SlideShare a Scribd company logo

Mesos and containers

Jiang Yan Xu
Jiang Yan Xu

Presented at MesosCon EU 2015. Linux containers, popularized by Docker, have been a game-changer in data center computing in recent years. Mesos has supported container isolation since its early days and has been supporting Docker since 0.20. This talk gives an overview of the evolution of Mesos containerization and an introduction to an upcoming Mesos feature that provisions container (filesystem) images such as Appc and Docker and does filesystem isolation all natively through one unified containerizer without requiring any additional container image runtime. Lastly, it includes a case study for introducing container images to large running clusters both in terms of the number of hosts and the size of their host images and what we have learned along the way.

Technology
1 of 34
Download to read offline
MESOS & CONTAINERS Overview of Mesos containerization and upcoming filesystem isolation support (a.k.a the docker like thing) Yan Xu !xujyan
WHAT IS A CONTAINER • Loosely defined: a lightweight “VM” / OS-level virtualization / “chroot on steroids”. • To Mesos: a per-task/executor isolated execution environment.
DIMENSIONS OF CONTAINERIZATION • Performance isolation: resource quota limiting. e.g. mem isolation. • Isolated visibility from inside the container: stack separation, jailing. e.g., filesystem isolation. • Visibility from the host: inspection, metrics.
CONTAINERIZATION:A CORE PREMISE OF MESOS RESOURCE MANAGEMENT Can’t allocate resources without enforcement! Credit: http://cdn.diginomica.com/wp-content/uploads/2014/07/Fotolia-Oleksiy-Mark-50048132_Sub_M.jpg
A BRIEF HISTORY OF MESOS CONTAINERIZATION • LXC (2010) • Cgroups (2012) • Linux namespaces (2013) • Docker* (2014)
THETALE OFTWO CONTAINERIZERS • MesosContainerizer (default) • DockerContainerizer • Dynamically chosen based on ContainerInfo if both are specified via --containerizers. Mesos Containerizer Docker Containerizer Agent Docker Isolators Isolators Isolators Custom executor Docker executor
CURRENT MESOS CONTAINERIZER LINEUP • Performance isolation • cpu, mem, disk quota, network egress bandwidth • Isolated visibility from inside • pid, network (port mapping) • Visibility from the host • perf_event, other cgroup stats and network stats, etc.
DOCKER IS GREAT, BUT... • Requires Docker installation and maintenance. • Tasks die with Docker daemon (upgrade, etc.) • Limited performance isolation done by Mesos. • Cannot compose with Mesos isolators (disk quota, port mapping). • Complexity in managing task lifecycle. • Hard to take advantage of other Mesos features: disk quota enforcement with persistent volumes; IP per container, etc.
A UNIVERSAL MESOS CONTAINERIZER • An all-encompassing containerizer for performance isolation, visibility isolation and metering. • Compossible: each isolation is implemented as an Isolator and configured independently. • Container resources are mutable during container lifecycle. • Tightly integrated with Mesos task/executor.
MESOS CONTAINERIZER • “The Docker thing”: filesystem isolation. • Extensible: new isolators such as are added and configured independently. • Filesystem isolator also handles cases without a new rootfs. CPU Isolator Mem Isolator DiskQuota Isolator Network Isolator PID Isolator PerfEvent Isolator Containerizer Filesystem Isolator … Isolator
CONTAINERIZER • Recovery: agent crash tolerance. • Update: grow and shrink container as needed. • Usage: container statistics. • Wait: tied to executor lifecycle. recover() launch() update() usage() wait() destroy() Containerizer
ISOLATOR • Prepare: set up container isolation feature. e.g., create cgroups. • Isolate: isolate the process. e.g., write control files. • Watch: enforce isolation, report violation. recover() prepare() isolate() watch() update() usage() cleanup() Isolator
FILESYSTEM PROVISIONING AND ISOLATION
CONTAINER SPECS What’s in it • Filesystem contents: rootfs(es) • Manifest / static configuration: • Version, dependencies, etc. • Mounts points • App: env, cmd, args, etc.
CONTAINER SPECS How to run it • Runtime configuration • hooks • mounts (volumes) • Resources: cpus, mem, disk, etc.
FILESYSTEM ISOLATION • With a new rootfs. • Decoupling from the host filesystem allow better application portability and infrastructure flexibility. • Without a new rootfs. • Volumes isolated inside the container mount namespace. • Mesos allows volume sources to be container images so the framework executor is not jailed but it can isolate its end-user logic inside a container rootfs. • Other aspects of isolation • Mounting <work_dir>/tmp as /tmp.
FILESYSTEM PROVISIONING • A universal provisioner for multiple images types. • Vendor specific store which does discover, fetching and processing. • Provision rootfs (e.g., via bind mount). Copy Backend Backend Bind Backend Overlay Backend Store Appc Store Docker Store OCF Store Provisioner Filesystem Isolator
