Containers & CaaS

Download Containers & CaaS

Post on 20-Mar-2017

781 views

Category:

Technology

0 download

Embed Size (px)

TRANSCRIPT

  • Who am I?Yujie Du About: https://about.me/Yujie.Du Twitter: @ben_duyujie Email: duyujie.dyj@gmail.com Linkedin: https://www.linkedin.com/in/duyujie Download: https://www.slideshare.net/ben_duyujie/containers-caas/

    https://www.linkedin.com/in/duyujiehttps://www.slideshare.net/ben_duyujie/containers-caas/

  • One company has certainly found growth by injecting software into its industry.

    source: http://thenewstack.io/uber-netflix-and-the-dreams-of-devops-and-microservices/

    5

    Uber's rumored net revenue

    2013 2014 2015

    2000

    400108

    Since2000,52%oftheFortune500arenolongeronthelist.Thepaceofchangehasincreased.

    http://thenewstack.io/uber-netflix-and-the-dreams-of-devops-and-microservices/

  • Docker will play a central role for every player in that market.

    Private Hybrid Public

    IT Pros DeploymentPackaging Architects Developers

    Docker is also the contract between Developers and Operations. Developers and Operations often have very different attitudes when it comes to choosing tools and environments.

  • IT Pros DeploymentPackaging Architects Developers

    Waterfall

    Agile

    DevOps

    Monolithic

    N-Tier

    Microservices

    Datacenter

    Hosted

    Cloud

    Physical Servers

    Virtual Servers

    Containers

    Cloud Native Application

  • Figure from M. Schwarzkopf, Operating system support for warehouse-scale computing, PhD thesis, University of Cambridge, 2015 (to appear).

    Details & Bibliography: http://malteschwarzkopf.de/research/assets/google-stack.pdf

  • Retail Finance Media Transportation App

    Container

  • AppDevMonolithic

    SystemsManagement1

    VMwareMicrosoftLinux

    Hardware

    AppDevCloud-native

    SystemsManagement2

    OpenStackCloudFoundry

    AWSetc.

    Hardware

    SystemsManagement3

    DockerMesosCoreOS

    Kubernetesetc.

    Hardware

    Plain old virtualization Cloud, public and private

    Management tools always(?) change

    What runs everything, most of

    attention is here

    Hardware no longer eating the world - cheaper, faster

    Shift from web, to web + mobile

    A single API for managing applications on 4 infrastructures

  • Physical Processor

    Virtual Processor

    Operating System

    Libraries

    User Code Private Copy

    Shared

    Virtual Machines

    Physical Processor

    Virtual Processor

    Operating System

    Libraries

    User Code

    Containers

    ISA

    syscall

    Containers: less overhead, enable more magic

    Sandboxing(chroot jails) Various projects... chroot (1979) jail

    Linux-VServer OpenVZ ...

    Linux container(chroot + OS isolation) brought into the kernel... namespaces

    cgroups SELinux AppArmor btrs/aufs/device mapper/etc ...

    Docker (LXC + packaging) and packaged up. systemd-nspawn

    LXC lmctfy libvirt-lxc Docker / libcontainer rkt / appc ...

    Containers are isolated, portable environments where you can run applications along with all the libraries and dependencies they need.

  • User request

    Linux Kernel

    hardware

    shell Application

    Each user has a homedirectory and process directory

    Run in memory

  • A paradigm shift for the O/S : Redefines Kernel Space & User Space

    Better fit for distributed computing

  • Who built this image? Whats its purpose?

    Was it created to support a demo? Is it safe to consume?

    Who maintains it?

    RED HAT CERTIFIED Trusted source for the host and the containers Trusted content inside the container with security Dxes available as part of an enterprise lifecycle Portability across hosts

    HWHostOS

    Containers

    Certify

  • ProcessA

    fork()

    ProcessAcontinues

    ProcessB

    execev()

    exit()

    wait() ZOMBIE

    SIGCHLD

    cleanup

    Child-newPID

    executesadifferentprogram!

    Parent-originalPID

    Reference:http://www.lynx.com/the-fork-call-posix-processes-and-parent-child-relationships

    1.

    DockerDaemon

    processfork

    exec

    dockerinit ENTRYPOINT CMD(yourapplication)2. 3.

    newnamespaces

    initnamespaces

    theonlyprocess(samePID)

    cgroupsapplied

    DockerContainerprocess process process

    process

    DockerContainerisbornjustbysyscallforkandexecaprocess

    1.

    http://www.lynx.com/the-fork-call-posix-processes-and-parent-child-relationships

  • CGROUPS NAMESPACES IMAGES DOCKER CONTAINER

    Kernel Feature Groups of Processes Control Resource

    Allocation CPU, CPU Sets Memory Disk Block I/O

    Not a File System Not a VHD Basically a tar file Has a Hierarchy

    Arbitrary Depth Fits into Docker Registry

    The real magic behind containers

    It creates barriers between processes

    Different Namespaces PID Namespace Net Namespace IPC Namespace MNT Namespace

    Linux Kernel Namespace introduced between kernel 2.6.15 2.6.26

    docker run lxc-start

  • Open Container Initiative+ =

    http://www.opencontainers.org

  • ACSACS

    ACI

    ID

    Signed Encrypted

    Archive

    Manifest Rootfs

    veth ipvlan macvlan raw dev

    FS Volume

    Environment

    Logging

    Isolators

    Capabilities

    Linux Isolators

    Resource Isolators

    block network

    cpu memory

    Runtime Env

    Pods

    UUID Manifest

    Executor

    Image Discovery

    Simple Discovery

    Meta Discovery

    Network

    loopback

    ip

    overlay

    DM

    cgroup

    Application Containers

    An application container is a way of packaging and executing

    processes on a computer system that isolates the application from

    the underlying host operating system

    https://github.com/appc/spec, 2015.

  • CNM & CNILibnetwork: Docker 1.7

    Container Network Model,CNMAppC

    Container Network Interface,CNI

  • https://www.ibm.com/developerworks/community/blogs/1ba56fe3-efad-432f-a1ab-58ba3910b073/entry/thoughts_on_future_of_resource_managers_and_schedulers_in_the_cloud?lang=en

    IaaSCapacity (VM, Storage)

    PaaSApp (code)

    CaaSApp container

  • CNCF & OCI Application definition and orchestration

    Resource scheduling

    Distributed system services

    Container Runtime agent Container registryContainer repositoryComputing node OS

    Software define network Software define storage

    Infrastructure provisioning

    Out of scopeApi specification

    OCI and specification

    Reference implementation

    OCI api spec

    . ..N

  • http://stackalytics.com/

    Docker Kubernetes

  • The End~