Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Microservices, Containers and Docker
Ioannis	Papapanagiotou,	PhD
ipapapa@ncsu.edu
Agenda
§ Microservices
§ Linux Containers
§ Docker
§ Orchestration
2
Microservices
3
Microservice architectural style: developing a single application as a suite of
small services, each runni...
Microservice style vs Monolythics
4
So why Microservices?
§ Fast deployment: Code changes for each service can be made independently (as long as
the API contr...
From microservices to containers
§ Agile software development is a broadly
adopted methodology in enterprises
today.
§ "fu...
Microservices: Complexities and design considerations
§ Distributed application logic: with microservices the logic is spr...
Netflix service ecosystem
8
Containers – New degree of freedom
Containerization:
§ Use lightweight packages instead of full VMs
§ Move from a single l...
History of cargo transport
10
Solution to Shipping Challenge
11
Analogy with virtualization
§ Historical way: $M mainframes
§ Modern way: virtual machines
§ Problem: performance overhead
The Solution to Software Shipping
13
§ A Standard Container System
Why use containers?
§ Reduces build & deploy times
§ Cost control and granularity
§ Libraries dependency can be complicate...
Containers vs VMs
§ Container technology simplifies cloud portability.
–Run same application in different environments
1. ...
Virtual Machines vs Containers
Containers can and can’t
§Can
–Get shell (i.e. ssh)
–Own process space
–Own network interface
–Run as root
–Install packag...
Containers vs Processes
§ Containers are processes with their full environment.
– A computer science textbook will define ...
LinuX Containers (LXC)
§ Operation System level virtualization method for Linux
§ LXC (LinuX Containers) is an OS virtual ...
Is containers a new thing?
§ Cgroups is a mechanism to control resources per hierarchical groups of
processes
§ cgroups (a...
Cgroups design goals
§ Provide a unified interface to many different use cases, from controlling
single processes to whole...
Namespaces
22
§ The purpose of each namespace is to wrap a particular global system
resource in an abstraction that makes ...
Mount Namespace
nThe “mount namespace” isolates the set of filesystem mount points seen by a group of
processes
n processe...
IPC Namespace
nIPC namespace isolates the inter-process communication resources.
nA process or a group of processes have t...
Network Namespace
nNet namespace isolates the networking related resources
nEvery net namespace has independent
nNetwork d...
PID Namespace
§ PID namespace isolates the Process ID, implemented as a hierarchy.
§ PID namespace is a hierarchy comprise...
Other Namespaces
§ UTS namespace
§ UTS = UNIX Time-sharing System
§ Each process has a separate copy of the hostname and t...
So what is Docker?
Docker is an open-source project that automates the deployment
of applications inside software containe...
Virtual Machines vs Containers vs Docker
Why Docker?
§ Docker makes it easy to build, modify, publish, search, and run
containers.
–With Docker, a container compri...
How Docker works
§Containers can be found in a Docker Registry (either public
or private), using Docker Search.
§Container...
Docker Use Cases
§ Development Environment
§ Environments for Integration Tests
§ Quick evaluation of software
§ Microserv...
Hello World
§ Simple Command - Ad-Hoc Container
–$ sudo docker run ubuntu /bin/echo 'Hello World'
Hello World
§ Interactiv...
Container Orchestration
34
Goal: how do we orchestration billions of containers across perhaps millions of
VMs?
Shared resources
§ All containers share the same set of resources (CPU, RAM, disk, various
kernel things…)
§ Need fair dis...
Container Orchestration
Orchestrate containers to facilitate microservices architecture
§ Provision containers
§ Manage co...
Which one to choose?
37
Kubernetes
§ Kubernetes is based on Google’s
experience of many years working with
Linux containers.
§ Some abilities:
– M...
Kubernetes: Pods
§ Pods:
– Pods are groups of containers that are deployed and scheduled together.
– A pod will typically ...
Kubernetes: Services & Replication Controllers
§ Services
– Services are stable endpoints that can be addressed by name.
–...
Kubernetes: Net space and Labels
§ Flat Networking Space:
– Containers within a pod share an IP address, but the address s...
Docker Swarm
§ A native clustering for Docker.
§ Exposes standard Docker API
– meaning that any tool that you used to
comm...
