This document discusses Docker and its ecosystem. It provides a history of container technologies from chroot jails in 1979 to modern tools like Docker, Kubernetes, containerd, and RunC. It describes the architecture and components of Docker including how it leverages containerd and RunC. Finally, it discusses orchestration tools like Kubernetes and how Docker is organized into various modular projects under the Moby project.

1. Docker & Its Ecosystem
H-Layer 18.04 - www.hlayer.io
Docker, Kube, RunC, Moby & The Ecosystem

2. Aymen El Amri -
@eon01
Founder eralabs.io
Founder @DevOpsLinks
Author @PainlessDocker

3. The Ecosystem

4. Containers

5. History of Containers
● Chroot Jail
● FreeBSD Jails
● Linux-VServer
● Solaris Containers
● OpenVZ
● Process Containers
● LXC
● Warden
● LMCTFY
● Docker
● RKT

6. Chroot Jail
- The Chroot Jail, is one the first
containerization technologies (1979).
- It allows to isolate a process and its
children from the rest of the OS by
changing their root directory
- Security: A root process can easily exit the
chroot. Chroot was never intended as a
security mechanism

7. FreeBSD Jail
- A FreeBSD-specific implementation
- More secure than the Chroot Jail.

8. - A virtualization solution more advanced
than the simple chroot
- It lets you run multiple Linux
distributions on a single distribution
- Linux VServer / VPS
Linux-VServer

9. Oracle Solaris Containers
- An implementation of Linux-Vserver for
X86 and SPARC processors
- SPARC is a RISC (reduced instruction set
computing) architecture developed by
Sun Microsystems.

10. OpenVZ
- Similar to Solaris Containers
- Enables a physical baremetal server to
run multiple isolated operating systems →
containers.
- It is used by hosting companies to isolate
VPS.

11. CGroups - Process Containers
- It is a process isolator developed by
Google (CGroups)
- Docker is based on CGroups

12. LXC - Linux Containers
- Uses CGroups
- No need for Kernel patch
- Used to be used by Docker

13. LMCTFY
- Google developed the CGroups, which
was used by LXC
- Run applications in isolated environments
on the same Kernel and without patching
it
- Google: A leader in the container industry
- Everything, absolutely everything, runs
on containers at Google
- There are more than 2 billion containers
running on Google infrastructure every
week

14. Docker
- Most popular
- Developer friendly

15. RKT
- Developed by CoreOS
- Standards / Security
- Bought by Redhat

16. Containers : 1979 -> 2013

17. Containers vs VMs

18. Architecture

19. Docker Tools

20. 2013 - Docker & LXC
- Docker se base sur LXC.
- Sponosrisé par Canonical
- A partir de la version 0.9 en 2014, Docker a cessé d’utiliser LXC et a
développé Libcontainer

21. 2014 - Libcontainer
- L’interface de Docker pour accéder aux
Linux Facilities

22. 2014 - Libcontainer
- Cgroups, Namespaces, Capabilities ..etc

23. Let’s Create a Container Using Namespaces & Cgroups

24. Let’s Create a Container Using Namespaces & Cgroups

25. Let’s Create a Container Using Namespaces & Cgroups

26. Let’s Create a Container Using Namespaces & Cgroups
The Container

27. Let’s Create a Container Using Namespaces & Cgroups
The Host Machine

28. 2015 - RunC
- Leverage Libcontainer without without
going through the Docker Engine
- Standardization of the world of
containers.
- Other vendors can implement their own
version of containers
- The abstraction of the communication
between Docker and the runtime

29. Let’s Create a Container Without Using Docker
The Host Machine

30. Let’s Create a Container Without Using Docker
The Host Machine

31. Let’s Create a Container Without Using Docker
The Host Machine

32. Let’s Create a Container Without Using Docker
The Host Machine

33. Let’s Create a Container Without Using Docker
The Host Machine

34. 2016 - Containerd
- Uses RunC to manage and supervise
containers (lifecycle)
- Exposes containers functionalities over
gRPC (vs Docker who exposes images,
volumes, networks, builds, etc.)
- Refactory → Containerd is a community
Open Source project

35. Architecture
- Monolithic → Components
1. Docker Engine creates the images and
pass it to containerd
2. Containerd calls containerd-shim
3. Containerd-shim call runC to run the
container
4. Containerd-shim allows the runtime to
be released once the container starts to
spin

36. 2017 - Containers Go Mainstream
- Docker est devenu mainstream
- Plusieurs vendors: Mac, Linux, Windows,
AWS, GCP ..etc
- La création de l’OCI (Open Container
Initiative)
- Des nouveaux modèles de développement
et de production

37. The Moby Project
- A project to organize and modularize the
development of Docker
- It is an ecosystem of development and
production
- No change for the regular users

42. The Moby Project

43. Containerd
- Industry-standard core container
runtime
- Manage the container’s lifecycle

44. LinuxKit
- A tool for creating lightweight and secure
operating systems for containers

45. InfraKit
- Distributed / self-healing infrastructures
- Procedural vs Declarative
- Desired State

46. SwarmKit
- A toolbox for orchestrating distributed
systems at any scale.
- It includes primitives for node discovery,
RAFT-based consensus, and task
scheduling.

47. Orchestration

48. Orchestration

49. Orchestration

50. Orchestration is a Must

51. Kubernetes
- Developed by Google
- Google has been running production
workloads in containers for over 15 years
- Using K8S: Github, Ebay, Wikimedia ..

52. Kubernetes in the Cloud
- Amazon Elastic Container Service for
Kubernetes (EKS)
- Redhat Openshift
- Google Container Engine (GKE)
- Azure Container Service (AKS)

53. Kubernetes Community
- Organisation en SIG (Special Interest
Groups)
- Google, Redhat, CoreOs, Alibaba,
Microsoft, Samsung, Huawei, Canonical,
IBM, Fujitsu ..etc

54. Redhat & Kuberentes

55. Aymen El Amri
www.bit.ly/hldocker
Twitter: @eon01
Email: aymen@eralabs.io
Join eralabs.:
www.eralabs.io
Connect Deeper
Images via: sysadmincasts.com, docker.com, jimmysong.io