SAMPLE CONTAINER INFO { "type" : "MESOS", "mesos" : { "image" : { "type" : "APPC", "appc" : { "name" : "acme.biz/appc/ubuntu1510", "labels" : { "labels": [{"key" : "version", "value" : "0.0.1"}] } } } }, "volumes": [ {"container_path" : "/tmp", "host_path" : "tmp", "mode" : "RW"}, {"container_path" : "/root", "host_path" : "/root", "mode" : "RW"}, {"container_path" : "/etc", "host_path" : "/etc", "mode" : "RO"}, {"container_path" : "/var/run", "host_path" : "/var/run", "mode" : "RW"}, {"container_path" : "/var/tmp", "host_path" : "/var/tmp", "mode" : "RW"} ] }
work_dir slaves provisioner … container_id containers/ container_id backends/ backend rootfses/ rootfs_id store docker appc images/ image_id manifest rootfs
registry acme.biz appc mysql57-0.0.1-linux-amd64.aci ubuntu1510-0.0.1-linux-amd64.aci store docker appc images/ image_id manifest rootfs fetch, decrypt, decompress, untar, etc.
work_dir slaves provisioner … container_id containers/ container_id backends/ backend rootfses/ rootfs_id store docker appc images/ image_id manifest rootfs /mnt/mesos/sandbox /
/var/tmp work_dir slaves provisioner … container_id containers/ container_id backends/ backend rootfses/ rootfs_id store docker appc images/ image_id manifest rootfs/mnt/mesos/sandbox / volumes roles/role persistence_id /mnt/mesos/sandbox/vol /var/tmp sand /mnt/mesos/sandbox/sand
CONTAINERIZE A LARGE FLEET 23 Credit: http://www.seanews.com.tr/news/127373/forwarders-freight/
CONTAINERIZEYOUR EXISTING CLUSTERS • Tight coupling with the host accumulated over time. • Start with a default container image identical to the host environment: fat images. • Decouple tasks from the host environment: shrink the images; make tasks self-sufficient. • Update the host environment independently from the containers. • Separate environment into (a limited number of) image layers.
DECOUPLING DEPENDENCIES • Software binary dependencies • Ideally containers are self-sufficient. • Configuration dependencies • Ideally configuration are pulled from a service and not the host, but may have to bind mount from the host as a compromise. • How to push realtime configuration change down to each container without mounting in host config? • How many layers should there be? • Ideally as few as possible and different logical layers managed by teams who own them.
PITFALLS DURING MIGRATION • Applications rely on host environment (other than aforementioned binaries and configs), e.g., working directory path. • Host services rely on information from “the contained application’s view”, e.g., /proc/<pid>/cwd, etc. • Software binaries in the container don’t match configuration from the host.
IMAGE IDENTIFICATION & VERIFICATION • The curse of the ‘latest’ tag/version: is ‘latest’ latest? • You don’t know if the image has changed until you’ve pulled it down (ETag helps). • Use image ID for preciseness and immutability. • Scenario: Emergency release of base image after fixing a zero-day vulnerability.
IMAGE PROVISIONING SCALABILITY • Upgrade default image for O(10000) hosts. • Images of GBs in size. • Network bandwidth. • What to do about tasks when the default image is still being fetched?
WHERETO GO FROM HERE • Persistent container filesystems. • What are the high-level abstractions for managing and utilizing containers? Pods? • Support OCF standard. • Make sure containerization work with Mesos features: oversubscription, IP per container, etc.
EPHEMERALVS. PERSISTENT CONTAINERS • Copy-on-write filesystem: overlays • Ephemeral read-only container filesystem: no top-layer; read-only rootfs with sandbox mounted in. • Ephemeral writable container filesystem: top layer from sandbox. • Persistent writable container filesystem: top layer from persistent volumes.
CONCLUSION • Mesos is by far and away the most proven scalable and production-ready way to manage your containers. • Filesystem isolation is only one element of it and there is cost and benefits with it. • Not everything needs to run inside a new rootfs and you can still reap the benefits of other types of containerization even if you don’t.
CONCLUSION • Still, migrating towards separate container filesystems is a good strategy for many organizations. • Filesystem provisioning and isolation is WIP, will be released in the next couple of months. • Mesos is not a container scheduler; it provides high- level cluster APIs and abstracts resources from hosts. Containerization serves this goal.
ACKNOWLEDGEMENTS Contributors of the native filesystem isolation feature: Lily Chen,Tim Chen, Ian Downes, JojyVarghese, Mei Wan,Yan Xu, JieYu, Chi Zhang. 33
QUESTIONS? 34

Recommended

Mesos: A State-of-the-art Container Orchestrator
Mesos: A State-of-the-art Container OrchestratorMesos: A State-of-the-art Container Orchestrator
Mesos: A State-of-the-art Container OrchestratorC4Media
 
Ceph-Mesos framework
Ceph-Mesos frameworkCeph-Mesos framework
Ceph-Mesos frameworkZhongyue Luo
 