Docker Swarm: Architecture
§ Architecture:
– each host runs a Swarm agent and one host runs a Swarm manager (on small test...
Mesos
§ Apache Mesos (https://mesos.apache.org) is an open-source cluster manager. It’s designed
to scale to very large cl...
Mesos: Architecture
§ Mesos Agent Nodes – Responsible for actually
running tasks. All agents submit a list of their
availa...
Mesos with Marathon: Architecture
§ Frameworks – Frameworks co-ordinate with the master to schedule tasks onto agent
nodes...
Conclusion?
There are three types of lies:
"Lies, damned lies, and benchmarks”
47
Background Docker info
48
Terminology - Image
§ Persisted snapshot that can be run
images: List all local images
run: Create a container from an ima...
Terminology - Container
§ Runnable instance of an image
ps: List all running containers
ps –a: List all containers (incl. ...
Daemon Container
51
§ Open Terminal in container:
–docker run –it ubuntu /bin/bash
§ Make any modification
§ We can create...
Dockerfile
§ Docker can build images automatically by reading the instructions from a Dockerfile.
– Dockerfile: text docum...
Docker Hub
§ Public repository of Docker images
–https://hub.docker.com/
–docker search [term]
§ Automated: Has been autom...
References and Acknowledgements
§ Some images have been borrowed from: :
http://scm.zoomquiet.io/data/20131004215734/index...
Upcoming SlideShare
Loading in …5
×

Microservices, Containers and Docker

1,647 views

Published on

Course: High Performance Cloud Services
http://ipapapa.github.io/teach/cloudCourse

Published in: Education
  • Be the first to comment

Microservices, Containers and Docker

  1. 1. Microservices, Containers and Docker Ioannis Papapanagiotou, PhD ipapapa@ncsu.edu
  2. 2. Agenda § Microservices § Linux Containers § Docker § Orchestration 2
  3. 3. Microservices 3 Microservice architectural style: developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, e.g. REST API.
  4. 4. Microservice style vs Monolythics 4
  5. 5. So why Microservices? § Fast deployment: Code changes for each service can be made independently (as long as the API contract with other services isn’t violated) and therefore, build+test+deploy cycles speed up dramatically. – Netflix, for example, deploys code a hundred times in a single day thanks to the early adoption of the microservices architecture! § Efficient scaling: Each microservice can be scaled independently, – a much more efficient way of scaling an application, because not every part of an application experiences the same amount of load and needs to be scaled equally. § Design autonomy: Developers get the freedom to employ different technologies, frameworks, and design patterns to design and implement each microservice, – pursuing a horses for the courses strategy as necessary. 5 Move Fast, Fail Fast (and Small)
  6. 6. From microservices to containers § Agile software development is a broadly adopted methodology in enterprises today. § "full-stack-responsibility" for the individual services. – infrastructures need to scale differently and the self-service model for projects is taking center stage. § Containers are the foundation for this. – Along with proper DevOps and orchestration. 6
  7. 7. Microservices: Complexities and design considerations § Distributed application logic: with microservices the logic is spread across the services and, more importantly, embedded in the control and data flow between those services. § Diverse technology stack: the system may be comprised of in house developed services, open source software, and external libraries. § Hard to test and debug: there might be thousands of interactions between the constituent services – Equivalent to the “butterfly effect” (a minor change of service, could potentially be catastrophic) 7
  8. 8. Netflix service ecosystem 8
  9. 9. Containers – New degree of freedom Containerization: § Use lightweight packages instead of full VMs § Move from a single large monolithic app to composition of microservices § Containerize different parts of an application § Move parts of apps into different types of cloud infrastructure § Simplify migration of applications between private, public and hybrid clouds 9 New concept of virtualization solution for PaaS and IaaS due to container’s increased density, isolation, elasticity and rapid provisioning
  10. 10. History of cargo transport 10
  11. 11. Solution to Shipping Challenge 11
  12. 12. Analogy with virtualization § Historical way: $M mainframes § Modern way: virtual machines § Problem: performance overhead
  13. 13. The Solution to Software Shipping 13 § A Standard Container System
  14. 14. Why use containers? § Reduces build & deploy times § Cost control and granularity § Libraries dependency can be complicated § Infrastructure configuration = spaghetti 14
  15. 15. Containers vs VMs § Container technology simplifies cloud portability. –Run same application in different environments 1. A container encapsulates applications and defines their interface with the surrounding system 2. In a virtual machine: a full OS install with the associated overhead of virtualized device drivers, etc., § Containers use and share the OS and device drivers of the host. 3. Virtual machines have a full OS with its own memory management, device drivers, daemons, etc. § Containers share the host’s OS and are therefore lighter weight.
