windows 與 azure 的容器旅程 @ skilltree day
TRANSCRIPT
一切都是為了 DevOps…
Container DevOps Workflow
Build/CI,Integrate,
Test
Monitor and Diagnose
Productionenvironments
Run, Manage
Container Service
Service Fabric
Batch
App Services
coming soon
…
…
Azure Container Registry
Code
Run
Validate
Debug
Inner-Loop
CD, Deploy
Source Code
Control(SCC)
什麼是容器?
什麼是容器?
Application
OS
Hardware
什麼是容器?Traditional virtual machines = hardware virtualization
Application
OS
Hardware
VM VM VM
什麼是容器?
Traditional virtual machines = hardware virtualization
Application
OS
Hardware
VM VM VM
什麼是容器?
Traditional virtual machines = hardware virtualization
Application
OS
Hardware
OS
Hardware
VM VM VM
OS
Hardware
什麼是容器?Containers = Operating system virtualization
Traditional virtual machines = hardware virtualization
Applications
Kernel
Application
OS
Hardware
VM VM VM
什麼是容器?Containers = Operating system virtualization
Traditional virtual machines = hardware virtualization
OS
Hardware
ApplicationsKernel
CONTAINER
CONTAINER
CONTAINER
Application
OS
Hardware
VM VM VM
什麼是容器?Containers = Operating system virtualization
Traditional virtual machines = hardware virtualization
OS
Hardware
ApplicationsKernel
CONTAINER
CONTAINER
CONTAINER
Application
OS
Hardware
VM VM VM
什麼是容器?Containers = Operating system virtualization
Traditional virtual machines = hardware virtualization
OS
Hardware
ApplicationsKernel
CONTAINER
CONTAINER
CONTAINER
Kernel
CONTAINER
CONTAINER
CONTAINER
Windows Server ContainersMaximum speed and density
Application
OS
Hardware
VM VM VM
什麼是容器?Containers = Operating system virtualization
Traditional virtual machines = hardware virtualization
Kernel
CONTAINER
CONTAINER
CONTAINER
Windows Server ContainersMaximum speed and density
Hyper-V
Kernel
CONTAINER
Kernel
CONTAINER
Kernel
CONTAINER
Hyper-V ContainersIsolation plus performance
OS
Hardware
ApplicationsKernel
CONTAINER
CONTAINER
CONTAINER
Application
OS
Hardware
VM VM VM
一切的一切都是基於…作業系統層虛擬化
(Operating System-level Virtualization)
容器是如何運作的?
高階架構
Operating System (Windows Container, LXC)
Docker Engine
Docker Client
Docker Registry
Docker Compose
Docker Swarm
Docker Universal Control Plane}容器開發與管理工具集
容器執行期元件
Docker PowerShel
l
Windows Containers
Hyper-V Hypervisor
主機使用者模式
Container Managemen
t
Windows 核心
Compute Services
Docker Engine
System Processes
Session Manager
Local Security Authority
Etc…
Windows Containers
Hyper-V Hypervisor
主機使用者模式
Container Managemen
t
Windows 核心
Compute Services
Docker Engine Windows Server
Container
System Processes
Session Manager
Local Security Authority
Etc…
Windows Containers
Hyper-V Hypervisor
主機使用者模式
Container Managemen
t
Windows 核心
Compute Services
Docker Engine Windows Server
Container
System Processes
System Processes
Session Manager
Local Security Authority
Etc…
Windows Containers
Hyper-V Hypervisor
主機使用者模式
Container Managemen
t
Windows 核心
Compute Services
Docker Engine Windows Server
Container
System Processes
Application
Process(es)
System Processes
Session Manager
Local Security Authority
Etc…
Windows Server Container