Apache Mesos
Apache MesosApache Mesos
Apache MesosPuneet soni
 
Container Orchestration @Docker Meetup Hamburg
Container Orchestration @Docker Meetup HamburgContainer Orchestration @Docker Meetup Hamburg
Container Orchestration @Docker Meetup HamburgTimo Derstappen
 
Making Distributed Data Persistent Services Elastic (Without Losing All Your ...
Making Distributed Data Persistent Services Elastic (Without Losing All Your ...Making Distributed Data Persistent Services Elastic (Without Losing All Your ...
Making Distributed Data Persistent Services Elastic (Without Losing All Your ...C4Media
 
Introduction to DC/OS
Introduction to DC/OSIntroduction to DC/OS
Introduction to DC/OSAmita Ekbote
 
Kubernetes on Top of Mesos on Top of DCOS
Kubernetes on Top of Mesos on Top of DCOSKubernetes on Top of Mesos on Top of DCOS
Kubernetes on Top of Mesos on Top of DCOSStefan Schimanski
 
Platform as a Service with Kubernetes and Mesos
Platform as a Service with Kubernetes and Mesos Platform as a Service with Kubernetes and Mesos
Platform as a Service with Kubernetes and Mesos Miguel Zuniga
 

Recommended

Mesos: A State-of-the-art Container Orchestrator
Mesos: A State-of-the-art Container OrchestratorMesos: A State-of-the-art Container Orchestrator
Mesos: A State-of-the-art Container OrchestratorC4Media
 
Ceph-Mesos framework
Ceph-Mesos frameworkCeph-Mesos framework
Ceph-Mesos frameworkZhongyue Luo
 
Apache Mesos
Apache MesosApache Mesos
Apache MesosPuneet soni
 
Container Orchestration @Docker Meetup Hamburg
Container Orchestration @Docker Meetup HamburgContainer Orchestration @Docker Meetup Hamburg
Container Orchestration @Docker Meetup HamburgTimo Derstappen
 
Making Distributed Data Persistent Services Elastic (Without Losing All Your ...
Making Distributed Data Persistent Services Elastic (Without Losing All Your ...Making Distributed Data Persistent Services Elastic (Without Losing All Your ...
Making Distributed Data Persistent Services Elastic (Without Losing All Your ...C4Media
 
Introduction to DC/OS
Introduction to DC/OSIntroduction to DC/OS
Introduction to DC/OSAmita Ekbote
 
Kubernetes on Top of Mesos on Top of DCOS
Kubernetes on Top of Mesos on Top of DCOSKubernetes on Top of Mesos on Top of DCOS
Kubernetes on Top of Mesos on Top of DCOSStefan Schimanski
 
Platform as a Service with Kubernetes and Mesos
Platform as a Service with Kubernetes and Mesos Platform as a Service with Kubernetes and Mesos
Platform as a Service with Kubernetes and Mesos Miguel Zuniga
 
Crossing the Streams Mesos &lt;> Kubernetes
Crossing the Streams Mesos &lt;> KubernetesCrossing the Streams Mesos &lt;> Kubernetes
Crossing the Streams Mesos &lt;> KubernetesTimothy St. Clair
 
Freezer - Vietnam OpenStack Technical Meetup #12
Freezer - Vietnam OpenStack Technical Meetup #12Freezer - Vietnam OpenStack Technical Meetup #12
Freezer - Vietnam OpenStack Technical Meetup #12Vietnam Open Infrastructure User Group
 
Rhel cluster basics 1
Rhel cluster basics 1Rhel cluster basics 1
Rhel cluster basics 1Manoj Singh
 
Advanced resource management and scalability features for cloud environment u...
Advanced resource management and scalability features for cloud environment u...Advanced resource management and scalability features for cloud environment u...
Advanced resource management and scalability features for cloud environment u...Grigale LTD
 
Using CloudStack With Clustered LVM
Using CloudStack With Clustered LVMUsing CloudStack With Clustered LVM
Using CloudStack With Clustered LVMMarcus L Sorensen
 
Postgres on OpenStack
Postgres on OpenStackPostgres on OpenStack
Postgres on OpenStackEDB
 
Puppet + Windows Nano Server
Puppet + Windows Nano ServerPuppet + Windows Nano Server
Puppet + Windows Nano ServerAlessandro Pilotti
 
OpenStack in 10 minutes with Devstack
OpenStack in 10 minutes with DevstackOpenStack in 10 minutes with Devstack
OpenStack in 10 minutes with DevstackSean Dague
 
Walla migration
Walla migrationWalla migration
Walla migrationGrigale LTD
 
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...OpenStack Korea Community
 
Postgres Plus Cloud Database on OpenStack
Postgres Plus Cloud Database on OpenStackPostgres Plus Cloud Database on OpenStack
Postgres Plus Cloud Database on OpenStackKamesh Pemmaraju
 
