Your SlideShare is downloading. ×
0
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
DockerCon 2014: Thoughts on interoperable containers
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

DockerCon 2014: Thoughts on interoperable containers

650

Published on

Docker is driving the popularization of Linux containers, but there are many different container managers out there, such as LXC and lmctfy. Not to mention different PaaS being built on top of these …

Docker is driving the popularization of Linux containers, but there are many different container managers out there, such as LXC and lmctfy. Not to mention different PaaS being built on top of these technologies. How great would it be if applications were portable to all (or most of) those different providers and container managers with little or no effort? This talk will discuss some ideas of what needs to be done for it to happen and what the community can do to help.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
650
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
13
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. interoperable containers Fabio Kung fabio@heroku.com https://www.flickr.com/photos/usnavy/8612337045
  • 2. Please don't continue. Go see this instead: http://fabiokung.com/2014/06/11/my-dockercon-2014-talk
  • 3. Fabio, Runtime Systems at I run linux containers.
  • 4. http://12factor.net
  • 5. “write once, run everywhere – Sun Microsystems (?)
  • 6. “write once, debug everywhere – (?)
  • 7. https://www.flickr.com/photos/tjblackwell/3545764529
  • 8. Developers want apps... https://www.flickr.com/photos/cyol/7642566946
  • 9. PaaS wants scale... https://www.flickr.com/photos/johngarghan/3401814659
  • 10. Docker wants... docker logo usage follows guidelines published at http://www.docker.com/marks_and_logos/
  • 11. PaaS You docker lxc lmctfy ... background: https://www.flickr.com/photos/jdhancock/12397433023
  • 12. Containers https://www.flickr.com/photos/joshua/433354324
  • 13. “trying to make Docker secure for multi-tenant scenarios is a can of worms – darren0, at #docker-dev
  • 14. 1 vs 1M https://www.flickr.com/photos/enerva/9068467267
  • 15. Root https://www.flickr.com/photos/ashleyrosex/2861690380
  • 16. apt-get install …
  • 17. vi /etc/…
  • 18. mount -t fancy …
  • 19. modprobe something
  • 20. iptables -A INPUT …
  • 21. kernelspace abuse https://www.flickr.com/photos/erlendaasland/4107345124
  • 22. User Namespaces Unprivileged Containers https://www.flickr.com/photos/ntr23/730371240
  • 23. “ (…) the kernel grants all capabilities to the initial process in a user namespace, this does not mean that process then has superuser privileges within the wider system. (It may, however, mean that unprivileged users now have access to exploits in kernel code that was formerly accessible only to root, ...) – Michael Kerrisk, “Namespaces in operation, part 6: more on user namespaces", LWN.net
  • 24. if (getuid() == 0) { // do root stuff }
  • 25. just don't run as root?
  • 26. also SUID
  • 27. Restrictions https://www.flickr.com/photos/mollivan_jon/10431164633
  • 28. Networking https://www.flickr.com/photos/emptyage/177466621
  • 29. ephemeral disks https://www.flickr.com/photos/pixeltree/4876732522
  • 30. arch, OS, image size, …
  • 31. containers/container-rfc · GitHub “A vendor neutral format for Linux container images and runtime
  • 32. https://www.flickr.com/photos/littlebiglens/6034320322 Image Size
  • 33. Layers https://www.flickr.com/photos/ralan808/11300490173
  • 34. Updates? noncommercial use
  • 35. https://www.flickr.com/photos/doug88888/2801103568 Packages “slugs”
  • 36. dotcloud/docker#332 docker load --rebase=new-base-image
  • 37. Apps https://www.flickr.com/photos/zoomar/338952152
  • 38. Buildpacks app source + base image
  • 39. FROM heroku/cedar ADD . /buildpack ONBUILD ADD . /app ONBUILD RUN /buildpack/bin/compile /app ONBUILD ENV PORT 5000 ONBUILD EXPOSE 5000
  • 40. `ONBUILD ONBUILD` dotcloud/docker#5714
  • 41. Buildstep https://github.com/progrium/buildstep
  • 42. https://github.com/radial/
  • 43. #!/usr/bin/env make -f buildpath := .build buildpackpath := $(buildpath)/pack buildpackcache := $(buildpath)/cache build: $(buildpackpath)/bin $(buildpackpath)/bin/compile . $(buildpackcache) $(buildpackcache): mkdir -p $(buildpath) mkdir -p $(buildpackcache) curl -O https://codon-buildpacks.s3.amazonaws.com/.../go.tgz mv go.tgz $(buildpath) $(buildpackpath)/bin: $(buildpackcache) mkdir -p $(buildpackpath) tar -C $(buildpackpath) -zxf $(buildpath)/go.tgz
  • 44. ruby = "https://codon-buildpacks.s3.amazonaws.com/.../ruby.tgz" app_container "myapp" do buildpack ruby git_url "git@mycompany.com:myapp.git" end define :app_container, name: nil, buildpack: nil, git_url: nil do # ... execute "#{name} buildpack compile" do command "#{dir}/.build/pack/bin/compile #{dir} .build/cache" end end
  • 45. container centric: whole image app centric: builds as a mapping layer recap: the container revolution
  • 46. Thank you! fabio@heroku.com All images used in this presentation are under a Creative Commons License, unless otherwise noted https://www.flickr.com/photos/compacflt/5948542359

×