System Processes
Application
Process(es)
Windows Containers
Hyper-V Hypervisor
主機使用者模式
Container Managemen
t
Windows 核心
Compute Services
Docker Engine Windows Server
Container
System Processes
Application
Process(es)
System Processes
Session Manager
Local Security Authority
Etc…
Windows Server Container
System Processes
Application
Process(es)
Windows Containers
Hyper-V Hypervisor
主機使用者模式
Container Managemen
t
Windows 核心
Compute Services
Docker Engine Windows Server
Container
System Processes
Application
Process(es)
System Processes
Session Manager
Local Security Authority
Etc…
Hyper-V Container
Hyper-V Container
Windows Server Container
System Processes
Application
Process(es)
Windows Containers
Hyper-V Hypervisor
主機使用者模式
Container Managemen
t
Windows 核心
Compute Services
Docker Engine Windows Server
Container
System Processes
Application
Process(es)
System Processes
Session Manager
Local Security Authority
Etc…
Windows 核心
Hyper-V Container
Windows Containers
Hyper-V Hypervisor
Host User Mode
Container Managemen
t
Windows 核心
Compute Services
Docker Engine Windows Server
Container
System Processes
Application
Process(es)
System Processes
Session Manager
Local Security Authority
Etc…
Windows 核心
Windows Server Container
System Processes
Application
Process(es)
虛擬機器為執行容器而做特別最佳化
Windows Containers
Hyper-V Hypervisor
主機使用者模式
Container Managemen
t
Windows 核心
Compute Services
Docker Engine Windows Server
Container
System Processes
Application
Process(es)
System Processes
Session Manager
Local Security Authority
Etc…
Hyper-V Container
Windows 核心
Windows Server Container
System Processes
Application
Process(es)
NodeJS with Nano ServerWindows Server ContainerUnder 600 Milliseconds!
A virtual machine takes ~3 seconds
Hyper-V Container~1.75 seconds
啟動效能NodeJS with Windows Server Core
Windows Server Container~1 秒
虛擬機器需要 ~5 秒到超過 1 分鐘
Hyper-V Container~3.3 秒
* 包含初始啟動供應階段 ( 盒外組態等 )** 啟動時間於初始容器開始後
Testing performed on HP ProLiant SL250s Gen8, E5-2600, 2 Socket, 8 Core, 128GB RAM, HP SATA SSD - results may vary based on hardware and software configurations.
NodeJS with Nano ServerWindows Server Container
600 毫秒以內虛擬機器需要 ~3 秒鐘
Hyper-V Container~1.75 秒
啟動效能
NodeJS with Windows Server CoreWindows Server Container
~1 秒虛擬機器需要 ~5 秒到超過 1 分鐘
Hyper-V Container~3.3 秒
NodeJS with Nano ServerWindows Server Container
First Container ~120MBAdditional Containers ~75MB
Hyper-V Container
First Container ~340MBAdditional Containers ~150MB
密度 ( 容器大小 )
NodeJS with Windows Server CoreWindows Server Container
初始容器 ~150MB額外容器 ~75MB
Hyper-V Container
初始容器 ~555MB額外容器 ~280MB
Testing performed on HP ProLiant SL250s Gen8, E5-2600, 2 Socket, 8 Core, 128GB RAM, HP SATA SSD - results may vary based on hardware and software configurations.
NodeJS with Nano ServerWindows Server Container
初始容器 ~120MB額外容器 ~75MB
Hyper-V Container
初始容器 ~340MB額外容器 ~150MB
密度 ( 容器大小 )
NodeJS with Windows Server CoreWindows Server Container
初始容器 ~150MB額外容器 ~75MB
Hyper-V Container
初始容器 ~555MB額外容器 ~280MB
不同的東西,但不互斥
WS 2016 Linux
如何建立容器環境?
