2. About MeAbout Me
Queens, NY => Florida => Queens, NY
University of Florida 2004 to 2009
Grooveshark, Livestream, Getty Images, Bloomberg,
and Google
Backend Development and Infrastructure
Server Administration to Distributed Systems
Some Frontend (mostly personal)
Python, JS/Node, Scala, Java
6. VirtualVirtual
MachineMachine
Fully mimics an OS
Securely isolated from each
other
Many virtual servers on the
same bare metal
Large pool of servers can
many more VMs
Easily balance workloads
7. The Problem(s)The Problem(s)
VMs need to be configured, complicated
As software still heavy weight and slow
Not good for application deployment
We solve the Ops problem, not the Dev one
8. Containers: A solutionContainers: A solution
A process runs in isolation but with the same OS
Does not mimic an entire machine
Done via two mechanisms
Namespaces - per process resource isolation
Cgroups - per process resource management
This provides a completely separate environment for
an application without the weight of a virtual machine
9. DockerDocker
User friendly command
line interface to
containers
Dockerfile - Rules
describe what goes in a
container
Layered File System -
applies rules to FS,
saving final image
Daemon - Tracks
running containers and
images
10. DockerDocker
User friendly command
line interface to
containers
Dockerfile - Rules
describe what goes in a
container
Layered File System -
applies rules to FS,
saving final image
Daemon - Tracks
running containers and
images
13. CoreOSCoreOS
Linux OS based on Gentoo distribution.
No package manager and few preinstalled tools.
The most essential being docker, etcd, & fleetd.
An OS fully built around managing containers in a
distributed, fault tolerant cluster of machines.
14. etcdetcd
A distributed key/value
store.
Meant for config data, not
high latency/throughput.
Strongly consistent, very
reliable.
fleetfleet
Uses etcd as distributed
config store.
Runs distributed services
on many nodes.
Uses standard linux
service files, but with
some customized options
15. Load BalancerLoad Balancer
Application ip & port
are registered in etcd.
confd gets notified
when certain keys in
etcd are modified
Then haproxy.cfg
templates get updated
with added or removed
application ip & port.
17. Production ProblemsProduction Problems
Many competing cluster/cloud solutions
Docker, Layered Filesystems, and kernel features all
very new. Still maturing and changing rapidly.
Logging is a mess.
Security
No isolation like VMs
Mistakenly store sensitive information in images.
Daemon requires privileged control.
Community has historically not focused on it.
18. The FutureThe Future
Standards: appc, runc, and the open container
initiative.
Will allow container alternatives.
Docker Compose for production deployments with
Swarm
All the issues mentioned are actively being worked on
by Docker & the community.