SlideShare a Scribd company logo
The Docker Ecosystem
Definition,Architecture,Status
March 2023
Bruno Cornec, HPE EG EMEA Open Source and Linux Strategist
Introducing myself
●
Software engineering and Unices since 1988:
– Mostly Configuration Management Systems (CMS), Build systems, quality tools, on multiple commercial Unix systems
– Discovered Free, Libre, Open Source Software & Linux (FLOSS) & made first contributions in 1993
– Full time on OSL since 1995, first as HPE reseller then @HPE
●
Currently:
– WW FLOSS Technology Strategist in HPE, Grenoble, France
– HPE FLOSS Advocate and Converged Infrastructure Ambassador
– WW Linux Community Lead for the HPE Open Source Profession
– AFUL and APRIL member. Mageia board member. FLOSSITA board chair.
– Conferences at WW level at LinuxCon, Linux.conf.au, Fosdem, ...
– MondoRescue, Project-Builder.org, python-redfish, UUWL and PUSK Project Lead
– LinuxCOE, mrepo, tellico, rinse, fossology, collectl, Ironic contributor
– FOSSBazaar/SPDX and FLOSS Governance enthusiast
– Mageia (and Fedora) packager
●
And also:
– Amateur singer (Alto / Tenor), recorder player since 1976 and Choir director since 1987, CD collector (7000+), Concerts, Photography
Docker Architecture and Ecosystem
Container analogy
Cargo transportation before the '60s: no standard way to transport goods
– Multiplicity of goods and their security
– Multiplicity of transportation methods
The invention of the container allowed to
– Support all type of goods
– Can be loaded, unloaded, stacked
– Support multiple transport mode
– Sealed container
– Standard transportation way leading to huge costs reduction
Container for software
Computers before 2012 didn't had a standard way to transport IT workloads
– Multiplicity of applications and their security
– Multiplicity of transportation methods
The invention of the container allowed to
– Support all type of workload
– Can be loaded, unloaded, stacked
– Support multiple transport mode
– Secure container
– Standard transportation way leading to huge costs reduction
Bare-Metal vs VM vs Container
Containerized
application layer
Bare metal
application layer
Virtualized
application layer
Container
Network
Storage
Server
Apps
Host-OS
Guest OS
Apps
Hypervisor Host-OS
Infra
structure
Apps
Apps
Apps Apps
Network
Storage
Server
Network
Storage
Server
Docker In Brief
• Vision: Build, Ship, and Run Any App Anywhere
• Both: a company and an open source ecosystem (under the Apache license V2.0 since 2013)
• Docker is a tool chain written in Go that simplifies the creation and management of containers.
• Paradigm shift: “new” packaging model for deploying applications and services
• Containers: A self-contained portable environment for packaging, deploying, and executing
applications and services. Contains all execution dependencies for a service (one process == one
container)
• Better resource utilization: VMs virtualize the CPU, containers virtualize process(es) (lightweight)
(launch in ms vs s, doesn't consume OS memory)
• Application Lifecycle Management impact:
– Build and configure once (integrated DevOps), and rebuild often ;-)
– Deploy anywhere (laptop, server, cloud, …)
The Dev / Sec /Ops pipeline
Agile development environment :
Tested. Integrated. Portable. Optimized. Secured
+ +
Ship Run
Build
From infrastructure to
the cloud
Composable Infrastructure
Hybrid Cloud
Cloud native &
monolith Applications
Developpers
Communities enablement
QA/Test Operations
What is Docker value-add ?
Run applications in a neutral, lightweight and portable way
Bundle: Everything packed together
Layers: Images (ro) & containers (rw) using a union FS
Registry: public/private registry of shared images
Dockerfile: descriptive build of an image
Volumes: loopback mounting host FS into container
Ports: expose container services port to the host
Portable: created once, run everywhere (on a given OS)
Management: REST API/CLI
Enterprise: Docker Enterprise (formerly DDC)
Solomon Hykes, Docker Inc.
A layered approach
Images
Local or remote reference
content to initiate a container
Multiple images can be layered
adding content at each time
using Copy on Write FS
Cache to speed up repeated
operations
Containers
Last layer providing rw access to
the cumulated set of images 1 application + its deps == 1 container
# List images
$ docker images
# Pull and run a container
$ docker run -t -i repo:tag bash
# List containers
$ docker ps [-a] [-q]
Demo 1: Managing images and containers
Basic Docker Workflow
My computer
Local Docker Engine
Docker
registry
Images
Containers
Dockerfile
FROM Ubuntu
MAINTAINER pingouin@hpe.com
RUN apt-get install apache2
ADD website
/var/www/html/website
EXPOSE 80
CMD /usr/bin/httpd
}-
Docker Hub
# Dockerfile
$ cat Dockerfile
FROM localhost:5000/pb:mageia-4-x86_64
RUN urpmi --force --auto apache
ADD https://download.owncloud.org/community/owncloud-
7.0.3.tar.bz2 /var/www/html
RUN urpmi --force --auto php php-dom php-mbstring php-pdo php-gd
RUN chown -R apache:apache /var/www/html
# Add persistent volume.
VOLUME /data
COPY run.sh /run.sh
# Only 1 CMD!
CMD /run.sh
# Build image using the Dockerfile
$ docker build .
Demo 2: Dockerfile a receipe to build Docker images
Security
• CTN Apps are more secured vs BM Apps
• Docker has least priviledge principle
• Different security isolation than VMs (Combine
containers & VMs for improved security)
• Uses cgroups, seccomp, namespaces,
capabilities. Benefit from SELinux, apparmor,
Grsecurity, PAX
• Depends on choices and practices
– Use of root privilege (only when necessary)
– Disable SUID
– Fine-grained privileges
– Use advanced Docker configuration options
• Trusted images / container secrets
– Official images / Signed images
– Vault –open source project to managing secrets