你的環境能使用 Windows Container 嗎?硬體需求• 支援虛擬化的處理器 (Intel VT-x)• 4GB 記憶體• 若是執行 Hyper-V Container ,則虛擬機器內至少要 2 顆 vCore軟體需求• Windows Server 2016 或 Windows 10 週年版作為 Container
Host 。• 若是執行 Windows Server Container ,則要安裝容器功能;若是執行 Hyper-V Container ,則要啟用 Hyper-V 角色。• Windows Server Container 要求作業系統一定要安裝在 C: ,但此規則不影響 Hyper-V Container 。
巢狀虛擬化 (Nested Virtualization)Run Hyper-V in Hyper-V• 主要動機:支援 Hyper-V Containers 於任何的雲端環境• 額外的好處:做 lab 更容易了。
1. 安裝 Hyper-V 功能於主機2. 於主機建立一個要執行 Hyper-V Container 的 VM3. 安裝 Windows Server 2016 or Nano Server 至 VM4. 將虛擬機器關機,於主機啟動虛擬機器的巢狀虛擬化功能5. 將虛擬機器開機,安裝 Hyper-V 功能6. 於主機上對 Hyper-V Container 下指令
準備 Hyper-V VM 以使用 Hyper-V Container
準備 Hyper-V VM 以使用 Hyper-V Container
如何建立容器?
Docker Run建立與啟動一個新容器Runtime options
Name (network name and management name)Interactive or ServiceNetwork configurationResource managementVolume mappingsIsolation level
什麼是容器映像 (Container Image) ?
容器映像類似於虛擬機器的 VHD 與組態檔用以執行容器與捕捉變更變更包含檔案與登錄
映像詮釋資料
Name,Creation Data,
Command To Execute,Dependences
內容
Files FoldersRegistry
容器映像
IIS
My Website
基礎映像 (OS)
應用程式框架
應用程式
容器映像
IIS
My Website
映像內容Folders and Files
License.txt PerfLogs Program Files
Program Files (x86) Users Windows
Registry
HKLM HKCU
HKCR HKU
基礎映像 (OS)
應用程式框架
應用程式
容器映像
IIS
My Website
映像內容Folders and Files
License.txt PerfLogs Program Files
Program Files (x86) Users Windows
Registry
HKLM HKCU
HKCR HKU
映像內容Folders and Files
mysite.html
Registry
inetpub
SOFTWARE/mykey
HKLM
基礎映像 (OS)
應用程式框架
應用程式
自動化映像建置Docker 建置與 Dockerfiles自動化容器映像建置方法執行 “ docker build” 指令時取用 捕捉未變更的指令與 Docker Hub 整合
範例IIS
FROM microsoft/windowsservercoreRUN powershell –command Add-WindowsFeature Web-Server
WebsiteFROM iisADD mysite.htm inetpub\mysite.htm
IIS
My Website
映像登錄資料庫 (Image Registry)什麼是登錄資料庫 ?儲存容器映像映像是被推進去登錄映像是由登錄拉出來映像可於登錄內搜尋
映像登錄資料庫 (Image Registry)Docker Hub 與 Docker Store公開,官方與私有映像儲存庫由組織支援的細粒存取控制自動化映像建置支援Docker 受信任登錄企業級私有登錄資料庫運行於你的基礎建設 ( 地端或雲端 )AD 與以角色為主的存取控制Docker 登錄資料庫以開源為基礎以容器的方式運行於你的基礎建設 ( 地端或雲端 )https://docs.docker.com/registry and or https://github.com/docker/distribution
關於一些你會想知道的事…
授權
https://www.microsoft.com/en-us/cloud-platform/windows-server-pricing
修補與更新更新容器 OS 映像拉取已更新的基礎映像使用 dockerfile 重建容器
10.0.14393.0
IIS
My Website
修補與更新更新容器 OS 映像拉取已更新的基礎映像使用 dockerfile 重建容器
10.0.14393.0
IIS
My Website
修補與更新更新容器 OS 映像拉取已更新的基礎映像使用 dockerfile 重建容器
KB123456 = new image on Docker Hub10.0.14393.0
IIS
My Website
10.0.14393.1
修補與更新更新容器 OS 映像拉取已更新的基礎映像使用 dockerfile 重建容器
FROM windowsservercoreRUN powershell –command Add-WindowsFeature Web-Server
KB123456 = new image on Docker Hub10.0.14393.0
IIS
My Website
10.0.14393.1
IIS
修補與更新更新容器 OS 映像拉取已更新的基礎映像使用 dockerfile 重建容器
FROM windowsservercoreRUN powershell –command Add-WindowsFeature Web-Server
FROM iisADD mysite.htm inetpub\mysite.htm
KB123456 = new image on Docker Hub10.0.14393.0
IIS
My Website
10.0.14393.1
IIS
My Website
修補與更新更新為一個新的層次於容器下載更新 ( 例如在容器中執行 Windows Update)當容器完成更新時表示已經套用為新的層次
10.0.14393.0
IIS
My Website
