GIDS 2020 - Unpacking the Container

•

0 likes•519 views

Containers have become integral to every phase in the lifecycle of application development. Production grade orchestration tools such as Kubernetes have been built to manage them and container platforms like Docker are becoming commonplace in both testing and development. Web tutorials on how to build and manage simple Docker images abound! But what are containers exactly and why have they become so essential to the DevOps ecosystem? This talk is for those curious minds who want to look below the surface and really understand the mechanics of a technique that has actually been around longer than you may think. Where did Docker come from? What about other projects in the container ecosystem - are there alternatives? What does a Docker image actually look like on the filesystem? How do Docker image layers work? What are cgroups? How are system resources allocated and managed and are there any gotchas that you should be aware of? What about security? How can JFrog Container Registry help me manage my Docker images? After this talk, you will have a solid understanding of the what, how & why of virtualized container technology.

Technology

MELISSA MCKAY
Developer Advocate @JFrog
@melissajmckay
4

THE AGENDA
• Brief History
• The Container Market
• What is Docker?
• What is a Container?
• A few Container Gotchas
• Managing Images with JFrog Artifactory
5

7
SHARING LIMITED RESOURCES
1979 / 1982- chroot

8
PROGRESS TOWARD VIRTUALIZATION
▪ 2000 - FreeBSD jail
▪ 2004 - Solaris Zones / snapshots
▪ 2006 - Google Process Containers / cgroups
▪ 2008 - IBM LinuX Containers (LXC)
▪ 2013 - Docker (open source!)
- Google LMCTFY (open source!)
▪ 2014 - Docker trades LXC for libcontainer
▪ … more stuﬀ happened
▪ June 2015 - Open Container Project/Initiative (OCI)
○ Runtime Speciﬁcation (runtime-spec)
○ Image Speciﬁcation (image-spec)
▪ … even more stuﬀ happened and is still happening!

THE CONTAINER MARKET (according to Sysdig)
9
2017 - 45,000 Containers, 99% Docker
2018 - 90,000 Containers
Fig. 1. 2018 Container Runtimes from: "2018 Docker usage report," 29 May. 2018, sysdig.com/blog/2018-docker-usage-report/. Accessed 10 Jun. 2020.

THE CONTAINER MARKET
10
2019 - 2 million Containers
(includes both SaaS & on prem users)
Fig. 2. 2019 Container Runtimes from: "Sysdig 2019 Container Usage Report: New Kubernetes and security insights," 29 Oct. 2019,
sysdig.com/blog/sysdig-2019-container-usage-report/. Accessed 10 Jun. 2020.

12
WHAT DO WE ACTUALLY NEED/WANT?
• An isolated environment where a user/application can operate, sharing the
host system’s OS/kernel without interfering with the operation of another
isolated environment on the same system (a container)
• A way to deﬁne a container (an image format)
• A way to build an image of a container
• A way to manage container images
• A way to distribute/share container images
• A way to create a container environment
• A way to launch/run a container (a container runtime)
• A way to manage the lifecycle of container instances

DOCKER, THE WHOLE PACKAGE
13
DOCKER ENGINE
DOCKER IMAGE FORMAT
Dockerﬁle docker build
docker images
docker rm
docker push
docker pull
DOCKER HUB
docker run
docker stop
docker ps

BREAKING UP THE MONOLITH
14
OCI CONTAINER RUNTIME
OCI IMAGE FORMAT
• Docker V2 Image Spec
• runC (which used to be libcontainer... which was
written by Docker)
OTHERS - containerd, rkt, cri-o, Kata, etc...
https://lwn.net/Articles/741897/
https://www.ianlewis.org/en/container-runtimes-part-1-introduction-container-r

CONTAINER COMPONENTS
16
TARBALL OF A FILESYSTEM
LINUX FEATURES
• namespaces
• cgroups
• Union File systems
Mix these together to create and run a container! Voila!
https://docs.docker.com/get-started/overview/

FILESYSTEM DETAILS
17
...
...
NOTE: On OSX, containers will actually be running in a tiny Linux VM (use screen)
screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty
screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty

26
DON’T FORGET!
https://bit.ly/GIDS2020Mckay

THANK YOU!
Melissa McKay
@melissajmckay
http://jfrog.com/shownotes

What's hot

Kubernetes IntroductionMiloš Zubal

Building CLI Applications with GolangAnshul Patel

Knowit study group örnsköldsvik - introduction to qt & qt creatorMathias Westin

Start your container journey safelyRachid Zarouali

Dockertjuniversity

Puppet managed loadaysYankee Nemoy

containerd and CRIDocker, Inc.