• Container delivery pipeline can/should include
security testing
• Management of images and containers wrt
security updates
● Container security continues to improve while
its Understandably a hot topic
The Docker & Containers Ecosystem
Docker’s world
Docker solutions and plumbling tools
Plugin
Extensibility
Docker Libnetwork
Networking
Notary
Security
Docker Engine
Creates & Runs
containers
Docker Machine
Automated Provisioning
Docker Compose
Service Composition
Docker Hub/Registry
Package & Distribution
Docker UCP
Deploy & Manage
Docker Swarm
Native Host
Clustering
Docker Compose – yaml file example
weba:
build: .
expose:
- 80
webb:
build: .
expose:
- 80
haproxy:
image: hypriot/rpi-haproxy
volumes:
- haproxy:/haproxy-override
links:
- weba
- webb
ports:
- "80:80"
- "70:70"
expose:
- "80"
- "70"
Container Ecosystem – fantastic takeup
Docker – Leader – Engine, Cluster, Build, Remote execution, ...
Google – Open sourced Kubernetes container orchestration tool
RedHat – integrated Docker into their RHEL7 releases. RH Atomic CaaS solution
Redesigned OpenShift PaaS product to be based on Docker.
SUSE – integrated Docker into their SLES 12 releases
CaaS offering based on Docker, Kubernetes, Portus. PaaS on top based on CF to come
CoreOS – Aim to be the best distribution to run Docker
Goodies such as etcd, fleectl, rocket
Mesosphere – Docker executor for Mesos (Chronos & Marathon)
OpenStack – Nova & Glance drivers, Magnum (piloting Kubernetes/Swarm), Kolla and Kuryr
Portainer.io – Management solution for docker engines or swarms
Container Ecosystem – fantastic takeup continued...
IBM - integrated Docker into SoftLayer PaaS. Published KVM/Docker benchmarks
Microsoft - made available Linux images in their Azure IaaS with Docker functionality
Ongoing native Docker functionality for Windows Server
VMWare – to integrate Docker functionality into vSphere. Joined Kubernetes initiative.
Pivotal (CloudFoundry) – Replacing Warden by Docker
(and Shipyard, Rancher, Panamax, ...)
Open Container Project
• Standard specifications for a runtime and an image, vendor/architecture independent
• Brings Docker and CoreOS back together (runC, appc, …)
• https://www.opencontainers.org
The history of resources containment
on Linux
Linux Resources management Support
Linux Support Matrix
OS minimal NUMA cgroups LXC KVM Namespace
Upstream Kernel Linux 2.6.24
(Mar. 2008)
3.15/16 (2013)
Linux 2.6.29
(2010)
Linux 2.6.20
(Feb. 2007)
Linux 2.6.19/24
(2007)
3.8 (2013)
RHEL Yes (5.x) Yes (6.x) Yes (6.3) Yes (5.4) Yes (7.x)
SLES Yes (10) Yes (11) Yes (11SP1) Yes (11) Yes (12)
Fedora Yes Yes (F11) Yes (F12) Yes (F7) Yes (F19)
Ubuntu Yes Yes (10.04) Yes (10.04) Yes (9.10) Yes (14.04)
– Help to manage groups of processes
– Dedicated subsystems to manage specific resources:
– Resource management: CPU shares, memory, blkio
– Resource pools: CPU sets, ns, freezer, checkpoint/restart
– Implemented as a special cgroup file system
– Cgroup commands: cgcreate, cgexec, cgclear, cgclassify, ...
– Cgroup services :
●
cgconfig (/etc/cgconfig.conf), defines cgroups and mount points
●
cgred (/etc/cgrules.conf), defines rules between tasks and cgroups
– These are provided by libcgroup on top of the kernel cgroup virtual file system to allow persistence across reboot and
ease of use.
– Docker associates a cgroup to each container
Linux Control Groups
Share
Dedicate
Linux workload management
Shared resources example: ‘cpu’ cgroup subsystem
– 'cpu' CGroup subsystem
• cpu.shares
– Shares default to 1024
– Customization example :
Example of /etc/cgconfig.conf file:
mount {
cpu = /cgroup/cpu;
}
group default {
cpu {
cpu.shares = 1024;
}
}
group db1 {
cpu {
cpu.shares = 3072;
}
}
group db2 {
cpu {
cpu.shares = 6144;
}
}
Share
Linux resource pools
Dedicated resources example: ‘cpuset’ cgroup subsystem
– CGroup subsystems:
• cpuset
−sets of CPU
−sets of MEMORY (NUMA)
• memory
−limits the amount of RAM, RAM +
SWAP
−gives the current usage
• blkio
−change the behavior of Linux
CFQ (Completely Fair Queue)
Example of /etc/cgconfig.conf file:
mount {
cpuset = /cgroup/cpuset;
}
group default {
cpuset {
cpuset.cpus=0-2 ; cpuset.mem=0-2
}
}
group db2 {
cpuset {
cpuset.cpus=4-6 ; cpuset.mem=4-6
}
}
Dedicate
OS Virtualization (‘LXC / Docker’ containers)
– Applications in a zone are isolated from the others (chroot on steroïds)
• Security (as secure as your kernel)
• Namespaces (root, UID, GID, network, PID, IPC, mount points, hostname/uts)
• Cgroup Granularity
• Single OS image manages HW accesses
• Performance & transparency
neither emulation nor full virtualization
• Netfilter for network isolation (NAT and port fwd)
• AuFS overlays isolated file systems on top of a physical file system
– Other technos available
• V-Server
• Virtuozzo
• OpenVZ
Linux Containers OS Virt
https://blog.docker.com/wp-content/uploads/2014/03/docker-execdriver-diagram.png
30/03/2023 Private | Confidential | Internal Use Only
Project
Build +
metadata
Use case: Continuous Packaging with Docker
Docker
Containers
Local build
Project
Repository
Local Build Server
Packagers
Developers
30/03/2023 Private | Confidential | Internal Use Only
”Changes are never easy to make.
There is comfort and safety in tradition,
but change must come, no matter how
painful or expensive it may be.”
Bill Hewlett
Bruno.Cornec@hpe.com
(Open Source and Linux Technology Strategist
at the HP/Intel Solution Center)
http://downloads.linux.hpe.com/
Linus Torvalds, Richard Stallman, Eric Raymond,
Nat Makarevitch, René Cougnenc, Eric Dumas,
Rémy Card, Bdale Garbee, Bryan Gartner, Craig
Lamparter, Lee Mayes, Gallig Renaud, Andree
Leidenfrost, Phil Robb, Bob Gobeille, Martin
Michlmayr among others, for their work and
devotion to the Open Source Software cause...
and my family for their patience :-)
THANK YOU