修補與更新更新為一個新的層次於容器下載更新 ( 例如在容器中執行 Windows Update)當容器完成更新時表示已經套用為新的層次
10.0.14393.0
IIS
My Website
修補與更新更新為一個新的層次於容器下載更新 ( 例如在容器中執行 Windows Update)當容器完成更新時表示已經套用為新的層次
10.0.14393.0
IIS
My Website
10.0.14393.0Same Image
修補與更新更新為一個新的層次於容器下載更新 ( 例如在容器中執行 Windows Update)當容器完成更新時表示已經套用為新的層次
10.0.14393.0
IIS
My Website
10.0.14393.0
IIS
My Website
Same Image
Same Image
Same Image
修補與更新更新為一個新的層次於容器下載更新 ( 例如在容器中執行 Windows Update)當容器完成更新時表示已經套用為新的層次
10.0.14393.0
IIS
My Website
10.0.14393.0
IIS
My Website
KB123456
Same Image
Same Image
Same Image
資源控制CPU容器能使用的主機 CPU 比例Memory容器可使用的最大記憶體比例Disk系統磁碟的最大 I/O 頻寬系統磁碟的最大 IOPS 限制Network由平台支援的輸出能力
網路功能由 Docker 完全管理網路建立 / 列舉服務發掘 為 Microsoft Cloud Stack 最佳化進階網路原則 (ACLs, QoS) 可指派至容器端點 可使用 Microsoft 軟體負載平衡器處理負載平衡 (Coming Soon)
正規與持續創新Docker 網路的工具支援 (Compose) (GA 時有限度支援 )與其他編配器的整合 (Kubernetes, Swarm, etc.)原生重疊網路驅動程式單一主機多重網路 (NAT 與重疊 )
儲存容器映像並非設計為永久儲存並非設計為安全“卷冊”啟用儲存一致性啟用容器內的儲存對應唯讀或可讀寫同一主機內的多重容器可存取相同的位置外掛架構網路儲存容器可存取 SMB 分享透過容器網路存取
卷冊對應 (Volume Mapping)
Container HostContainer Host
My Container
卷冊對應 (Volume Mapping)
Container Host
Image Contents
License.txt PerfLogs Program Files
Program Files (x86) Users Windows
Host Storage
C: D:
ContainerDataContainer Host
My Container
儲存卷冊對應實例
Container Host
Image Contents
License.txt PerfLogs Program Files
Program Files (x86) Users Windows
Host Storage
C: D:
ContainerData
Running a Container
docker run –v d:\ContainerData:c:\data
mycontiner
Container Host
My Container
儲存卷冊對應實例
Container Host
Image Contents
License.txt PerfLogs Program Files
Program Files (x86) Users Windows
Host Storage
C: D:
ContainerData
Running a Container
docker run –v d:\ContainerData:c:\data
mycontiner
Container View
License.txt PerfLogs Program Files
Program Files (x86) Users Windows
data Container Host
My Container
儲存卷冊對應實例
Container Host
Image Contents
License.txt PerfLogs Program Files
Program Files (x86) Users Windows
Host Storage
C: D:
ContainerData
Running a Container
docker run –v d:\ContainerData:c:\data
mycontiner
Container View
License.txt PerfLogs Program Files
Program Files (x86) Users Windows
data Container Host
My Container
供應給企業級應用程式- Active Directory 的基礎建立無需變更- 可取用群組受管理服務帳戶- 開啟容器化應用程式與 SQL Server、檔案共享與其他應用進行驗證
簡單與安全- 識別於容器啟動時期指定- 認證不會儲存在容器映像內- 跨環境應用下不需變更 i.e. dev, test, prod, cloud
容器的 Active Directory 識別
容器的 Active Directory 識別Image
Credential Spec
DefaultAccount: Domain\
MyWebApp1$
IIS & ASP.NetRunning
ContainerService: IIS
User: LocalSystem
SQL Serve
r
Domain\MyWebApp1$
1) 使用預設帳戶進行服務與工作 (LocalSystem, Network Service)
2) 當啟動容器時給予服務帳戶3) 容器使用服務帳戶連結
自動化與管理
組合與編配 (Composition and Orchestration)應用程式通常會包在許多容器內容器通常會橫跨叢集的節點間代管編配工具自動化了這些工作
組合與編配 (Composition and Orchestration)Docker ComposeDefine application as separate containersManage different containers as a unitScale parts of application as needed
Docker SwarmAggregate container hostsSupports tagging, affinity/anti-affinity
