Containers technologies

CONTAINERS TECHNOLOGY
WITH DOCKER

CONTAINERS @ OVH
JORIS BONNEFOY MICKAL FORTUNATO

INTRODUCTIONCONTAINERS

INTRODUCTION TO CONTAINERS TECHNOLOGIES
HISTORY OF CONTAINERS
1982 chroot
2000 FreeBSD Jails
2001 Linux-VServer
2005 Solaris Zones
2006 Generic Process
Containers
2007 Control groups
2008 Kernel namespaces
2008 LXC
2013 Docker

HOW TO DEPLOY AND ISOLATE AN APPLICATION ANYWHERE WITHOUT TAKING CARE ABOUT THE ENVIRONMENT?
Container-based Virtualization

WHAT IS THE CONTAINER-BASED VIRTUALIZATION?

QUESTIONS?DO YOU HAVE SOME

UNDERSTANDING THE UNDERLYING ARCHITECTURE
CONTAINERS

USER AND KERNEL SPACES

NON-ISOLATED APPLICATIONS

ISOLATED APPLICATIONS

CONTAINERS VS VIRTUAL MACHINES

ISOLATION: NAMESPACES, CONTROL GROUPS, UID SHIFT
DOCKER

DOCKER - A CONTAINER STANDARD
CONTROL GROUPS

PID NAMESPACE

NETWORK NAMESPACE

USER NAMESPACE / UID SHIFT

IMAGES AND STORAGE
DOCKER

DOCKER IMAGES & CONTAINERS

UnionFS
Each layer is a branch
An image is the union mount of a set of branches
Copy-on-Write
Images are shared between containers, layers are read-only
A read/write layer is added at the top to handle the modification made into the container
DOCKER IMAGES & CONTAINERS

Jeff Bonwick (Sun - 2005)
128 bits filesystem
Volume management
Snapshots & clones
Checksum
Compression
Deduplication
Replication
ZFS - NEXT GENERATION FILESYSTEM

ZFS ON DOCKER

ZFS AND COPY-ON-WRITE

SIMPLE CASE
DOCKER NETWORKING

DOCKER NETWORKING
THE CONTAINER NETWORK MODEL

Null
Bridge (single-host)
Overlay (multi-host)
DOCKER NETWORKING
THE CONTAINER NETWORK MODEL

DOCKER NETWORKING
BRIDGE NETWORKING WITH VETH

DOCKER NETWORKING
ISOLATED BRIDGED NETWORKS

CLUSTERINGDOCKER NETWORKING

DOCKER NETWORKING
OVERLAY NETWORKING

DOCKER NETWORKING
OVERLAY DATA PLANE

DOCKER NETWORKING
OVERLAY CONTROL PLANE

DOCKER NETWORKING
OVERLAY DOCKER_GWBRIDGE NETWORK

UNIKERNELWHAT'S NEXT IN DOCKER?

WHAT'S NEXT?
UNIKERNEL - THE FUTURE OF DOCKER?

Containers technologies

Technology