More Related Content

Similar to Docker-v3.pdf

Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) -  Carlo Bonamic...Why everyone is excited about Docker (and you should too...) -  Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Codemotion
 
Bhushan m dev_ops_engr_31june
Bhushan m dev_ops_engr_31juneBhushan m dev_ops_engr_31june
Bhushan m dev_ops_engr_31june
Bhushan Mahajan
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
Carlo Bonamico
 
Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New Virtualization
C4Media
 
Docker for .NET Developers
Docker for .NET DevelopersDocker for .NET Developers
Docker for .NET Developers
Taswar Bhatti
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
Liang Bo
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
Jérôme Petazzoni
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
WSO2
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
Imesh Gunaratne
 
Docker+java
Docker+javaDocker+java
Docker+java
DPC Consulting Ltd
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
Dongwon Kim
 
Multi-OS Continuous Packaging with docker and Project-Builder.org
Multi-OS Continuous Packaging with docker and Project-Builder.orgMulti-OS Continuous Packaging with docker and Project-Builder.org
Multi-OS Continuous Packaging with docker and Project-Builder.org
Bruno Cornec
 
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ElasTest Project
 
Michigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOFMichigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOF
Jeffrey Sica
 
Docker Multi-arch All The Things
Docker Multi-arch All The ThingsDocker Multi-arch All The Things
Docker Multi-arch All The Things
Docker, Inc.
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developer
Paul Czarkowski
 
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
dotCloud
 
Application Deployment on Openstack
Application Deployment on OpenstackApplication Deployment on Openstack
Application Deployment on Openstack
Docker, Inc.
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with Docker
Jérôme Petazzoni
 

Similar to Docker-v3.pdf (20)

Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) -  Carlo Bonamic...Why everyone is excited about Docker (and you should too...) -  Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
 
Bhushan m dev_ops_engr_31june
Bhushan m dev_ops_engr_31juneBhushan m dev_ops_engr_31june
Bhushan m dev_ops_engr_31june
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
 
Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New Virtualization
 
Docker for .NET Developers
Docker for .NET DevelopersDocker for .NET Developers
Docker for .NET Developers
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
 
Docker+java
Docker+javaDocker+java
Docker+java
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
Multi-OS Continuous Packaging with docker and Project-Builder.org
Multi-OS Continuous Packaging with docker and Project-Builder.orgMulti-OS Continuous Packaging with docker and Project-Builder.org
Multi-OS Continuous Packaging with docker and Project-Builder.org
 
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
 
Michigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOFMichigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOF
 
Docker Multi-arch All The Things
Docker Multi-arch All The ThingsDocker Multi-arch All The Things
Docker Multi-arch All The Things
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developer
 
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
 
Application Deployment on Openstack
Application Deployment on OpenstackApplication Deployment on Openstack
Application Deployment on Openstack
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with Docker
 

More from Bruno Cornec

Diaporama de l'Académie de Musique Ancienne d'Étampes 2024
Diaporama de l'Académie de Musique Ancienne d'Étampes 2024Diaporama de l'Académie de Musique Ancienne d'Étampes 2024
Diaporama de l'Académie de Musique Ancienne d'Étampes 2024
Bruno Cornec
 
Diaporama-TMG.pdf
Diaporama-TMG.pdfDiaporama-TMG.pdf
Diaporama-TMG.pdf
Bruno Cornec
 