Container images for OpenShiftFrederic Giloux

Docker Container Checkpoint and Restore with CRIUSaied Kazemi

An Introduction To DockerJames fraser

DockerSerzh Nechyporchuk

Dockersubbul

Introduction to Docker - Getting Started with DockerAiyana Shukla

Docker introductionMarcelo Ochoa

JOSA TechTalks - Docker in ProductionJordan Open Source Association

Docker session II: Introduction to DockerDegendra Sivakoti

Docker presentationthehoagie

QtDD13 - Qt Creator plugins - Tobias Hunger Robert-Emmanuel Mayssat

Docker cloudRafael Salerno de Oliveira

Academy PRO: Docker. Lecture 1Binary Studio

What's hot (20)

Kubernetes Introduction

Building CLI Applications with Golang

Knowit study group örnsköldsvik - introduction to qt & qt creator

Start your container journey safely

Docker

Puppet managed loadays

containerd and CRI

Container images for OpenShift

Docker Container Checkpoint and Restore with CRIU

An Introduction To Docker

Docker

Introduction to Docker - Getting Started with Docker

Docker introduction

JOSA TechTalks - Docker in Production

Docker session II: Introduction to Docker

Docker presentation

QtDD13 - Qt Creator plugins - Tobias Hunger

Docker cloud

Academy PRO: Docker. Lecture 1

Similar to GIDS 2020 - Unpacking the Container

What is Docker and why is it so hot?Jochen Zehnder

Dockerize the Worlddamovsky

Dockerize the World - presentation from Hradec Kralovedamovsky

Docker 2014Open Networking Perú (Opennetsoft)

Docker.pptAjit Mali

presentation on DockerVirendra Ruhela

Docker - From Walking To RunningGiacomo Vacca

2014, April 15, Atlanta Java Users GroupTodd Fritz

bol.com Dutch Container Day presentationMaarten Dirkse

Docker London Meetup: Docker Engine EvolutionPhil Estes

Pod Sandbox workflow creation from DockershimVictor Morales

[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...Akihiro Suda

The relationship between Docker, Kubernetes and CRIHungWei Chiu

Containerization using docker and its applicationsPuneet Kumar Bhatia (MBA, ITIL V3 Certified)

Docker in pratice -chenyifeidotCloud

HLayer / Docker and its ecosystemAymen EL Amri

Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesPhil Estes

Docker in a big companyDocker, Inc.

Docker for the new Era: Introducing Docker,its components and toolsRamit Surana

Similar to GIDS 2020 - Unpacking the Container (20)

What is Docker and why is it so hot?

Dockerize the World

Dockerize the World - presentation from Hradec Kralove

Docker 2014

Docker.ppt

presentation on Docker

Docker - From Walking To Running

2014, April 15, Atlanta Java Users Group

bol.com Dutch Container Day presentation

Docker London Meetup: Docker Engine Evolution

Pod Sandbox workflow creation from Dockershim

[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...

The relationship between Docker, Kubernetes and CRI

Containerization using docker and its applications

Docker in pratice -chenyifei

HLayer / Docker and its ecosystem

Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes

Docker in a big company

Docker for the new Era: Introducing Docker,its components and tools

Recently uploaded

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal

Developing An App To Navigate The Roads of BrazilV3cube

CNv6 Instructor Chapter 6 Quality of Servicegiselly40

2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong

🐬 The future of MySQL is Postgres 🐘RTylerCroy

Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi

Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies

[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745

The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad

Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer

08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls

Histor y of HAM Radio presentation slidevu2urc

From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software

Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC

Salesforce Community Group Quito, Salesforce 101Paola De la Torre

Automating Google Workspace (GWS) & more with Apps Scriptwesley chun

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung

Scaling API-first – The story of a global engineering organizationRadu Cotescu

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j

Recently uploaded (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service

Developing An App To Navigate The Roads of Brazil

CNv6 Instructor Chapter 6 Quality of Service

2024: Domino Containers - The Next Step. News from the Domino Container commu...