  16. 16. Virtual Machines vs Containers
  17. 17. Containers can and can’t §Can –Get shell (i.e. ssh) –Own process space –Own network interface –Run as root –Install packages –Run services –… 17 §Can’t –Use the host kernel –Boot a different OS –Have its own modules –Doesn’t need init as PID 1
  18. 18. Containers vs Processes § Containers are processes with their full environment. – A computer science textbook will define a process as having its own address space, program, CPU state, and process table entry. – The program text is actually memory mapped from the filesystem into the process address space and often consists of dozens of shared libraries in addition to the program itself, thus all these files are really part of the process.
  19. 19. LinuX Containers (LXC) § Operation System level virtualization method for Linux § LXC (LinuX Containers) is an OS virtual for running isolated Linux systems (containers) on a single control host 19
  20. 20. Is containers a new thing? § Cgroups is a mechanism to control resources per hierarchical groups of processes § cgroups (abbreviated from control groups) is a Linux kernel feature to limit, account, and isolate resource usage (CPU, memory, disk I/O, etc.) of process groups. – This work was started by engineers at Google in 2006 under the name "process containers". – In late 2007, it was renamed to "Control Groups" due to the confusion caused by multiple meanings of the term "container" in the Linux kernel, and merged into kernel version 2.6.24. – Since then, new features and controllers have been added.
  21. 21. Cgroups design goals § Provide a unified interface to many different use cases, from controlling single processes to whole operating system-level virtualization § Cgroups provides: –Resource limitation: groups can be set to not exceed a set memory limit — this also includes file system cache. • The original paper was presented at Linux Symposium and can be found at Containers: Challenges with the memory resource controller and its performance. –Prioritization: some groups may get a larger share of CPU or disk I/O throughput. –Accounting: to measure how much resources certain systems use for e.g. billing purposes. –Control: freezing groups or check-pointing and restarting.
  22. 22. Namespaces 22 § The purpose of each namespace is to wrap a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. § Cgroups vs namespaces –Cgroups: limits how much you can use –Namespaces: limits how much you can see (and use) § Namespaces –mnt –uts –ipc –net –pid –usr
  23. 23. Mount Namespace nThe “mount namespace” isolates the set of filesystem mount points seen by a group of processes n processes in a different mount namespaces can have different view of the filesystem hierarchy. nMounts can be private or shared nThe tasks running in each mount namespace doing mount/unmount will not affect the file system layout of the other mount namespace. 23
  24. 24. IPC Namespace nIPC namespace isolates the inter-process communication resources. nA process or a group of processes have their own: nIPC shared memory nIPC semaphore nIPC message queues 24
  25. 25. Network Namespace nNet namespace isolates the networking related resources nEvery net namespace has independent nNetwork devices, IP addresses, firewall rules, routing table, sockets etc. 25
  26. 26. PID Namespace § PID namespace isolates the Process ID, implemented as a hierarchy. § PID namespace is a hierarchy comprised of “Parent” and “Child”. – The parent pid-ns can have many children pid-ns. Each Child pid-ns only has one parent pidns. 26
  27. 27. Other Namespaces § UTS namespace § UTS = UNIX Time-sharing System § Each process has a separate copy of the hostname and the (now mostly unused) NIS domain name à isolation! § In containers: useful for init and config scripts that tailor their actions based on the names § User namespace § kuid/kgid: Original uid/gid, Global § uid/gid: user id in user namespace, will be translated to kuid/kgid finally § Only parent User NS has rights to set map
  28. 28. So what is Docker? Docker is an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating system–level virtualization on Linux.
