEE

GIFEEGoogle Infrastructure For Everyone Else

All I WANTcreate my application in a container

make it scale

I don’t want it to go down

Blog: http://thrawn01.org

Twitter: @thrawn01