Diaporama de l'Académie de Musique Ancienne d'Étampes 2023
 Diaporama de l'Académie de Musique Ancienne d'Étampes 2023 Diaporama de l'Académie de Musique Ancienne d'Étampes 2023
Diaporama de l'Académie de Musique Ancienne d'Étampes 2023
Bruno Cornec
 
Concert Amicus Meus 2023
Concert Amicus Meus 2023Concert Amicus Meus 2023
Concert Amicus Meus 2023
Bruno Cornec
 
intro-linux-v4.pdf
intro-linux-v4.pdfintro-linux-v4.pdf
intro-linux-v4.pdf
Bruno Cornec
 
Diaporama Exultate 2022
Diaporama Exultate 2022Diaporama Exultate 2022
Diaporama Exultate 2022
Bruno Cornec
 
Diaporama-2021.pdf
Diaporama-2021.pdfDiaporama-2021.pdf
Diaporama-2021.pdf
Bruno Cornec
 
Introduction à Linux et aux logiciels libres
Introduction à Linux et aux logiciels libresIntroduction à Linux et aux logiciels libres
Introduction à Linux et aux logiciels libres
Bruno Cornec
 
Diaporama Variations 2019
Diaporama Variations 2019Diaporama Variations 2019
Diaporama Variations 2019
Bruno Cornec
 
IPMI is dead, Long live Redfish
IPMI is dead, Long live RedfishIPMI is dead, Long live Redfish
IPMI is dead, Long live Redfish
Bruno Cornec
 
Diaporama Exultate 2019
Diaporama Exultate 2019Diaporama Exultate 2019
Diaporama Exultate 2019
Bruno Cornec
 
Diaporama Exultate 2018
Diaporama Exultate 2018Diaporama Exultate 2018
Diaporama Exultate 2018
Bruno Cornec
 
Diaporama Exultate 2017
Diaporama Exultate 2017Diaporama Exultate 2017
Diaporama Exultate 2017
Bruno Cornec
 
Diaporama 2018 Guerre de 100 ans
Diaporama 2018 Guerre de 100 ansDiaporama 2018 Guerre de 100 ans
Diaporama 2018 Guerre de 100 ans
Bruno Cornec
 
Introduction aux logiciels libres et à Linux
Introduction aux logiciels libres et à LinuxIntroduction aux logiciels libres et à Linux
Introduction aux logiciels libres et à Linux
Bruno Cornec
 
Diaporama 2011 Musique pour la Vierge
Diaporama 2011 Musique pour la ViergeDiaporama 2011 Musique pour la Vierge
Diaporama 2011 Musique pour la Vierge
Bruno Cornec
 
Diaporama 2012 Musique polychorale
Diaporama 2012 Musique polychoraleDiaporama 2012 Musique polychorale
Diaporama 2012 Musique polychorale
Bruno Cornec
 
Diaporama 2016 Musique Allemande
Diaporama 2016 Musique AllemandeDiaporama 2016 Musique Allemande
Diaporama 2016 Musique Allemande
Bruno Cornec
 
Diaporama 2015 François Ier
Diaporama 2015 François IerDiaporama 2015 François Ier
Diaporama 2015 François Ier
Bruno Cornec
 
Guide Open Source Syntec Numérique
Guide Open Source Syntec NumériqueGuide Open Source Syntec Numérique
Guide Open Source Syntec Numérique
Bruno Cornec
 

More from Bruno Cornec (20)

Diaporama de l'Académie de Musique Ancienne d'Étampes 2024
Diaporama de l'Académie de Musique Ancienne d'Étampes 2024Diaporama de l'Académie de Musique Ancienne d'Étampes 2024
Diaporama de l'Académie de Musique Ancienne d'Étampes 2024
 
Diaporama-TMG.pdf
Diaporama-TMG.pdfDiaporama-TMG.pdf
Diaporama-TMG.pdf
 
Diaporama de l'Académie de Musique Ancienne d'Étampes 2023
 Diaporama de l'Académie de Musique Ancienne d'Étampes 2023 Diaporama de l'Académie de Musique Ancienne d'Étampes 2023
Diaporama de l'Académie de Musique Ancienne d'Étampes 2023
 
Concert Amicus Meus 2023
Concert Amicus Meus 2023Concert Amicus Meus 2023
Concert Amicus Meus 2023
 
intro-linux-v4.pdf
intro-linux-v4.pdfintro-linux-v4.pdf
intro-linux-v4.pdf
 
Diaporama Exultate 2022
Diaporama Exultate 2022Diaporama Exultate 2022
Diaporama Exultate 2022
 
Diaporama-2021.pdf
Diaporama-2021.pdfDiaporama-2021.pdf
Diaporama-2021.pdf
 
Introduction à Linux et aux logiciels libres
Introduction à Linux et aux logiciels libresIntroduction à Linux et aux logiciels libres
Introduction à Linux et aux logiciels libres
 
Diaporama Variations 2019
Diaporama Variations 2019Diaporama Variations 2019
Diaporama Variations 2019
 
IPMI is dead, Long live Redfish
IPMI is dead, Long live RedfishIPMI is dead, Long live Redfish
IPMI is dead, Long live Redfish
 
Diaporama Exultate 2019
Diaporama Exultate 2019Diaporama Exultate 2019
Diaporama Exultate 2019
 