SUSE Enterprise Storage
SUSE Enterprise StorageSUSE Enterprise Storage
SUSE Enterprise StorageSUSE
 
Compute node HA - current upstream development
Compute node HA - current upstream developmentCompute node HA - current upstream development
Compute node HA - current upstream developmentAdam Spiers
 
A guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on KubernetesA guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on Kubernetest8kobayashi
 
Provisioning and automating high availability postgres on aws ec2 (1)
Provisioning and automating high availability postgres on aws ec2 (1)Provisioning and automating high availability postgres on aws ec2 (1)
Provisioning and automating high availability postgres on aws ec2 (1)Payal Singh
 
Container Orchestration
Container OrchestrationContainer Orchestration
Container Orchestrationdfilppi
 
Gluster Webinar: Introduction to GlusterFS
Gluster Webinar: Introduction to GlusterFSGluster Webinar: Introduction to GlusterFS
Gluster Webinar: Introduction to GlusterFSGlusterFS
 
Sanger OpenStack presentation March 2017
Sanger OpenStack presentation March 2017Sanger OpenStack presentation March 2017
Sanger OpenStack presentation March 2017Dave Holland
 
OpenStack DRaaS - Freezer - 101
OpenStack DRaaS - Freezer - 101OpenStack DRaaS - Freezer - 101
OpenStack DRaaS - Freezer - 101Trinath Somanchi
 
Introduction of mesos persistent storage
Introduction of mesos persistent storageIntroduction of mesos persistent storage
Introduction of mesos persistent storageZhou Weitao
 
Mesos vs kubernetes comparison
Mesos vs kubernetes comparisonMesos vs kubernetes comparison
Mesos vs kubernetes comparisonKrishna-Kumar
 
Persistent storage tailored for containers
Persistent storage tailored for containersPersistent storage tailored for containers
Persistent storage tailored for containersDocker, Inc.
 

More Related Content

What's hot

Crossing the Streams Mesos &lt;> Kubernetes
Crossing the Streams Mesos &lt;> KubernetesCrossing the Streams Mesos &lt;> Kubernetes
Crossing the Streams Mesos &lt;> KubernetesTimothy St. Clair
 
Rhel cluster basics 1
Rhel cluster basics 1Rhel cluster basics 1
Rhel cluster basics 1Manoj Singh
 
Advanced resource management and scalability features for cloud environment u...
Advanced resource management and scalability features for cloud environment u...Advanced resource management and scalability features for cloud environment u...
Advanced resource management and scalability features for cloud environment u...Grigale LTD
 
Using CloudStack With Clustered LVM
Using CloudStack With Clustered LVMUsing CloudStack With Clustered LVM
Using CloudStack With Clustered LVMMarcus L Sorensen
 
Postgres on OpenStack
Postgres on OpenStackPostgres on OpenStack
Postgres on OpenStackEDB
 
OpenStack in 10 minutes with Devstack
OpenStack in 10 minutes with DevstackOpenStack in 10 minutes with Devstack
OpenStack in 10 minutes with DevstackSean Dague
 
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...OpenStack Korea Community
 
Postgres Plus Cloud Database on OpenStack
Postgres Plus Cloud Database on OpenStackPostgres Plus Cloud Database on OpenStack
Postgres Plus Cloud Database on OpenStackKamesh Pemmaraju
 
SUSE Enterprise Storage
SUSE Enterprise StorageSUSE Enterprise Storage
SUSE Enterprise StorageSUSE
 
Compute node HA - current upstream development
Compute node HA - current upstream developmentCompute node HA - current upstream development
Compute node HA - current upstream developmentAdam Spiers
 
A guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on KubernetesA guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on Kubernetest8kobayashi
 
Provisioning and automating high availability postgres on aws ec2 (1)
Provisioning and automating high availability postgres on aws ec2 (1)Provisioning and automating high availability postgres on aws ec2 (1)
Provisioning and automating high availability postgres on aws ec2 (1)Payal Singh
 
Container Orchestration
Container OrchestrationContainer Orchestration
Container Orchestrationdfilppi
 
Gluster Webinar: Introduction to GlusterFS
Gluster Webinar: Introduction to GlusterFSGluster Webinar: Introduction to GlusterFS
Gluster Webinar: Introduction to GlusterFSGlusterFS
 
Sanger OpenStack presentation March 2017
Sanger OpenStack presentation March 2017Sanger OpenStack presentation March 2017
Sanger OpenStack presentation March 2017Dave Holland
 
OpenStack DRaaS - Freezer - 101
OpenStack DRaaS - Freezer - 101OpenStack DRaaS - Freezer - 101
OpenStack DRaaS - Freezer - 101Trinath Somanchi
 

What's hot (19)

Crossing the Streams Mesos &lt;> Kubernetes
Crossing the Streams Mesos &lt;> KubernetesCrossing the Streams Mesos &lt;> Kubernetes
Crossing the Streams Mesos &lt;> Kubernetes
 
Freezer - Vietnam OpenStack Technical Meetup #12
Freezer - Vietnam OpenStack Technical Meetup #12Freezer - Vietnam OpenStack Technical Meetup #12
Freezer - Vietnam OpenStack Technical Meetup #12
 
Rhel cluster basics 1
Rhel cluster basics 1Rhel cluster basics 1
Rhel cluster basics 1
 
Advanced resource management and scalability features for cloud environment u...
Advanced resource management and scalability features for cloud environment u...Advanced resource management and scalability features for cloud environment u...
Advanced resource management and scalability features for cloud environment u...
 
