CONTAINERS TECHNOLOGY

WITH DOCKER

CONTAINERS @ OVH

JORIS BONNEFOY MICKAËL FORTUNATO

INTRODUCTIONCONTAINERS

INTRODUCTION TO CONTAINERS TECHNOLOGIES

HISTORY OF CONTAINERS

1982 chroot

2000 FreeBSD Jails

2001 Linux-VServer

2005 Solaris Zones

2006 Generic Process

Containers

2007 Control groups

2008 Kernel namespaces

2008 LXC

2013 Docker

HOW TO DEPLOY AND ISOLATE AN APPLICATION ANYWHERE WITHOUT TAKING CARE ABOUT THE ENVIRONMENT?

Container-based Virtualization

INTRODUCTION TO CONTAINERS TECHNOLOGIES

INTRODUCTION TO CONTAINERS TECHNOLOGIES

WHAT IS THE CONTAINER-BASED VIRTUALIZATION?

INTRODUCTION TO CONTAINERS TECHNOLOGIES

WHAT IS THE CONTAINER-BASED VIRTUALIZATION?

QUESTIONS?DO YOU HAVE SOME

UNDERSTANDING THE UNDERLYING ARCHITECTURE

CONTAINERS

USER AND KERNEL SPACES

INTRODUCTION TO CONTAINERS TECHNOLOGIES

NON-ISOLATED APPLICATIONS

INTRODUCTION TO CONTAINERS TECHNOLOGIES

ISOLATED APPLICATIONS

INTRODUCTION TO CONTAINERS TECHNOLOGIES

CONTAINERS VS VIRTUAL MACHINES

INTRODUCTION TO CONTAINERS TECHNOLOGIES

CONTAINERS VS VIRTUAL MACHINES

INTRODUCTION TO CONTAINERS TECHNOLOGIES

QUESTIONS?DO YOU HAVE SOME

ISOLATION: NAMESPACES, CONTROL GROUPS, UID SHIFT

DOCKER

DOCKER - A CONTAINER STANDARD

CONTROL GROUPS

DOCKER - A CONTAINER STANDARD

PID NAMESPACE

DOCKER - A CONTAINER STANDARD

NETWORK NAMESPACE

DOCKER - A CONTAINER STANDARD

USER NAMESPACE / UID SHIFT

QUESTIONS?DO YOU HAVE SOME

IMAGES AND STORAGE

DOCKER

DOCKER - A CONTAINER STANDARD

DOCKER IMAGES & CONTAINERS

▸ UnionFS

▸ Each layer is a branch

▸ An image is the union mount of a set of branches

▸ Copy-on-Write

▸ Images are shared between containers, layers are read-only

▸ A read/write layer is added at the top to handle the modification made into the container

DOCKER - A CONTAINER STANDARD

DOCKER IMAGES & CONTAINERS

▸ Jeff Bonwick (Sun - 2005)

▸ 128 bits filesystem

▸ Volume management

▸ Snapshots & clones

▸ Checksum

▸ Compression

▸ Deduplication

▸ Replication

DOCKER - A CONTAINER STANDARD

ZFS - NEXT GENERATION FILESYSTEM

DOCKER - A CONTAINER STANDARD

ZFS ON DOCKER

DOCKER - A CONTAINER STANDARD

ZFS AND COPY-ON-WRITE

QUESTIONS?DO YOU HAVE SOME

SIMPLE CASE

DOCKER NETWORKING

DOCKER NETWORKING

THE CONTAINER NETWORK MODEL

▸ Null

▸ Bridge (single-host)

▸ Overlay (multi-host)

DOCKER NETWORKING

THE CONTAINER NETWORK MODEL

DOCKER NETWORKING

BRIDGE NETWORKING WITH VETH

DOCKER NETWORKING

ISOLATED BRIDGED NETWORKS

QUESTIONS?DO YOU HAVE SOME

CLUSTERINGDOCKER NETWORKING

DOCKER NETWORKING

OVERLAY NETWORKING

DOCKER NETWORKING

OVERLAY DATA PLANE

DOCKER NETWORKING

OVERLAY CONTROL PLANE

DOCKER NETWORKING

OVERLAY DOCKER_GWBRIDGE NETWORK

QUESTIONS?DO YOU HAVE SOME

UNIKERNELWHAT'S NEXT IN DOCKER?

WHAT'S NEXT?

UNIKERNEL - THE FUTURE OF DOCKER?

QUESTIONS?DO YOU HAVE SOME