Diaporama Exultate 2018
Diaporama Exultate 2018Diaporama Exultate 2018
Diaporama Exultate 2018
 
Diaporama Exultate 2017
Diaporama Exultate 2017Diaporama Exultate 2017
Diaporama Exultate 2017
 
Diaporama 2018 Guerre de 100 ans
Diaporama 2018 Guerre de 100 ansDiaporama 2018 Guerre de 100 ans
Diaporama 2018 Guerre de 100 ans
 
Introduction aux logiciels libres et à Linux
Introduction aux logiciels libres et à LinuxIntroduction aux logiciels libres et à Linux
Introduction aux logiciels libres et à Linux
 
Diaporama 2011 Musique pour la Vierge
Diaporama 2011 Musique pour la ViergeDiaporama 2011 Musique pour la Vierge
Diaporama 2011 Musique pour la Vierge
 
Diaporama 2012 Musique polychorale
Diaporama 2012 Musique polychoraleDiaporama 2012 Musique polychorale
Diaporama 2012 Musique polychorale
 
Diaporama 2016 Musique Allemande
Diaporama 2016 Musique AllemandeDiaporama 2016 Musique Allemande
Diaporama 2016 Musique Allemande
 
Diaporama 2015 François Ier
Diaporama 2015 François IerDiaporama 2015 François Ier
Diaporama 2015 François Ier
 
Guide Open Source Syntec Numérique
Guide Open Source Syntec NumériqueGuide Open Source Syntec Numérique
Guide Open Source Syntec Numérique
 

Recently uploaded

🚂🚘 Premium Girls Call Ranchi 🛵🚡000XX00000 💃 Choose Best And Top Girl Service...
🚂🚘 Premium Girls Call Ranchi  🛵🚡000XX00000 💃 Choose Best And Top Girl Service...🚂🚘 Premium Girls Call Ranchi  🛵🚡000XX00000 💃 Choose Best And Top Girl Service...
🚂🚘 Premium Girls Call Ranchi 🛵🚡000XX00000 💃 Choose Best And Top Girl Service...
bahubalikumar09988
 
01. Ruby Introduction - Ruby Core Teaching
01. Ruby Introduction - Ruby Core Teaching01. Ruby Introduction - Ruby Core Teaching
01. Ruby Introduction - Ruby Core Teaching
quanhoangd129
 
AI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdf
AI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdfAI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdf
AI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdf
Daniel Zivkovic
 
TEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with YouTEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with You
marcofolio
 
InflectraCON 360: Risk-Based Testing for Mission Critical Systems
InflectraCON 360: Risk-Based Testing for Mission Critical SystemsInflectraCON 360: Risk-Based Testing for Mission Critical Systems
InflectraCON 360: Risk-Based Testing for Mission Critical Systems
Inflectra
 
GT degree offer diploma Transcript
GT degree offer diploma TranscriptGT degree offer diploma Transcript
GT degree offer diploma Transcript
attueb
 
Test Polarity: Detecting Positive and Negative Tests (FSE 2024)
Test Polarity: Detecting Positive and Negative Tests (FSE 2024)Test Polarity: Detecting Positive and Negative Tests (FSE 2024)
Test Polarity: Detecting Positive and Negative Tests (FSE 2024)
andrehoraa
 
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
3610stuck
 
UMiami degree offer diploma Transcript
UMiami degree offer diploma TranscriptUMiami degree offer diploma Transcript
UMiami degree offer diploma Transcript
attueb
 
How To Fill Timesheet in TaskSprint: Quick Guide 2024
How To Fill Timesheet in TaskSprint: Quick Guide 2024How To Fill Timesheet in TaskSprint: Quick Guide 2024
How To Fill Timesheet in TaskSprint: Quick Guide 2024
TaskSprint | Employee Efficiency Software
 
Russian Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service ...
Russian Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service ...Russian Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service ...
Russian Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service ...
shanihomely
 
Hotel Management Software Development Company
Hotel Management Software Development CompanyHotel Management Software Development Company
Hotel Management Software Development Company
XongoLab Technologies LLP
 
SAP implementation steps PDF - Zyple Software
SAP implementation steps PDF - Zyple SoftwareSAP implementation steps PDF - Zyple Software
SAP implementation steps PDF - Zyple Software
Zyple Software
 
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
87tomato
 
09. Ruby Object Oriented Programming - Ruby Core Teaching
09. Ruby Object Oriented Programming - Ruby Core Teaching09. Ruby Object Oriented Programming - Ruby Core Teaching
09. Ruby Object Oriented Programming - Ruby Core Teaching
quanhoangd129
 
How to Secure Your Kubernetes Software Supply Chain at Scale
How to Secure Your Kubernetes Software Supply Chain at ScaleHow to Secure Your Kubernetes Software Supply Chain at Scale
How to Secure Your Kubernetes Software Supply Chain at Scale
Anchore
 
Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...
Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...
Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...
bhumivarma35300
 
Authentication Review-June -2024 AP & TS.pptx
Authentication Review-June -2024 AP & TS.pptxAuthentication Review-June -2024 AP & TS.pptx
Authentication Review-June -2024 AP & TS.pptx
DEMONDUOS
 
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
jealousviolet
 
Girls Call Jogeshwari 9967584737 Provide Best And Top Girl Service And No1 in...
Girls Call Jogeshwari 9967584737 Provide Best And Top Girl Service And No1 in...Girls Call Jogeshwari 9967584737 Provide Best And Top Girl Service And No1 in...
Girls Call Jogeshwari 9967584737 Provide Best And Top Girl Service And No1 in...
simran hot girls
 

Recently uploaded (20)

🚂🚘 Premium Girls Call Ranchi 🛵🚡000XX00000 💃 Choose Best And Top Girl Service...
🚂🚘 Premium Girls Call Ranchi  🛵🚡000XX00000 💃 Choose Best And Top Girl Service...🚂🚘 Premium Girls Call Ranchi  🛵🚡000XX00000 💃 Choose Best And Top Girl Service...
🚂🚘 Premium Girls Call Ranchi 🛵🚡000XX00000 💃 Choose Best And Top Girl Service...
 