Using CloudStack With Clustered LVM
Using CloudStack With Clustered LVMUsing CloudStack With Clustered LVM
Using CloudStack With Clustered LVM
 
Postgres on OpenStack
Postgres on OpenStackPostgres on OpenStack
Postgres on OpenStack
 
Puppet + Windows Nano Server
Puppet + Windows Nano ServerPuppet + Windows Nano Server
Puppet + Windows Nano Server
 
OpenStack in 10 minutes with Devstack
OpenStack in 10 minutes with DevstackOpenStack in 10 minutes with Devstack
OpenStack in 10 minutes with Devstack
 
Walla migration
Walla migrationWalla migration
Walla migration
 
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
 
Postgres Plus Cloud Database on OpenStack
Postgres Plus Cloud Database on OpenStackPostgres Plus Cloud Database on OpenStack
Postgres Plus Cloud Database on OpenStack
 
SUSE Enterprise Storage
SUSE Enterprise StorageSUSE Enterprise Storage
SUSE Enterprise Storage
 
Compute node HA - current upstream development
Compute node HA - current upstream developmentCompute node HA - current upstream development
Compute node HA - current upstream development
 
A guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on KubernetesA guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on Kubernetes
 
Provisioning and automating high availability postgres on aws ec2 (1)
Provisioning and automating high availability postgres on aws ec2 (1)Provisioning and automating high availability postgres on aws ec2 (1)
Provisioning and automating high availability postgres on aws ec2 (1)
 
Container Orchestration
Container OrchestrationContainer Orchestration
Container Orchestration
 
Gluster Webinar: Introduction to GlusterFS
Gluster Webinar: Introduction to GlusterFSGluster Webinar: Introduction to GlusterFS
Gluster Webinar: Introduction to GlusterFS
 
Sanger OpenStack presentation March 2017
Sanger OpenStack presentation March 2017Sanger OpenStack presentation March 2017
Sanger OpenStack presentation March 2017
 
OpenStack DRaaS - Freezer - 101
OpenStack DRaaS - Freezer - 101OpenStack DRaaS - Freezer - 101
OpenStack DRaaS - Freezer - 101
 

Viewers also liked

Introduction of mesos persistent storage
Introduction of mesos persistent storageIntroduction of mesos persistent storage
Introduction of mesos persistent storageZhou Weitao
 
Mesos vs kubernetes comparison
Mesos vs kubernetes comparisonMesos vs kubernetes comparison
Mesos vs kubernetes comparisonKrishna-Kumar
 
Persistent storage tailored for containers
Persistent storage tailored for containersPersistent storage tailored for containers
Persistent storage tailored for containersDocker, Inc.
 
Musings on Mesos: Docker, Kubernetes, and Beyond.
Musings on Mesos: Docker, Kubernetes, and Beyond.Musings on Mesos: Docker, Kubernetes, and Beyond.
Musings on Mesos: Docker, Kubernetes, and Beyond.Timothy St. Clair
 
Mesos meetup @ shutterstock
Mesos meetup @ shutterstockMesos meetup @ shutterstock
Mesos meetup @ shutterstockBrenden Matthews
 
Containerized Data Persistence on Mesos
Containerized Data Persistence on MesosContainerized Data Persistence on Mesos
Containerized Data Persistence on MesosJoe Stein
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanNeependra Khare
 
Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...Murat Mukhtarov
 
Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondKubeAcademy
 
Container Orchestration Wars
Container Orchestration WarsContainer Orchestration Wars
Container Orchestration WarsKarl Isenberg
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupKubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupStefan Schimanski
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetesrajdeep
 
Reactive dashboard’s using apache spark
Reactive dashboard’s using apache sparkReactive dashboard’s using apache spark
Reactive dashboard’s using apache sparkRahul Kumar
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Four Things to Know About Reliable Spark Streaming with Typesafe and Databricks
Four Things to Know About Reliable Spark Streaming with Typesafe and DatabricksFour Things to Know About Reliable Spark Streaming with Typesafe and Databricks
Four Things to Know About Reliable Spark Streaming with Typesafe and DatabricksLegacy Typesafe (now Lightbend)
 
