docker containers deep dive
Post on 10-Feb-2017
Embed Size (px)
Docker Containers Deep DiveBest of Red Hat Summit
October 4, 2016
Build, Ship, Run
DevOps Advisory and Implementation
Docker Consulting and Integration
CloudBees Jenkins Consulting
AboutThe Container Enablement Company
Delivery, and Deployment
Container Tech Isnt New
FreeBSD JailsEarly container technology
Linux NamespacesProcess isolation
Solaris ZonesSimilar to jails; snapshots, cloning
Google Process ContainersProcess aggregation for resource management
Linux Control GroupsProcess containers renamed and merged into kernel 2.6.24
LXC Linux ContainersUserland tooling
DotCloud Docker Inc.Introduction of Docker Open Source Project
Docker Open Source Project
10,000+ Active Forks
Docker Hub (hub.docker.com)
6B+ Image Downloads
500,000+ Dockerized Applications
2013 2014 2015 2016
Docker Pulls - Billions
What is a Docker Container ?
Method to run applications in isolation
Isolation includes namespacing pid, network, users, restricting
root, cpu and memory limits, and providing separate
Many of the technologies are old, but haven't been packaged
in an easy to use toolset before Docker
Docker containers wrap up a piece of software in a complete filesystem that contains everything it needs
to run: code, runtime, system tools, system libraries anything you can install on a server. (https://www.docker.com/what-docker)
Containerized Deployment and Scaling
Each virtual machine
- binaries and
- entire guest
- Include application and all dependencies
- Share kernel with other containers
- Run as an isolated process not tied to any
Virtual Machines Containers
Were not trying to replace your VMs
Containers are used in
partnership with current IaaS
Docker and other container
platforms still need a host.
Take advantage of the streamlined
process for VM based IaaS and gain
Higher density workloads
Portability is Empowering
Portability is Empowering
Portability is Empowering
Containers are designed to be disposable
New containers go back to a clean image state
Running containers write to an isolated space
Data is stored outside of the container
Separates data from your application
Application Development (Build & Ship)
Problem: Code migration issues: Dev Test Prod. Painful and slow software delivery.
Solution: Developer Self-Service. Automate and consolidate with Docker.
Docker packages applications and their dependencies into containers to allow for easy transport from a
developers laptop to any target test or prod environment. This accelerates the software lifecycle,
increases reliability, and reduces job time.
- Begin with a Trusted Known State
- Control and Approve Content
- Track Promotion CryptographicallyDeveloper
QA / QE
Application Modernization / Cloud Migration
Problem: Legacy applications: brittle, and difficult to change/bug fix/upgrade
Hard to scale, obsolete APIs, costly and difficult to support and maintain.
Solution: Microservices architecture. Technology diversity. Modular boundaries.
Mulit-tier applications can be deployed in parts and each tier is an independent container. Each of the containers
can be used for a single service. Legacy applications can be migrated to the cloud through either a lift & shift or
refactoring methodology, or potentially a combination.
Images are the definition. They include
the filesystem, environment variables,
and default entry points.
Containers are an instance of an
image. They isolate the application
from the host, and even from other
Write your image definition in a Dockerfile
Turn that Dockerfile into an image with
Develop a new app or lift and shift your current codebase
Union file system
Multiple RO layers are stacked
Containers add a single RW layer to
Layers are cached for fast builds
Layers are named with a hash inside
Docker for Mac / Windows
Docker tools for the developer
OS native clients using internally
available virtualization: xhyve and
Full Docker CLI from native OS
Red Hat Container Dev Kit
Pre-built container development
Choice of virtualization platforms:
Virtualbox, Hyper-V, Linux KVM
Eclipse and docker CLI integration
ShipDocker Registry (and Hub)
Push and pull to central registry
Organized as repositories that contain
Multiple options: run your own, Docker
Hub, OpenShift, 3rd parties
Run your image
Launches a container base on your image
Volumes: link external data into the container for persistence
Networking: bridged, overlay, access with exposed ports
Packages multiple containers together
Defines parameters for docker run
Configuration is stored in docker-
Allows containers to be scaled, but
Docker on Red Hat
Consistent performance and reliability
Certification and Support
Minimal footprint operating system
Linux container optimized
Reliability and security of RHEL
Red Hat OpenShift Container Platform V3
OpenShift and Kubernetes add the ability to orchestrate
docker containers across multi-host installations.
Load Docker Images to OpenShift!
# oc new-project rhsummit# oc new-app gitlab/gitlab-ce
CTO BoxBoat Technologies
This is Important
Isolated space for a running application
All containers run on the same kernel unlike a VM
Eliminates the overhead of an OS and services
Docker Containers Run Anywhere?
Kernel Version 3.10+
Docker for Windows
Windows Server 2016 (TP5)
Docker for ARM!
Production Operations / Data CenterProblem: Inefficiency of VMs .. O/S duplication Lengthy boot and replication times.
Hardware, Storage, and Hypervisor costs $$.
Solution: Dockers containers as a service (CaaS) and orchestration platform. Policy driven architecture.
Deployment flexibility (On-Premise, Cloud, Hybrid).
Docker containers share resources with the host OS, which makes them significantly more efficient than VMs.
Containers can be started and stopped in a fraction of a second. They are lightweight, fast, and maximize
consolidation. Swisscom reduced their VM footprint from 400 to 20 for a database as a service offering, driving
tremendous cost savings.
ControlManage and secure
Movement & Trust
+ +Build Ship Run
Namespace for isolating pids
cgroups for limiting memory and CPU
Separate network stack
Restricted root capabilities
Open source project on github
Trusted cross platform content
Platform agnostic in delivering
Publisher key validates integrity
Run Docker containers
unchanged in any
environment, on any