This document discusses containers and related technologies: 1. Containers provide isolated, portable environments for running applications and their dependencies. Docker is a popular container platform that packages applications into containers using Linux kernel features like namespaces and cgroups. 2. The Open Container Initiative (OCI) aims to develop standards around container formats and runtime. Technologies like Docker, rkt, and AppC implement the OCI specifications. 3. Container orchestration systems like Kubernetes and Mesos manage the deployment and lifecycles of containers at scale across clusters of hosts.

2. Who am I?
Yujie Du
About: https://about.me/Yujie.Du
Twitter: @ben_duyujie
Email: duyujie.dyj@gmail.com
Linkedin: https://www.linkedin.com/in/duyujie
Download: https://www.slideshare.net/ben_duyujie/containers-caas/

5. One company has certainly found growth by
injecting software into its industry.
source: http://thenewstack.io/uber-netflix-and-the-dreams-of-devops-and-microservices/
5
Uber's rumored net revenue
2013 2014 2015
2000
400
108
Since 2000, 52% of the Fortune
500 are no longer on the list.
The pace of change has increased.

6. Docker will play a central role for every player in that market.
Private Hybrid Public
IT Pros DeploymentPackaging Architects Developers
Docker is also the contract between Developers and Operations. Developers and Operations often have very different attitudes when it comes to choosing tools and environments.

7. IT Pros DeploymentPackaging Architects Developers
Waterfall
Agile
DevOps
Monolithic
N-Tier
Microservices
Datacenter
Hosted
Cloud
Physical Servers
Virtual Servers
Containers
Cloud Native Application

8. Figure from M. Schwarzkopf, “Operating system support for warehouse-scale computing”, PhD thesis, University of Cambridge, 2015 (to appear).
Details & Bibliography: http://malteschwarzkopf.de/research/assets/google-stack.pdf

9. Retail Finance Media Transportation App
Container

10. App Dev
“Monolithic”
Systems Management 1
VMware
Microsoft
Linux
Hardware
App Dev
“Cloud-native”
Systems Management 2
OpenStack
Cloud Foundry
AWS
etc.
Hardware
Systems Management 3
Docker
Mesos
CoreOS
Kubernetes etc.
Hardware
Plain old virtualization Cloud, public and private
Management tools
always(?) change
What runs
everything, most of
attention is here
Hardware no longer
eating the world -
cheaper, faster
Shift from web, to
web + mobile
A single API for managing applications on 4 infrastructures

12. Physical Processor
Virtual Processor
Operating System
Libraries
User Code Private
Copy
Shared
Virtual Machines
Physical Processor
Virtual Processor
Operating System
Libraries
User Code
Containers
ISA
syscall
Containers: less overhead, enable more “magic”
Sandboxing(chroot jails)
Various projects... chroot (1979) jail
Linux-VServer OpenVZ ...
Linux container(chroot + OS isolation)
brought into the kernel... namespaces
cgroups SELinux AppArmor btrs/aufs/
device mapper/etc ...
Docker (LXC + packaging)
and packaged up. systemd-nspawn
LXC lmctfy libvirt-lxc Docker /
libcontainer rkt / appc ...
Containers are isolated, portable environments where you can run applications along with all the
libraries and dependencies they need.

13. User request
Linux Kernel
hardware
shell Application
Each user has a
home directory and
process directory
Run in
memory

14. A paradigm shift for the O/S :
Redefines “Kernel Space” & “User Space”
Better fit for distributed computing

15. Who built this image?
What’s its purpose?
Was it created to support a demo?
Is it safe to consume?
Who maintains it?
RED HAT CERTIFIED
Trusted source for the host and the
containers
Trusted content inside the
container with security Dxes
available as part of an enterprise
lifecycle
Portability across hosts
HW
HostOS
Containers
Certify

16. Process A
fork()
Process A
continues
Process B
execev()
exit()
wait() ZOMBIE
SIGCHLD
clean up
Child - new PID
executes a
different program !
Parent - original PID
Reference: http://www.lynx.com/the-fork-call-posix-processes-and-parent-child-relationships
1.
Docker Daemon
process
fork
exec
dockerinit ENTRYPOINT CMD (your application)
2. 3.
new namespaces
init namespaces
the only process (same PID)
cgroups applied
Docker Container
process process process
process
Docker Container is born just by syscall fork and exec a process
1.

17. CGROUPS NAMESPACES IMAGES
DOCKER
CONTAINER
• Kernel Feature
• Groups of Processes
• Control Resource
Allocation
• CPU, CPU Sets
• Memory
• Disk
• Block I/O
• Not a File System
• Not a VHD
• Basically a tar file
• Has a Hierarchy
• Arbitrary Depth
• Fits into Docker Registry
• The real magic behind
containers
• It creates barriers between
processes
• Different Namespaces
• PID Namespace
• Net Namespace
• IPC Namespace
• MNT Namespace
• Linux Kernel Namespace
introduced between kernel
2.6.15 – 2.6.26
docker run lxc-start

20. Open Container Initiative+ =

21. ACS
ACS
ACI
ID
Signed Encrypted
Archive
Manifest Rootfs
veth ipvlan macvlan raw dev
FS Volume
Environment
Logging
Isolators
Capabilities
Linux
Isolators
Resource
Isolators
block network
cpu memory
Runtime Env
Pods
UUID Manifest
Executor
Image Discovery
Simple Discovery
Meta Discovery
Network
loopback
ip
overlay
DM
cgroup
Application Containers
“An application container is a way
of packaging and executing
processes on a computer system
that isolates the application from
the underlying host operating
system”
https://github.com/appc/spec,
2015.

22. CNM & CNI
Libnetwork: Docker 1.7
Container Network Model,CNM
AppC
Container Network Interface,CNI

23. https://www.ibm.com/developerworks/community/blogs/1ba56fe3-efad-432f-a1ab-58ba3910b073/entry/thoughts_on_future_of_resource_managers_and_schedulers_in_the_cloud?lang=en
IaaSCapacity (VM, Storage…)
PaaSApp (code)
CaaSApp container

24. CNCF & OCI
Application definition and orchestration
Resource scheduling
Distributed system services
Container Runtime agent Container registry
Container repositoryComputing node OS
Software define network Software define storage
Infrastructure provisioning
Out of scope
Api specification
OCI and specification
Reference implementation
OCI api spec
.
.….N

25. http://stackalytics.com/
Docker Kubernetes

26. The End~