Data processing platforms architectures with Spark, Mesos, Akka, Cassandra an...
Data processing platforms architectures with Spark, Mesos, Akka, Cassandra an...Data processing platforms architectures with Spark, Mesos, Akka, Cassandra an...
Data processing platforms architectures with Spark, Mesos, Akka, Cassandra an...Anton Kirillov
 
Docker, Mesos, Spark
Docker, Mesos, Spark Docker, Mesos, Spark
Docker, Mesos, Spark Qiang Wang
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 
Big Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and MesosBig Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and MesosHeiko Loewe
 

Viewers also liked (20)

Introduction of mesos persistent storage
Introduction of mesos persistent storageIntroduction of mesos persistent storage
Introduction of mesos persistent storage
 
Mesos vs kubernetes comparison
Mesos vs kubernetes comparisonMesos vs kubernetes comparison
Mesos vs kubernetes comparison
 
Persistent storage tailored for containers
Persistent storage tailored for containersPersistent storage tailored for containers
Persistent storage tailored for containers
 
Musings on Mesos: Docker, Kubernetes, and Beyond.
Musings on Mesos: Docker, Kubernetes, and Beyond.Musings on Mesos: Docker, Kubernetes, and Beyond.
Musings on Mesos: Docker, Kubernetes, and Beyond.
 
Mesos meetup @ shutterstock
Mesos meetup @ shutterstockMesos meetup @ shutterstock
Mesos meetup @ shutterstock
 
Containerized Data Persistence on Mesos
Containerized Data Persistence on MesosContainerized Data Persistence on Mesos
Containerized Data Persistence on Mesos
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai Vallirajan
 
Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...
 
Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyond
 
Container Orchestration Wars
Container Orchestration WarsContainer Orchestration Wars
Container Orchestration Wars
 
How to deploy Apache Spark 
to Mesos/DCOS
How to deploy Apache Spark 
to Mesos/DCOSHow to deploy Apache Spark 
to Mesos/DCOS
How to deploy Apache Spark 
to Mesos/DCOS
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupKubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Reactive dashboard’s using apache spark
Reactive dashboard’s using apache sparkReactive dashboard’s using apache spark
Reactive dashboard’s using apache spark
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Four Things to Know About Reliable Spark Streaming with Typesafe and Databricks
Four Things to Know About Reliable Spark Streaming with Typesafe and DatabricksFour Things to Know About Reliable Spark Streaming with Typesafe and Databricks
Four Things to Know About Reliable Spark Streaming with Typesafe and Databricks
 
Data processing platforms architectures with Spark, Mesos, Akka, Cassandra an...
Data processing platforms architectures with Spark, Mesos, Akka, Cassandra an...Data processing platforms architectures with Spark, Mesos, Akka, Cassandra an...
Data processing platforms architectures with Spark, Mesos, Akka, Cassandra an...
 
Docker, Mesos, Spark
Docker, Mesos, Spark Docker, Mesos, Spark
Docker, Mesos, Spark
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Big Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and MesosBig Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and Mesos
 

Similar to Mesos and containers

WTF my container just spawned a shell!
WTF my container just spawned a shell!WTF my container just spawned a shell!
WTF my container just spawned a shell!Sysdig
 
Containers #101 Meetup: Containers & OpenStack
Containers #101 Meetup: Containers & OpenStack Containers #101 Meetup: Containers & OpenStack
Containers #101 Meetup: Containers & OpenStack Brittany Ingram
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Sysdig
 
Containers #101 Meetup: Containers and OpenStack
Containers #101 Meetup: Containers and OpenStackContainers #101 Meetup: Containers and OpenStack
Containers #101 Meetup: Containers and OpenStackCodefresh
 
Ippevent : openshift Introduction
Ippevent : openshift IntroductionIppevent : openshift Introduction
Ippevent : openshift Introductionkanedafromparis
 
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackContainers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackOpenStack
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 
The container revolution, and what it means to operators.pptx
The container revolution, and what it means to operators.pptxThe container revolution, and what it means to operators.pptx
The container revolution, and what it means to operators.pptxRobert Starmer
 
The container revolution, and what it means to operators open stack southba...
The container revolution, and what it means to operators open stack southba...The container revolution, and what it means to operators open stack southba...
The container revolution, and what it means to operators open stack southba...Robert Starmer
 
Postgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPostgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPivotalOpenSourceHub
 
PostgreSQL and Linux Containers
PostgreSQL and Linux ContainersPostgreSQL and Linux Containers
PostgreSQL and Linux ContainersJignesh Shah
 
Docking postgres
Docking postgresDocking postgres
Docking postgresrycamor
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetesDongwon Kim
 
State of the Container Ecosystem
State of the Container EcosystemState of the Container Ecosystem
State of the Container EcosystemVinay Rao
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with DockerRavindu Fernando
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 

Similar to Mesos and containers (20)

WTF my container just spawned a shell!
WTF my container just spawned a shell!WTF my container just spawned a shell!
WTF my container just spawned a shell!
 