01. Ruby Introduction - Ruby Core Teaching
01. Ruby Introduction - Ruby Core Teaching01. Ruby Introduction - Ruby Core Teaching
01. Ruby Introduction - Ruby Core Teaching
 
AI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdf
AI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdfAI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdf
AI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdf
 
TEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with YouTEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with You
 
InflectraCON 360: Risk-Based Testing for Mission Critical Systems
InflectraCON 360: Risk-Based Testing for Mission Critical SystemsInflectraCON 360: Risk-Based Testing for Mission Critical Systems
InflectraCON 360: Risk-Based Testing for Mission Critical Systems
 
GT degree offer diploma Transcript
GT degree offer diploma TranscriptGT degree offer diploma Transcript
GT degree offer diploma Transcript
 
Test Polarity: Detecting Positive and Negative Tests (FSE 2024)
Test Polarity: Detecting Positive and Negative Tests (FSE 2024)Test Polarity: Detecting Positive and Negative Tests (FSE 2024)
Test Polarity: Detecting Positive and Negative Tests (FSE 2024)
 
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
 
UMiami degree offer diploma Transcript
UMiami degree offer diploma TranscriptUMiami degree offer diploma Transcript
UMiami degree offer diploma Transcript
 
How To Fill Timesheet in TaskSprint: Quick Guide 2024
How To Fill Timesheet in TaskSprint: Quick Guide 2024How To Fill Timesheet in TaskSprint: Quick Guide 2024
How To Fill Timesheet in TaskSprint: Quick Guide 2024
 
Russian Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service ...
Russian Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service ...Russian Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service ...
Russian Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service ...
 
Hotel Management Software Development Company
Hotel Management Software Development CompanyHotel Management Software Development Company
Hotel Management Software Development Company
 
SAP implementation steps PDF - Zyple Software
SAP implementation steps PDF - Zyple SoftwareSAP implementation steps PDF - Zyple Software
SAP implementation steps PDF - Zyple Software
 
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
 
09. Ruby Object Oriented Programming - Ruby Core Teaching
09. Ruby Object Oriented Programming - Ruby Core Teaching09. Ruby Object Oriented Programming - Ruby Core Teaching
09. Ruby Object Oriented Programming - Ruby Core Teaching
 
How to Secure Your Kubernetes Software Supply Chain at Scale
How to Secure Your Kubernetes Software Supply Chain at ScaleHow to Secure Your Kubernetes Software Supply Chain at Scale
How to Secure Your Kubernetes Software Supply Chain at Scale
 
Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...
Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...
Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...
 
Authentication Review-June -2024 AP & TS.pptx
Authentication Review-June -2024 AP & TS.pptxAuthentication Review-June -2024 AP & TS.pptx
Authentication Review-June -2024 AP & TS.pptx
 
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
 
Girls Call Jogeshwari 9967584737 Provide Best And Top Girl Service And No1 in...
Girls Call Jogeshwari 9967584737 Provide Best And Top Girl Service And No1 in...Girls Call Jogeshwari 9967584737 Provide Best And Top Girl Service And No1 in...
Girls Call Jogeshwari 9967584737 Provide Best And Top Girl Service And No1 in...
 

