Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Building a Virtualized Continuum with Intel(r) Clear Containers

297 views

Published on

Learn more about Intel(r) Clear Containers
Authors: Amy Leeland, Manohar Castelino

Published in: Software
  • Be the first to comment

  • Be the first to like this

Building a Virtualized Continuum with Intel(r) Clear Containers

  1. 1. Manohar Castelino Amy Leeland Intel Open Source Technology Center
  2. 2. Containersare... Speedy Quick creation, update, and uninstall cycle Request and provision in milliseconds Manageable Containers take the complexity out of bundling, distributing and installing applications Easy Simple and easy to use and maintain Secure? What about security and isolation? Can a container include hardware isolation like a Virtual Machine? 2
  3. 3. Theword“Container”isusedfordifferentthings Containers = Linux* Kernel Containers 3 App Containers Packaging Deployment Linux* Kernel Containers Resource Allocation Isolation + *Other names and brands may be claimed as the property of others.
  4. 4. Server hardware Linux* Kernel Container A Container CContainer B Middleware App App App Middleware Middleware 4*Other names and brands may be claimed as the property of others.
  5. 5. WhilethereareManybenefitsto containerstherearestillsecurity concerns
  6. 6. Server hardware Linux* Kernel Container A Container CContainer B Middleware App App App Middleware Middleware *Other names and brands may be claimed as the property of others. 6
  7. 7. Intel®clearcontainers http://www.clearlinux.org/containers
  8. 8. Server hardware Linux Kernel Container A Middleware (A) App Intel® VT-x Linux* Kernel (A) Container B Middleware (de-duplicate of A) App Linux Kernel (de-duplicate of A) Container C Middleware (C) App Linux Kernel (C) Intel® VT-x Intel® VT-x Intel®ClearContainersandIntel®VirtualizationTechnology (Intel®VT-x) 8*Other names and brands may be claimed as the property of others.
  9. 9. ClearContainers,CreateacontinuumbetweencontainersandVMs Before Intel® Clear Containers “Hot”“Old & Stale” Intel® Clear Container with Intel® Virtualization Technology (Intel® VTx) Container Technology After Intel Clear Container 9*Other names and brands may be claimed as the property of others. The nominative use of third party logos serves only the purposes of description and identification. * *
  10. 10. Industryengagement https://github.com/clearcontainers
  11. 11. Intel®ClearContainersAreintegratedwithintheecosystem 1.12.1 Switchable runtime in Docker 2.1 Intel® Clear Containers 2.1 Available on GitHub* and clearlinux.org 11*Other names and brands may be claimed as the property of others. The nominative use of third party logos serves only the purposes of description and identification. 1.5 CRI compatible runtime Rkt* 1.0 AppC compatible runtime
  12. 12. Intel®ClearContainersarepackagedformultipleLinux* distributions 12 * * * *
  13. 13. 13 UpstreamandDownstreamProliferation Goals *Other names and brands may be claimed as the property of others. The nominative use of third party logos serves only the purposes of description and identification. CNI CNM ISV’s + Integrators * *
  14. 14. Howwemadethemsmallerandfaster 14
  15. 15. Traditional Intel Clear Containers rootfs QEMU* Intel® ClearContainersvstraditionalVMs KVM* Kernel <v4.0 Kernel Clear Linux rootfs QEMU-lite KVM* Kernel >=v4.0 Clear Linux kernel QEMU-lite is optimized for size and speed. We use a recent KVM, it is optimized for memory sharing (KSM) and boot speed. The Clear Linux kernel is optimized for container boot performance. The Clear Linux user space is optimized for further container boot. StandardDistro CCMini-OS HostClient/Container Optimizations 15*Other names and brands may be claimed as the property of others. Host
  16. 16. Intel® ClearContainersArchitecture–Docker* 16*Other names and brands may be claimed as the property of others.
  17. 17. Intel® ClearContainersaddsanewruntimeforDocker* Intel Clear Containers provide a plugin replacement of runc with cor, our OCI runtime. 17*Other names and brands may be claimed as the property of others. The nominative use of third party logos serves only the purposes of description and identification. dockerd -D --add-runtime cor=/usr/bin/cc-oci-runtime --default-runtime=runc
  18. 18. cc-proxy hyperstart cc-oci-runtime cc- shim VM I/O CTL containerd- shim Container workload 9pfs containerd Docker* Engine *Other names and brands may be claimed as the property of others.
  19. 19. Intel® ClearContainersaddanewruntimefor Kubernetes* 19*Other names and brands may be claimed as the property of others.
  20. 20. Kubernetes* Master CRI-O/ocid cc-oci-runtime Kubelet* Kube- runtime Kubernetes Node Virtual Machine hyperstart Ctr 1 Ctr 2 Pod Ctr 3 *Other names and brands may be claimed as the property of others.
  21. 21. Intel® ClearContainersNetworking 21*Other names and brands may be claimed as the property of others.
  22. 22. 22 VM workload Pod QEMU T A P Docker Bridge Clear Containers Bridge veth pair Container networking namespaceHost networking namespace
  23. 23. HANDSON https://github.com/clearcontainers
  24. 24. 24 Docker Swarm – Networking - Demo
  25. 25. ClearContainers–Quickstart - Clear Containers can be run within privileged Docker* containers - Images available with Fedora*, Ubuntu*, and Clear Linux as the host OS - https://hub.docker.com/u/clearcontainers/ - Trying out the images: sudo docker run -it --privileged clearcontainers/clearlinux docker run -it debian 25*Other names and brands may be claimed as the property of others.
  26. 26. ClearContainers–Installing onfedora* dnf install cc-oci-runtime linux-container - Configure clear containers to be the default runtime: ExecStart=/usr/bin/dockerd --add-runtime cor=/usr/bin/cc-oci-runtime -- default-runtime=cor https://github.com/01org/cc-oci-runtime/wiki/Installing-Clear-Containers-on-Fedora-25 26*Other names and brands may be claimed as the property of others.
  27. 27. ClearContainers:GetInvolved Start Here! • https://clearlinux.org/containers Check us out on GitHub*! Join the conversation! • https://github.com/clearcontainers • IRC: #clear-containers on Freenode* • Mailing list: https://lists.01.org/mailman/listinfo/cc-devel 27*Other names and brands may be claimed as the property of others.
  28. 28. 28 Legalnoticesanddisclaimers Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/performance. Intel, the Intel logo and others are trademarks of Intel Corporation in the U.S. and/or other countries. The nominative use of third party logos serves only the purposes of description and identification. *Other names and brands may be claimed as the property of others. © 2016 Intel Corporation.

×