Containers #101 Meetup: Containers & OpenStack
Containers #101 Meetup: Containers & OpenStack Containers #101 Meetup: Containers & OpenStack
Containers #101 Meetup: Containers & OpenStack
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
 
Containers #101 Meetup: Containers and OpenStack
Containers #101 Meetup: Containers and OpenStackContainers #101 Meetup: Containers and OpenStack
Containers #101 Meetup: Containers and OpenStack
 
Ippevent : openshift Introduction
Ippevent : openshift IntroductionIppevent : openshift Introduction
Ippevent : openshift Introduction
 
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackContainers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
 
The container revolution, and what it means to operators.pptx
The container revolution, and what it means to operators.pptxThe container revolution, and what it means to operators.pptx
The container revolution, and what it means to operators.pptx
 
The container revolution, and what it means to operators open stack southba...
The container revolution, and what it means to operators open stack southba...The container revolution, and what it means to operators open stack southba...
The container revolution, and what it means to operators open stack southba...
 
Postgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPostgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh Shah
 
PostgreSQL and Linux Containers
PostgreSQL and Linux ContainersPostgreSQL and Linux Containers
PostgreSQL and Linux Containers
 
Docking postgres
Docking postgresDocking postgres
Docking postgres
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
State of the Container Ecosystem
State of the Container EcosystemState of the Container Ecosystem
State of the Container Ecosystem
 
Docker & Daily DevOps
Docker & Daily DevOpsDocker & Daily DevOps
Docker & Daily DevOps
 
Docker and-daily-devops
Docker and-daily-devopsDocker and-daily-devops
Docker and-daily-devops
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with Docker
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Mesos and containers

