Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Containers & CaaS

1,021 views

Published on

Why containers are so hot right now ?
What's the nature of containers technology ?
Fight for specification and ecosystem

Published in: Technology
  • Be the first to comment

Containers & CaaS

  1. 1. Who am I? Yujie Du About: https://about.me/Yujie.Du
 Twitter: @ben_duyujie Email: duyujie.dyj@gmail.com Linkedin: https://www.linkedin.com/in/duyujie Download: https://www.slideshare.net/ben_duyujie/containers-caas/
  2. 2. One company has certainly found growth by injecting software into its industry. source: http://thenewstack.io/uber-netflix-and-the-dreams-of-devops-and-microservices/ 5 Uber's rumored net revenue 2013 2014 2015 2000 400 108 Since 2000, 52% of the Fortune 500 are no longer on the list. The pace of change has increased.
  3. 3. Docker will play a central role for every player in that market. Private Hybrid Public IT Pros DeploymentPackaging Architects Developers Docker is also the contract between Developers and Operations. Developers and Operations often have very different attitudes when it comes to choosing tools and environments.
  4. 4. IT Pros DeploymentPackaging Architects Developers Waterfall Agile DevOps Monolithic N-Tier Microservices Datacenter Hosted Cloud Physical Servers Virtual Servers Containers Cloud Native Application
  5. 5. Figure from M. Schwarzkopf, “Operating system support for warehouse-scale computing”, PhD thesis, University of Cambridge, 2015 (to appear). Details & Bibliography: http://malteschwarzkopf.de/research/assets/google-stack.pdf
  6. 6. Retail Finance Media Transportation App Container
  7. 7. App Dev “Monolithic” Systems Management 1 VMware Microsoft Linux Hardware App Dev “Cloud-native” Systems Management 2 OpenStack Cloud Foundry AWS etc. Hardware Systems Management 3 Docker Mesos CoreOS Kubernetes etc. Hardware Plain old virtualization Cloud, public and private Management tools always(?) change What runs everything, most of attention is here Hardware no longer eating the world - cheaper, faster Shift from web, to web + mobile A single API for managing applications on 4 infrastructures
  8. 8. Physical Processor Virtual Processor Operating System Libraries User Code Private Copy Shared Virtual Machines Physical Processor Virtual Processor Operating System Libraries User Code Containers ISA syscall Containers: less overhead, enable more “magic” Sandboxing(chroot jails) Various projects... chroot (1979) jail Linux-VServer OpenVZ ... Linux container(chroot + OS isolation) brought into the kernel... namespaces cgroups SELinux AppArmor btrs/aufs/ device mapper/etc ... Docker (LXC + packaging) and packaged up. systemd-nspawn LXC lmctfy libvirt-lxc Docker / libcontainer rkt / appc ... Containers are isolated, portable environments where you can run applications along with all the libraries and dependencies they need.
  9. 9. User request Linux Kernel hardware shell Application Each user has a home directory and process directory Run in memory
  10. 10. A paradigm shift for the O/S : Redefines “Kernel Space” & “User Space” Better fit for distributed computing
  11. 11. Who built this image? What’s its purpose? Was it created to support a demo? Is it safe to consume? Who maintains it? RED HAT CERTIFIED Trusted source for the host and the containers
 Trusted content inside the container with security Dxes available as part of an enterprise lifecycle Portability across hosts HW HostOS Containers Certify
  12. 12. Process A fork() Process A continues Process B execev() exit() wait() ZOMBIE SIGCHLD clean up Child - new PID executes a different program ! Parent - original PID Reference: http://www.lynx.com/the-fork-call-posix-processes-and-parent-child-relationships 1. Docker Daemon process fork exec dockerinit ENTRYPOINT CMD (your application) 2. 3. new namespaces init namespaces the only process (same PID) cgroups applied Docker Container process process process process Docker Container is born just by syscall fork and exec a process 1.
  13. 13. CGROUPS NAMESPACES IMAGES DOCKER CONTAINER • Kernel Feature • Groups of Processes • Control Resource Allocation • CPU, CPU Sets • Memory • Disk • Block I/O • Not a File System • Not a VHD • Basically a tar file • Has a Hierarchy • Arbitrary Depth • Fits into Docker Registry • The real magic behind containers • It creates barriers between processes • Different Namespaces • PID Namespace • Net Namespace • IPC Namespace • MNT Namespace • Linux Kernel Namespace introduced between kernel 2.6.15 – 2.6.26 docker run lxc-start
  14. 14. Open Container Initiative+ =
  15. 15. ACS ACS ACI ID Signed Encrypted Archive Manifest Rootfs veth ipvlan macvlan raw dev FS Volume Environment Logging Isolators Capabilities Linux Isolators Resource Isolators block network cpu memory Runtime Env Pods UUID Manifest Executor Image Discovery Simple Discovery Meta Discovery Network loopback ip overlay DM cgroup Application Containers “An application container is a way of packaging and executing processes on a computer system that isolates the application from the underlying host operating system” https://github.com/appc/spec, 2015.
  16. 16. CNM & CNI Libnetwork: Docker 1.7 Container Network Model,CNM AppC Container Network Interface,CNI
  17. 17. https://www.ibm.com/developerworks/community/blogs/1ba56fe3-efad-432f-a1ab-58ba3910b073/entry/thoughts_on_future_of_resource_managers_and_schedulers_in_the_cloud?lang=en IaaSCapacity (VM, Storage…) PaaSApp (code) CaaSApp container
  18. 18. CNCF & OCI Application definition and orchestration Resource scheduling Distributed system services Container Runtime agent Container registry Container repositoryComputing node OS Software define network Software define storage Infrastructure provisioning Out of scope Api specification OCI and specification Reference implementation OCI api spec . .….N
  19. 19. http://stackalytics.com/ Docker Kubernetes
  20. 20. The End~

×