組合與編配 (Composition and Orchestration)Azure Service FabricMicroservice and orchestration platform Build applications as containers and/or microservicesAvailable on Windows & LinuxBuilt-in cross-container communication Web based management UIAvailable On-Prem, Azure or other Clouds
組合與編配 (Composition and Orchestration)KubernetesOpen source project started by Google
Windows support being added though community partnership spear headed by Apprenda
組合與編配 (Composition and Orchestration)Mesos/Mesosphere + MarathonAggregates container hostsWeb based UIService Launch and Discovery
Standard Docker tooling and API supportStreamlined provisioning of Docker Swarm and DCOSLinux and Windows Server containersAzure and Azure Stack
Azure 容器服務Azure
Swarm DC/OS
應用程式
基礎建設
Azure 容器服務
ARM Templat
e
編配器(Orchestrator
)
Docker Datacenter for Windows
Client
Compose
Partner IntegrationsDocker Interfaces
VolumePlug-ins
Monitoring Logging
NetworkPlug-ins
Docker Universal Control Plane
Docker Trusted Registry
Windows Server 2016
Commercially supported Docker Engines
Docker Swarm
Docker Datacenter
Content SecurityStorage Drivers
LDAP/ AD
Docker for Windows
Plug-in for Visual Studio & VS Code
Linux Any ApplicationAnywhere
管理與監控工具Docker Datacenter
開發工具
Visual Studio Docker Tools
• Run, Debug, Test Web & Console apps in docker containers• Linux today, Windows Server & Nano Server coming soon
• F5 Debugging• Edit & Refresh of code• Scaffolds docker assets
• Dockerfile, docker-compose.yml
aka.ms/DockerToolsForVS
建置一次,於各種地方執行using System;class Program{ static void Main() {
}}
© 2016 Microsoft Corporation. All rights reserved.
http://aka.ms/containers
Free IT Pro resourcesTo advance your career in cloud technology
Cloud role mapping Expert advice on skills needed Self-paced curriculum by cloud role $300 Azure credits and extended trials Pluralsight 3 month subscription (10 courses) Phone support incident Weekly short videos and insights from Microsoft’s leaders and engineers Connect with community of peers and Microsoft experts
Microsoft IT Pro Career Centerwww.microsoft.com/itprocareercenter
Microsoft IT Pro Cloud Essentials www.microsoft.com/itprocloudessentials
Microsoft Mechanics www.microsoft.com/mechanics
Microsoft Tech Community https://techcommunity.microsoft.com
Plan your career path
Get started with Azure
Connect with peers and experts
Demos and how-to videos
ReferencesWindows Container: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/about/about_overview Hyper-V Container: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/management/hyperv_container Docker in Windows: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/docker/configure_docker_daemon Understand Microservices: https://azure.microsoft.com/en-us/documentation/articles/service-fabric-overview-microservices/ Azure Container Services:https://azure.microsoft.com/en-us/documentation/articles/container-service-intro/ Azure Service Fabric:https://azure.microsoft.com/en-us/documentation/articles/service-fabric-overview/