🐬 The future of MySQL is Postgres 🐘

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Factors to Consider When Choosing Accounts Payable Services Providers.pptx

[2024]Digital Global Overview Report 2024 Meltwater.pdf

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Axa Assurance Maroc - Insurer Innovation Award 2024

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Histor y of HAM Radio presentation slide

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Breaking the Kubernetes Kill Chain: Host Path Mount

Salesforce Community Group Quito, Salesforce 101

Automating Google Workspace (GWS) & more with Apps Script

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Scaling API-first – The story of a global engineering organization

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

GIDS 2020 - Unpacking the Container

1. UNPACKING THE CONTAINER A Deep Dive into Virtual Container Technology Melissa McKay @melissajmckay http://jfrog.com/shownotes

2. 3 THE SWAG https://bit.ly/GIDS2020Mckay

3. MELISSA MCKAY Developer Advocate @JFrog @melissajmckay 4

4. THE AGENDA • Brief History • The Container Market • What is Docker? • What is a Container? • A few Container Gotchas • Managing Images with JFrog Artifactory 5

5. ALL ABOUT . . . CONTAINERS 6

6. 7 SHARING LIMITED RESOURCES 1979 / 1982- chroot

7. 8 PROGRESS TOWARD VIRTUALIZATION ▪ 2000 - FreeBSD jail ▪ 2004 - Solaris Zones / snapshots ▪ 2006 - Google Process Containers / cgroups ▪ 2008 - IBM LinuX Containers (LXC) ▪ 2013 - Docker (open source!) - Google LMCTFY (open source!) ▪ 2014 - Docker trades LXC for libcontainer ▪ … more stuff happened ▪ June 2015 - Open Container Project/Initiative (OCI) ○ Runtime Specification (runtime-spec) ○ Image Specification (image-spec) ▪ … even more stuff happened and is still happening!

8. THE CONTAINER MARKET (according to Sysdig) 9 2017 - 45,000 Containers, 99% Docker 2018 - 90,000 Containers Fig. 1. 2018 Container Runtimes from: "2018 Docker usage report," 29 May. 2018, sysdig.com/blog/2018-docker-usage-report/. Accessed 10 Jun. 2020.

9. THE CONTAINER MARKET 10 2019 - 2 million Containers (includes both SaaS & on prem users) Fig. 2. 2019 Container Runtimes from: "Sysdig 2019 Container Usage Report: New Kubernetes and security insights," 29 Oct. 2019, sysdig.com/blog/sysdig-2019-container-usage-report/. Accessed 10 Jun. 2020.

10. WHAT EXACTLY IS DOCKER? 11

11. 12 WHAT DO WE ACTUALLY NEED/WANT? • An isolated environment where a user/application can operate, sharing the host system’s OS/kernel without interfering with the operation of another isolated environment on the same system (a container) • A way to deﬁne a container (an image format) • A way to build an image of a container • A way to manage container images • A way to distribute/share container images • A way to create a container environment • A way to launch/run a container (a container runtime) • A way to manage the lifecycle of container instances

12. DOCKER, THE WHOLE PACKAGE 13 DOCKER ENGINE DOCKER IMAGE FORMAT Dockerﬁle docker build docker images docker rm docker push docker pull DOCKER HUB docker run docker stop docker ps

13. BREAKING UP THE MONOLITH 14 OCI CONTAINER RUNTIME OCI IMAGE FORMAT • Docker V2 Image Spec • runC (which used to be libcontainer... which was written by Docker) OTHERS - containerd, rkt, cri-o, Kata, etc... https://lwn.net/Articles/741897/ https://www.ianlewis.org/en/container-runtimes-part-1-introduction-container-r

14. WHAT EXACTLY IS A CONTAINER? 15

15. CONTAINER COMPONENTS 16 TARBALL OF A FILESYSTEM LINUX FEATURES • namespaces • cgroups • Union File systems Mix these together to create and run a container! Voila! https://docs.docker.com/get-started/overview/

16. FILESYSTEM DETAILS 17 ... ... NOTE: On OSX, containers will actually be running in a tiny Linux VM (use screen) screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty

17. FILESYSTEM DETAILS 18 ... ...

18. FILESYSTEM DETAILS 19

19. A FEW CONTAINER GOTCHAS 20

20. CONTAINER GOTCHAS - RUNNING AS ROOT 21

21. CONTAINER GOTCHAS - NO CONSTRAINTS 22

22. CONTAINER GOTCHAS - NEVER UPDATING 23

23. MANAGING YOUR IMAGES - ARTIFACTORY 24

24. MANAGING YOUR IMAGES - XRAY 25

25. 26 DON’T FORGET! https://bit.ly/GIDS2020Mckay

26. THANK YOU! Melissa McKay @melissajmckay http://jfrog.com/shownotes