  29. 29. Virtual Machines vs Containers vs Docker
  30. 30. Why Docker? § Docker makes it easy to build, modify, publish, search, and run containers. –With Docker, a container comprises both an application and all of its dependencies. –Containers can either be created manually or, if a source code repository contains a DockerFile, automatically. –Subsequent modifications to a baseline Docker image can be committed to a new container using the Docker Commit Function and then Pushed to a Central Registry. 30
  31. 31. How Docker works §Containers can be found in a Docker Registry (either public or private), using Docker Search. §Containers can be pulled from the registry using Docker Pull and can be run, started, stopped, etc. 31
  32. 32. Docker Use Cases § Development Environment § Environments for Integration Tests § Quick evaluation of software § Microservices § Multi-Tenancy § Unified execution environment (dev à test à prod (local, VM, cloud, ...) 32
  33. 33. Hello World § Simple Command - Ad-Hoc Container –$ sudo docker run ubuntu /bin/echo 'Hello World' Hello World § Interactive Container –$ sudo docker run -t -i ubuntu:14.04 /bin/bash root@af8bae53bdd3:/# § Commands inside a container –root@af8bae53bdd3:/# pwd / –root@af8bae53bdd3:/# ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var 33
  34. 34. Container Orchestration 34 Goal: how do we orchestration billions of containers across perhaps millions of VMs?
  35. 35. Shared resources § All containers share the same set of resources (CPU, RAM, disk, various kernel things…) § Need fair distribution of goods so everyone gets fair share § Need DoS prevention § Need prioritizations –“All animals are equal, but some animals are more equal than others” – George Orwell
  36. 36. Container Orchestration Orchestrate containers to facilitate microservices architecture § Provision containers § Manage container dependencies § Enable discovery § Handle container failure § Scale Containers 36
  37. 37. Which one to choose? 37
  38. 38. Kubernetes § Kubernetes is based on Google’s experience of many years working with Linux containers. § Some abilities: – Mount persistent volumes that allows to move containers without loosing data, – it has load balancer integrated – it uses Etcd for service discovery. § Kubernetes uses a different CLI, different API and different YAML definitions. – cannot use Docker CLI 38
  39. 39. Kubernetes: Pods § Pods: – Pods are groups of containers that are deployed and scheduled together. – A pod will typically include 1 to 5 containers which work together to provide a service. – Kubernetes will run other containers to provide logging and monitoring services. – Pods are treated as ephemeral in Kubernetes; 39
  40. 40. Kubernetes: Services & Replication Controllers § Services – Services are stable endpoints that can be addressed by name. – Services can be connected to pods by using label selectors; for example my “DB” service may connect to several “C*” pods identified by the label selector “type”: “Cassandra”. – The service will automatically round-robin requests between the pods. § Replication Controllers – Replication controllers are used to instantiate pods in Kubernetes – They control and monitor the number of running pods (called replicas) for a service. 40
  41. 41. Kubernetes: Net space and Labels § Flat Networking Space: – Containers within a pod share an IP address, but the address space is “flat” across all pods, • all pods can talk to each other without any Network Address Translation (NAT). – This makes multi-host clusters much more easy to manage, at the cost of not supporting links and making single host (or, more accurately, single pod) networking a little more tricky. – As containers in the same pod share an IP, they can communicate by using ports on the localhost address. § Labels: – Labels are key-value pairs attached to objects in Kubernetes, primarily pods, used to describe identifying characteristics of the object • e.g. version: dev and tier: frontend. – Labels are not normally unique; they are expected to identify groups of containers. – Label selectors can then be used to identify objects or groups of objects, for example all the pods in the frontend tier with environment set to production. 41
  42. 42. Docker Swarm § A native clustering for Docker. § Exposes standard Docker API – meaning that any tool that you used to communicate with Docker (Docker CLI, Docker Compose, Dokku, Krane, and so on) can work equally well with Docker Swarm. § Bound by the limitations of Docker API 42
  43. 43. Docker Swarm: Architecture § Architecture: – each host runs a Swarm agent and one host runs a Swarm manager (on small test clusters this host may also run an agent). – The manager is responsible for the orchestration and scheduling of containers on the hosts. – Swarm can be run in a high-availability mode where one of etcd, Consul or ZooKeeper is used to handle fail-over to a back-up manager. – There are several different methods for how hosts are found and added to a cluster, which is known as discovery in Swarm. • By default, token based discovery is used, where the addresses of hosts are kept in a list stored on the Docker Hub. 43
