More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Building a Virtualized Continuum with Intel(r) Clear Containers
Similar to Building a Virtualized Continuum with Intel(r) Clear Containers (20)
More from Michelle Holley
More from Michelle Holley (20)
Recently uploaded
Recently uploaded (20)
Building a Virtualized Continuum with Intel(r) Clear Containers
- 1. Manohar Castelino Amy Leeland Intel Open Source Technology Center
- 2. Containersare... Speedy Quick creation, update, and uninstall cycle Request and provision in milliseconds Manageable Containers take the complexity out of bundling, distributing and installing applications Easy Simple and easy to use and maintain Secure? What about security and isolation? Can a container include hardware isolation like a Virtual Machine? 2
- 3. Theword“Container”isusedfordifferentthings Containers = Linux* Kernel Containers 3 App Containers Packaging Deployment Linux* Kernel Containers Resource Allocation Isolation + *Other names and brands may be claimed as the property of others.
- 4. Server hardware Linux* Kernel Container A Container CContainer B Middleware App App App Middleware Middleware 4*Other names and brands may be claimed as the property of others.
- 6. Server hardware Linux* Kernel Container A Container CContainer B Middleware App App App Middleware Middleware *Other names and brands may be claimed as the property of others. 6
- 8. Server hardware Linux Kernel Container A Middleware (A) App Intel® VT-x Linux* Kernel (A) Container B Middleware (de-duplicate of A) App Linux Kernel (de-duplicate of A) Container C Middleware (C) App Linux Kernel (C) Intel® VT-x Intel® VT-x Intel®ClearContainersandIntel®VirtualizationTechnology (Intel®VT-x) 8*Other names and brands may be claimed as the property of others.
- 9. ClearContainers,CreateacontinuumbetweencontainersandVMs Before Intel® Clear Containers “Hot”“Old & Stale” Intel® Clear Container with Intel® Virtualization Technology (Intel® VTx) Container Technology After Intel Clear Container 9*Other names and brands may be claimed as the property of others. The nominative use of third party logos serves only the purposes of description and identification. * *
- 11. Intel®ClearContainersAreintegratedwithintheecosystem 1.12.1 Switchable runtime in Docker 2.1 Intel® Clear Containers 2.1 Available on GitHub* and clearlinux.org 11*Other names and brands may be claimed as the property of others. The nominative use of third party logos serves only the purposes of description and identification. 1.5 CRI compatible runtime Rkt* 1.0 AppC compatible runtime
- 13. 13 UpstreamandDownstreamProliferation Goals *Other names and brands may be claimed as the property of others. The nominative use of third party logos serves only the purposes of description and identification. CNI CNM ISV’s + Integrators * *
- 15. Traditional Intel Clear Containers rootfs QEMU* Intel® ClearContainersvstraditionalVMs KVM* Kernel <v4.0 Kernel Clear Linux rootfs QEMU-lite KVM* Kernel >=v4.0 Clear Linux kernel QEMU-lite is optimized for size and speed. We use a recent KVM, it is optimized for memory sharing (KSM) and boot speed. The Clear Linux kernel is optimized for container boot performance. The Clear Linux user space is optimized for further container boot. StandardDistro CCMini-OS HostClient/Container Optimizations 15*Other names and brands may be claimed as the property of others. Host
- 16. Intel® ClearContainersArchitecture–Docker* 16*Other names and brands may be claimed as the property of others.
- 17. Intel® ClearContainersaddsanewruntimeforDocker* Intel Clear Containers provide a plugin replacement of runc with cor, our OCI runtime. 17*Other names and brands may be claimed as the property of others. The nominative use of third party logos serves only the purposes of description and identification. dockerd -D --add-runtime cor=/usr/bin/cc-oci-runtime --default-runtime=runc
- 18. cc-proxy hyperstart cc-oci-runtime cc- shim VM I/O CTL containerd- shim Container workload 9pfs containerd Docker* Engine *Other names and brands may be claimed as the property of others.
- 19. Intel® ClearContainersaddanewruntimefor Kubernetes* 19*Other names and brands may be claimed as the property of others.
- 20. Kubernetes* Master CRI-O/ocid cc-oci-runtime Kubelet* Kube- runtime Kubernetes Node Virtual Machine hyperstart Ctr 1 Ctr 2 Pod Ctr 3 *Other names and brands may be claimed as the property of others.
- 21. Intel® ClearContainersNetworking 21*Other names and brands may be claimed as the property of others.
- 22. 22 VM workload Pod QEMU T A P Docker Bridge Clear Containers Bridge veth pair Container networking namespaceHost networking namespace
- 24. 24 Docker Swarm – Networking - Demo
- 25. ClearContainers–Quickstart - Clear Containers can be run within privileged Docker* containers - Images available with Fedora*, Ubuntu*, and Clear Linux as the host OS - https://hub.docker.com/u/clearcontainers/ - Trying out the images: sudo docker run -it --privileged clearcontainers/clearlinux docker run -it debian 25*Other names and brands may be claimed as the property of others.
- 26. ClearContainers–Installing onfedora* dnf install cc-oci-runtime linux-container - Configure clear containers to be the default runtime: ExecStart=/usr/bin/dockerd --add-runtime cor=/usr/bin/cc-oci-runtime -- default-runtime=cor https://github.com/01org/cc-oci-runtime/wiki/Installing-Clear-Containers-on-Fedora-25 26*Other names and brands may be claimed as the property of others.
- 27. ClearContainers:GetInvolved Start Here! • https://clearlinux.org/containers Check us out on GitHub*! Join the conversation! • https://github.com/clearcontainers • IRC: #clear-containers on Freenode* • Mailing list: https://lists.01.org/mailman/listinfo/cc-devel 27*Other names and brands may be claimed as the property of others.
- 28. 28 Legalnoticesanddisclaimers Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/performance. Intel, the Intel logo and others are trademarks of Intel Corporation in the U.S. and/or other countries. The nominative use of third party logos serves only the purposes of description and identification. *Other names and brands may be claimed as the property of others. © 2016 Intel Corporation.