Docker-v3.pdf

  • 1. The Docker Ecosystem Definition,Architecture,Status March 2023 Bruno Cornec, HPE EG EMEA Open Source and Linux Strategist
  • 2. Introducing myself ● Software engineering and Unices since 1988: – Mostly Configuration Management Systems (CMS), Build systems, quality tools, on multiple commercial Unix systems – Discovered Free, Libre, Open Source Software & Linux (FLOSS) & made first contributions in 1993 – Full time on OSL since 1995, first as HPE reseller then @HPE ● Currently: – WW FLOSS Technology Strategist in HPE, Grenoble, France – HPE FLOSS Advocate and Converged Infrastructure Ambassador – WW Linux Community Lead for the HPE Open Source Profession – AFUL and APRIL member. Mageia board member. FLOSSITA board chair. – Conferences at WW level at LinuxCon, Linux.conf.au, Fosdem, ... – MondoRescue, Project-Builder.org, python-redfish, UUWL and PUSK Project Lead – LinuxCOE, mrepo, tellico, rinse, fossology, collectl, Ironic contributor – FOSSBazaar/SPDX and FLOSS Governance enthusiast – Mageia (and Fedora) packager ● And also: – Amateur singer (Alto / Tenor), recorder player since 1976 and Choir director since 1987, CD collector (7000+), Concerts, Photography
  • 4. Container analogy Cargo transportation before the '60s: no standard way to transport goods – Multiplicity of goods and their security – Multiplicity of transportation methods The invention of the container allowed to – Support all type of goods – Can be loaded, unloaded, stacked – Support multiple transport mode – Sealed container – Standard transportation way leading to huge costs reduction
  • 5. Container for software Computers before 2012 didn't had a standard way to transport IT workloads – Multiplicity of applications and their security – Multiplicity of transportation methods The invention of the container allowed to – Support all type of workload – Can be loaded, unloaded, stacked – Support multiple transport mode – Secure container – Standard transportation way leading to huge costs reduction
  • 6. Bare-Metal vs VM vs Container Containerized application layer Bare metal application layer Virtualized application layer Container Network Storage Server Apps Host-OS Guest OS Apps Hypervisor Host-OS Infra structure Apps Apps Apps Apps Network Storage Server Network Storage Server
  • 7. Docker In Brief • Vision: Build, Ship, and Run Any App Anywhere • Both: a company and an open source ecosystem (under the Apache license V2.0 since 2013) • Docker is a tool chain written in Go that simplifies the creation and management of containers. • Paradigm shift: “new” packaging model for deploying applications and services • Containers: A self-contained portable environment for packaging, deploying, and executing applications and services. Contains all execution dependencies for a service (one process == one container) • Better resource utilization: VMs virtualize the CPU, containers virtualize process(es) (lightweight) (launch in ms vs s, doesn't consume OS memory) • Application Lifecycle Management impact: – Build and configure once (integrated DevOps), and rebuild often ;-) – Deploy anywhere (laptop, server, cloud, …)
  • 8. The Dev / Sec /Ops pipeline Agile development environment : Tested. Integrated. Portable. Optimized. Secured + + Ship Run Build From infrastructure to the cloud Composable Infrastructure Hybrid Cloud Cloud native & monolith Applications Developpers Communities enablement QA/Test Operations
  • 9. What is Docker value-add ? Run applications in a neutral, lightweight and portable way Bundle: Everything packed together Layers: Images (ro) & containers (rw) using a union FS Registry: public/private registry of shared images Dockerfile: descriptive build of an image Volumes: loopback mounting host FS into container Ports: expose container services port to the host Portable: created once, run everywhere (on a given OS) Management: REST API/CLI Enterprise: Docker Enterprise (formerly DDC) Solomon Hykes, Docker Inc.
  • 10. A layered approach Images Local or remote reference content to initiate a container Multiple images can be layered adding content at each time using Copy on Write FS Cache to speed up repeated operations Containers Last layer providing rw access to the cumulated set of images 1 application + its deps == 1 container
  • 11. # List images $ docker images # Pull and run a container $ docker run -t -i repo:tag bash # List containers $ docker ps [-a] [-q] Demo 1: Managing images and containers
  • 12. Basic Docker Workflow My computer Local Docker Engine Docker registry Images Containers Dockerfile FROM Ubuntu MAINTAINER pingouin@hpe.com RUN apt-get install apache2 ADD website /var/www/html/website EXPOSE 80 CMD /usr/bin/httpd }- Docker Hub
  • 13. # Dockerfile $ cat Dockerfile FROM localhost:5000/pb:mageia-4-x86_64 RUN urpmi --force --auto apache ADD https://download.owncloud.org/community/owncloud- 7.0.3.tar.bz2 /var/www/html RUN urpmi --force --auto php php-dom php-mbstring php-pdo php-gd RUN chown -R apache:apache /var/www/html # Add persistent volume. VOLUME /data COPY run.sh /run.sh # Only 1 CMD! CMD /run.sh # Build image using the Dockerfile $ docker build . Demo 2: Dockerfile a receipe to build Docker images
  • 14. Security • CTN Apps are more secured vs BM Apps • Docker has least priviledge principle • Different security isolation than VMs (Combine containers & VMs for improved security) • Uses cgroups, seccomp, namespaces, capabilities. Benefit from SELinux, apparmor, Grsecurity, PAX • Depends on choices and practices – Use of root privilege (only when necessary) – Disable SUID – Fine-grained privileges – Use advanced Docker configuration options • Trusted images / container secrets – Official images / Signed images – Vault –open source project to managing secrets • Container delivery pipeline can/should include security testing • Management of images and containers wrt security updates ● Container security continues to improve while its Understandably a hot topic