  44. 44. Mesos § Apache Mesos (https://mesos.apache.org) is an open-source cluster manager. It’s designed to scale to very large clusters involving hundreds or thousands of hosts. – Mesos supports diverse workloads from multiple tenants; one user’s Docker containers may be running next to another user’s Hadoop tasks. § Apache Mesos was started as a project at the University of Berkeley before becoming the underlying infrastructure used to power Twitter and an important tool at many major companies such as eBay and Airbnb. § With Mesos, we can run many frameworks simultaneously: – Marathon and Chronos are the most well known 44
  45. 45. Mesos: Architecture § Mesos Agent Nodes – Responsible for actually running tasks. All agents submit a list of their available resources to the master. – There will typically be 10s to 1000s of agent nodes. § Mesos Master – The master is responsible for sending tasks to the agents. – maintains a list of available resources and makes “offers” of them to frameworks. – decides how many resources to offer based on an allocation strategy. There will typically be 2 or 4 stand-by masters ready to take over in case of a failure. § ZooKeeper – Used in elections and for looking up address of current master. – Typically 3 or 5 ZooKeeper instances will be running to ensure availability and handle failures. 45
  46. 46. Mesos with Marathon: Architecture § Frameworks – Frameworks co-ordinate with the master to schedule tasks onto agent nodes. Frameworks are composed of: – executor process which runs on the agents and takes care of running the tasks – scheduler which registers with the master and selects which resources to use based on offers from the master. – There may be multiple frameworks running on a Mesos cluster for different kinds of task. Users wishing to submit jobs interact with frameworks rather than directly with Mesos. § Marathon is designed to start, monitor and scale long-running applications. – Marathon is designed to be flexible about the applications it launches, • It can even be used to start other complementary frameworks such Chronos (“cron” for the datacenter). – It makes a good choice of framework for running Docker containers, which are directly supported in Marathon. – Marathon supports various affinity and constraint rules. – Clients interact with Marathon through a REST API. – Other features include support for health checks and an event stream that can be used to integrate with load-balancers or for analyzing metrics. 46
  47. 47. Conclusion? There are three types of lies: "Lies, damned lies, and benchmarks” 47
  48. 48. Background Docker info 48
  49. 49. Terminology - Image § Persisted snapshot that can be run images: List all local images run: Create a container from an image and execute a command in it tag: Tag an image pull: Download image from repository rmi: Delete a local image • This will also remove intermediate images if no longer used 49
  50. 50. Terminology - Container § Runnable instance of an image ps: List all running containers ps –a: List all containers (incl. stopped) top: Display processes of a container start: Start a stopped container stop: Stop a running container pause: Pause all processes within a container rm: Delete a container commit: Create an image from a container 50
  51. 51. Daemon Container 51 § Open Terminal in container: –docker run –it ubuntu /bin/bash § Make any modification § We can create a new image with the modifications: –Docker commit [containerId] [image] • Image: e.g. mytest/test1:1.0 § Run as deamon: docker run –d [image] command –docker logs [-f] [containerId]
  52. 52. Dockerfile § Docker can build images automatically by reading the instructions from a Dockerfile. – Dockerfile: text document that contains all the commands a user could call on the command line to assemble an image. – Using docker build a user can create an automated build that executes several command-line instructions in succession. – Command: $ docker build -f /path/to/a/Dockerfile . § Can be versioned in a version control system like Git or SVN, along with all dependencies § Docker Hub can automatically build images based on dockerfiles on Github 52
  53. 53. Docker Hub § Public repository of Docker images –https://hub.docker.com/ –docker search [term] § Automated: Has been automatically built from Dockerfile –Source for build is available on GitHub 53
  54. 54. References and Acknowledgements § Some images have been borrowed from: : http://scm.zoomquiet.io/data/20131004215734/index.html § Docker Engine and Docker Hub: http://blog.docker.com/category/registry-2/ § Microservices: http://martinfowler.com/articles/microservices.html § Swarm vs Fleet vs Kubernetes vs Mesos: https://www.oreilly.com/ideas/swarm-v- fleet-v-kubernetes-v-mesos § There are more public information that have been used… 54

×