  • 1. MESOS & CONTAINERS Overview of Mesos containerization and upcoming filesystem isolation support (a.k.a the docker like thing) Yan Xu !xujyan
  • 2. WHAT IS A CONTAINER • Loosely defined: a lightweight “VM” / OS-level virtualization / “chroot on steroids”. • To Mesos: a per-task/executor isolated execution environment.
  • 3. DIMENSIONS OF CONTAINERIZATION • Performance isolation: resource quota limiting. e.g. mem isolation. • Isolated visibility from inside the container: stack separation, jailing. e.g., filesystem isolation. • Visibility from the host: inspection, metrics.
  • 4. CONTAINERIZATION:A CORE PREMISE OF MESOS RESOURCE MANAGEMENT Can’t allocate resources without enforcement! Credit: http://cdn.diginomica.com/wp-content/uploads/2014/07/Fotolia-Oleksiy-Mark-50048132_Sub_M.jpg
  • 5. A BRIEF HISTORY OF MESOS CONTAINERIZATION • LXC (2010) • Cgroups (2012) • Linux namespaces (2013) • Docker* (2014)
  • 6. THETALE OFTWO CONTAINERIZERS • MesosContainerizer (default) • DockerContainerizer • Dynamically chosen based on ContainerInfo if both are specified via --containerizers. Mesos Containerizer Docker Containerizer Agent Docker Isolators Isolators Isolators Custom executor Docker executor
  • 7. CURRENT MESOS CONTAINERIZER LINEUP • Performance isolation • cpu, mem, disk quota, network egress bandwidth • Isolated visibility from inside • pid, network (port mapping) • Visibility from the host • perf_event, other cgroup stats and network stats, etc.
  • 8. DOCKER IS GREAT, BUT... • Requires Docker installation and maintenance. • Tasks die with Docker daemon (upgrade, etc.) • Limited performance isolation done by Mesos. • Cannot compose with Mesos isolators (disk quota, port mapping). • Complexity in managing task lifecycle. • Hard to take advantage of other Mesos features: disk quota enforcement with persistent volumes; IP per container, etc.
  • 9. A UNIVERSAL MESOS CONTAINERIZER • An all-encompassing containerizer for performance isolation, visibility isolation and metering. • Compossible: each isolation is implemented as an Isolator and configured independently. • Container resources are mutable during container lifecycle. • Tightly integrated with Mesos task/executor.
  • 10. MESOS CONTAINERIZER • “The Docker thing”: filesystem isolation. • Extensible: new isolators such as are added and configured independently. • Filesystem isolator also handles cases without a new rootfs. CPU Isolator Mem Isolator DiskQuota Isolator Network Isolator PID Isolator PerfEvent Isolator Containerizer Filesystem Isolator … Isolator
  • 11. CONTAINERIZER • Recovery: agent crash tolerance. • Update: grow and shrink container as needed. • Usage: container statistics. • Wait: tied to executor lifecycle. recover() launch() update() usage() wait() destroy() Containerizer
  • 12. ISOLATOR • Prepare: set up container isolation feature. e.g., create cgroups. • Isolate: isolate the process. e.g., write control files. • Watch: enforce isolation, report violation. recover() prepare() isolate() watch() update() usage() cleanup() Isolator
  • 14. CONTAINER SPECS What’s in it • Filesystem contents: rootfs(es) • Manifest / static configuration: • Version, dependencies, etc. • Mounts points • App: env, cmd, args, etc.
  • 15. CONTAINER SPECS How to run it • Runtime configuration • hooks • mounts (volumes) • Resources: cpus, mem, disk, etc.
  • 16. FILESYSTEM ISOLATION • With a new rootfs. • Decoupling from the host filesystem allow better application portability and infrastructure flexibility. • Without a new rootfs. • Volumes isolated inside the container mount namespace. • Mesos allows volume sources to be container images so the framework executor is not jailed but it can isolate its end-user logic inside a container rootfs. • Other aspects of isolation • Mounting <work_dir>/tmp as /tmp.
  • 17. FILESYSTEM PROVISIONING • A universal provisioner for multiple images types. • Vendor specific store which does discover, fetching and processing. • Provision rootfs (e.g., via bind mount). Copy Backend Backend Bind Backend Overlay Backend Store Appc Store Docker Store OCF Store Provisioner Filesystem Isolator
  • 18. SAMPLE CONTAINER INFO { "type" : "MESOS", "mesos" : { "image" : { "type" : "APPC", "appc" : { "name" : "acme.biz/appc/ubuntu1510", "labels" : { "labels": [{"key" : "version", "value" : "0.0.1"}] } } } }, "volumes": [ {"container_path" : "/tmp", "host_path" : "tmp", "mode" : "RW"}, {"container_path" : "/root", "host_path" : "/root", "mode" : "RW"}, {"container_path" : "/etc", "host_path" : "/etc", "mode" : "RO"}, {"container_path" : "/var/run", "host_path" : "/var/run", "mode" : "RW"}, {"container_path" : "/var/tmp", "host_path" : "/var/tmp", "mode" : "RW"} ] }
  • 23. CONTAINERIZE A LARGE FLEET 23 Credit: http://www.seanews.com.tr/news/127373/forwarders-freight/
  • 24. CONTAINERIZEYOUR EXISTING CLUSTERS • Tight coupling with the host accumulated over time. • Start with a default container image identical to the host environment: fat images. • Decouple tasks from the host environment: shrink the images; make tasks self-sufficient. • Update the host environment independently from the containers. • Separate environment into (a limited number of) image layers.
  • 25. DECOUPLING DEPENDENCIES • Software binary dependencies • Ideally containers are self-sufficient. • Configuration dependencies • Ideally configuration are pulled from a service and not the host, but may have to bind mount from the host as a compromise. • How to push realtime configuration change down to each container without mounting in host config? • How many layers should there be? • Ideally as few as possible and different logical layers managed by teams who own them.
  • 26. PITFALLS DURING MIGRATION • Applications rely on host environment (other than aforementioned binaries and configs), e.g., working directory path. • Host services rely on information from “the contained application’s view”, e.g., /proc/<pid>/cwd, etc. • Software binaries in the container don’t match configuration from the host.
  • 27. IMAGE IDENTIFICATION & VERIFICATION • The curse of the ‘latest’ tag/version: is ‘latest’ latest? • You don’t know if the image has changed until you’ve pulled it down (ETag helps). • Use image ID for preciseness and immutability. • Scenario: Emergency release of base image after fixing a zero-day vulnerability.
  • 28. IMAGE PROVISIONING SCALABILITY • Upgrade default image for O(10000) hosts. • Images of GBs in size. • Network bandwidth. • What to do about tasks when the default image is still being fetched?
  • 29. WHERETO GO FROM HERE • Persistent container filesystems. • What are the high-level abstractions for managing and utilizing containers? Pods? • Support OCF standard. • Make sure containerization work with Mesos features: oversubscription, IP per container, etc.
  • 30. EPHEMERALVS. PERSISTENT CONTAINERS • Copy-on-write filesystem: overlays • Ephemeral read-only container filesystem: no top-layer; read-only rootfs with sandbox mounted in. • Ephemeral writable container filesystem: top layer from sandbox. • Persistent writable container filesystem: top layer from persistent volumes.
  • 31. CONCLUSION • Mesos is by far and away the most proven scalable and production-ready way to manage your containers. • Filesystem isolation is only one element of it and there is cost and benefits with it. • Not everything needs to run inside a new rootfs and you can still reap the benefits of other types of containerization even if you don’t.
  • 32. CONCLUSION • Still, migrating towards separate container filesystems is a good strategy for many organizations. • Filesystem provisioning and isolation is WIP, will be released in the next couple of months. • Mesos is not a container scheduler; it provides high- level cluster APIs and abstracts resources from hosts. Containerization serves this goal.
  • 33. ACKNOWLEDGEMENTS Contributors of the native filesystem isolation feature: Lily Chen,Tim Chen, Ian Downes, JojyVarghese, Mei Wan,Yan Xu, JieYu, Chi Zhang. 33