  • 15. The Docker & Containers Ecosystem
  • 16. Docker’s world Docker solutions and plumbling tools Plugin Extensibility Docker Libnetwork Networking Notary Security Docker Engine Creates & Runs containers Docker Machine Automated Provisioning Docker Compose Service Composition Docker Hub/Registry Package & Distribution Docker UCP Deploy & Manage Docker Swarm Native Host Clustering
  • 17. Docker Compose – yaml file example weba: build: . expose: - 80 webb: build: . expose: - 80 haproxy: image: hypriot/rpi-haproxy volumes: - haproxy:/haproxy-override links: - weba - webb ports: - "80:80" - "70:70" expose: - "80" - "70"
  • 18. Container Ecosystem – fantastic takeup Docker – Leader – Engine, Cluster, Build, Remote execution, ... Google – Open sourced Kubernetes container orchestration tool RedHat – integrated Docker into their RHEL7 releases. RH Atomic CaaS solution Redesigned OpenShift PaaS product to be based on Docker. SUSE – integrated Docker into their SLES 12 releases CaaS offering based on Docker, Kubernetes, Portus. PaaS on top based on CF to come CoreOS – Aim to be the best distribution to run Docker Goodies such as etcd, fleectl, rocket Mesosphere – Docker executor for Mesos (Chronos & Marathon) OpenStack – Nova & Glance drivers, Magnum (piloting Kubernetes/Swarm), Kolla and Kuryr Portainer.io – Management solution for docker engines or swarms
  • 19. Container Ecosystem – fantastic takeup continued... IBM - integrated Docker into SoftLayer PaaS. Published KVM/Docker benchmarks Microsoft - made available Linux images in their Azure IaaS with Docker functionality Ongoing native Docker functionality for Windows Server VMWare – to integrate Docker functionality into vSphere. Joined Kubernetes initiative. Pivotal (CloudFoundry) – Replacing Warden by Docker (and Shipyard, Rancher, Panamax, ...)
  • 20. Open Container Project • Standard specifications for a runtime and an image, vendor/architecture independent • Brings Docker and CoreOS back together (runC, appc, …) • https://www.opencontainers.org
  • 21. The history of resources containment on Linux
  • 22. Linux Resources management Support Linux Support Matrix OS minimal NUMA cgroups LXC KVM Namespace Upstream Kernel Linux 2.6.24 (Mar. 2008) 3.15/16 (2013) Linux 2.6.29 (2010) Linux 2.6.20 (Feb. 2007) Linux 2.6.19/24 (2007) 3.8 (2013) RHEL Yes (5.x) Yes (6.x) Yes (6.3) Yes (5.4) Yes (7.x) SLES Yes (10) Yes (11) Yes (11SP1) Yes (11) Yes (12) Fedora Yes Yes (F11) Yes (F12) Yes (F7) Yes (F19) Ubuntu Yes Yes (10.04) Yes (10.04) Yes (9.10) Yes (14.04)
  • 23. – Help to manage groups of processes – Dedicated subsystems to manage specific resources: – Resource management: CPU shares, memory, blkio – Resource pools: CPU sets, ns, freezer, checkpoint/restart – Implemented as a special cgroup file system – Cgroup commands: cgcreate, cgexec, cgclear, cgclassify, ... – Cgroup services : ● cgconfig (/etc/cgconfig.conf), defines cgroups and mount points ● cgred (/etc/cgrules.conf), defines rules between tasks and cgroups – These are provided by libcgroup on top of the kernel cgroup virtual file system to allow persistence across reboot and ease of use. – Docker associates a cgroup to each container Linux Control Groups Share Dedicate
  • 24. Linux workload management Shared resources example: ‘cpu’ cgroup subsystem – 'cpu' CGroup subsystem • cpu.shares – Shares default to 1024 – Customization example : Example of /etc/cgconfig.conf file: mount { cpu = /cgroup/cpu; } group default { cpu { cpu.shares = 1024; } } group db1 { cpu { cpu.shares = 3072; } } group db2 { cpu { cpu.shares = 6144; } } Share
  • 25. Linux resource pools Dedicated resources example: ‘cpuset’ cgroup subsystem – CGroup subsystems: • cpuset −sets of CPU −sets of MEMORY (NUMA) • memory −limits the amount of RAM, RAM + SWAP −gives the current usage • blkio −change the behavior of Linux CFQ (Completely Fair Queue) Example of /etc/cgconfig.conf file: mount { cpuset = /cgroup/cpuset; } group default { cpuset { cpuset.cpus=0-2 ; cpuset.mem=0-2 } } group db2 { cpuset { cpuset.cpus=4-6 ; cpuset.mem=4-6 } } Dedicate
  • 26. OS Virtualization (‘LXC / Docker’ containers) – Applications in a zone are isolated from the others (chroot on steroïds) • Security (as secure as your kernel) • Namespaces (root, UID, GID, network, PID, IPC, mount points, hostname/uts) • Cgroup Granularity • Single OS image manages HW accesses • Performance & transparency neither emulation nor full virtualization • Netfilter for network isolation (NAT and port fwd) • AuFS overlays isolated file systems on top of a physical file system – Other technos available • V-Server • Virtuozzo • OpenVZ Linux Containers OS Virt https://blog.docker.com/wp-content/uploads/2014/03/docker-execdriver-diagram.png
  • 27. 30/03/2023 Private | Confidential | Internal Use Only Project Build + metadata Use case: Continuous Packaging with Docker Docker Containers Local build Project Repository Local Build Server Packagers Developers
  • 28. 30/03/2023 Private | Confidential | Internal Use Only ”Changes are never easy to make. There is comfort and safety in tradition, but change must come, no matter how painful or expensive it may be.” Bill Hewlett Bruno.Cornec@hpe.com (Open Source and Linux Technology Strategist at the HP/Intel Solution Center) http://downloads.linux.hpe.com/ Linus Torvalds, Richard Stallman, Eric Raymond, Nat Makarevitch, René Cougnenc, Eric Dumas, Rémy Card, Bdale Garbee, Bryan Gartner, Craig Lamparter, Lee Mayes, Gallig Renaud, Andree Leidenfrost, Phil Robb, Bob Gobeille, Martin Michlmayr among others, for their work and devotion to the Open Source Software cause... and my family for their patience :-) THANK YOU