Containers have become integral to every phase in the lifecycle of application development. Production grade orchestration tools such as Kubernetes have been built to manage them and container platforms like Docker are becoming commonplace in both testing and development. Web tutorials on how to build and manage simple Docker images abound! But what are containers exactly and why have they become so essential to the DevOps ecosystem? This talk is for those curious minds who want to look below the surface and really understand the mechanics of a technique that has actually been around longer than you may think. Where did Docker come from? What about other projects in the container ecosystem - are there alternatives? What does a Docker image actually look like on the filesystem? How do Docker image layers work? What are cgroups? How are system resources allocated and managed and are there any gotchas that you should be aware of? What about security? How can JFrog Container Registry help me manage my Docker images? After this talk, you will have a solid understanding of the what, how & why of virtualized container technology.
4. THE AGENDA
• Brief History
• The Container Market
• What is Docker?
• What is a Container?
• A few Container Gotchas
• Managing Images with JFrog Artifactory
5
11. 12
WHAT DO WE ACTUALLY NEED/WANT?
• An isolated environment where a user/application can operate, sharing the
host system’s OS/kernel without interfering with the operation of another
isolated environment on the same system (a container)
• A way to define a container (an image format)
• A way to build an image of a container
• A way to manage container images
• A way to distribute/share container images
• A way to create a container environment
• A way to launch/run a container (a container runtime)
• A way to manage the lifecycle of container instances
12. DOCKER, THE WHOLE PACKAGE
13
DOCKER ENGINE
DOCKER IMAGE FORMAT
Dockerfile docker build
docker images
docker rm
docker push
docker pull
DOCKER HUB
docker run
docker stop
docker ps
13. BREAKING UP THE MONOLITH
14
OCI CONTAINER RUNTIME
OCI IMAGE FORMAT
• Docker V2 Image Spec
• runC (which used to be libcontainer... which was
written by Docker)
OTHERS - containerd, rkt, cri-o, Kata, etc...
https://lwn.net/Articles/741897/
https://www.ianlewis.org/en/container-runtimes-part-1-introduction-container-r
15. CONTAINER COMPONENTS
16
TARBALL OF A FILESYSTEM
LINUX FEATURES
• namespaces
• cgroups
• Union File systems
Mix these together to create and run a container! Voila!
https://docs.docker.com/get-started/overview/
16. FILESYSTEM DETAILS
17
...
...
NOTE: On OSX, containers will actually be running in a tiny Linux VM (use screen)
screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty
screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty