SlideShare a Scribd company logo

LinuxKit & Moby - The next level of the container ecosystem

P
Patrick Kleindienst

These are the slides for a talk I gave at Docker User Group Stuttgart, covering LinuxKit and Moby essentials.

Software
1 of 22
Download to read offline
LinuxKit & Moby The next level of the container ecosystem
2
$ whoami ● Patrick Kleindienst ● Masters student at Stuttgart Media University, course of studies “Computer Science & Media” ● Master’s candidate at IBM Research & Development (Böblingen) @Apophis1990 3
Outline ● About LinuxKit ○ Motivation ○ Design Principles: Portability, Leanness, Security ● About Project Moby ○ Motivation ○ Diving through container history ● Demo: Moby & LinuxKit in action 4
LinuxKit: Motivation “Last year, one of the most common requests we heard from our users was to bring a Docker-native experience to their platforms. These platforms were many and varied[.] (...) One of the issues we encountered was that [...] users wanted Linuxcontainer support but the platform itself did not ship with Linux included.” (Justin Cormack, [1]) Cloud Server Desktop 5
Example: Docker for Mac 6
● Released by Docker Inc. at DockerCon 2017 in Austin (Texas) ● Addresses need for secure, lean and portable Linux subsystems ● Brings native Docker and Linux container support to various platforms ● Already in use in e.g. Docker for Mac/Windows for a couple of time 7
LinuxKit Design Principles: Portability Supported server/desktop hypervisors: ● HyperKit (macOS) ● Hyper-V (Windows) ● qemu (macOS, Windows, Linux) ● VMware (macOS, Windows) Supported cloud platforms: ● Amazon Web Services ● Google Cloud ● Microsoft Azure ● packet.net 8
LinuxKit Design Principles: Leanness ● Image core = Linux Kernel + some system libraries + container runtime ● Everything else is optional! ● Small foot print, image size ~ 35 MB ● minimal boot time ● Helps with security 9
LinuxKit Design Principles: Security ● container-specific OSes reduce attack surface ● less overhead -> less attack vectors (compared to popular distros like Debian) ● Isolation: optional services run inside dedicated containers ● Containerized services allow for fine-grained control of privileges and resource consumption ● Immutable infrastructure (read-only filesystem) 10
Why security matters - an example What’s so special about the “ping” binary? # ls -l $(which ping) -rwsr-xr-x 1 root root 44168 Mai 7 2014 /bin/ping (taken from LinuxMint 18.1 Serena) 11
Ok but, … what does LinuxKit have to do with Moby? 12
The Moby Project ● Also released by Docker Inc. at DockerCon 2017 in Austin (Texas) ● Tribute to size and needs of the community ● Moby provides: ○ A library of containerized backend components (runC, containerd, notary, networking, …) ○ A framework for assembling these components into functional container platforms ○ A reference assembly (Moby Origin) as the base for the Docker container platform ● Building container platforms by means of containers 13
At the beginning (2013-2014) Containers as a pioneer domain; monolithic opensource Docker codebase 14
The cloud era (2015-2016) Massive adoption for cloud-native apps; strip down monolith into components 15
Today (2017) Containers going mainstream; Embraced by more and more environments, platforms and industries 16
Future of the container ecosystem (>= 2017) Collaboration and sharing of assemblies; Use assemblies and existing/custom components to build specialized container platforms 17
Give me an example! 18
Demo: Redis OS 19
Thank you for your attention! 20
Sources (1) ● Videos: ○ Docker Inc. 2017. DockerCon 2017 - General Session Day 1. YouTube video. 1:50:22. Posted by “Docker”. April 24, 2017. https://www.youtube.com/watch?v=hwkqju_BXEo&t=4sm ● Blogs: ○ [1] Cormack, Justin. 2017. Announcing LinuxKit: A Toolkit for building secure, lean and portable Linux subsystems. Accessed June 29, 2017. https://blog.docker.com/2017/04/introducing-linuxkit-container-os-toolkit/ ○ [2] Hykes, Solomon. 2017. Introducing Moby Project: A new open-source project to advance the software containerization movement. Accessed June 29, 2017. https://blog.docker.com/2017/04/introducing-the-moby-project/ ○ [3] Docker Inc. 2017. linuxkit/linuxkit. Accessed June 29, 2017. https://github.com/linuxkit/linuxkit ○ [4] Docker Inc. 2017. moby/moby. Accessed June 29, 2017https://github.com/moby/moby ○ [5] Moby Project. 2017. Moby Project. Accessed June 29, 2017. https://mobyproject.org/ 21
Sources (2) ● Pictures: ○ https://i2.wp.com/blog.docker.com/wp-content/uploads/linux-kit@2x.png?resize=400%2C96&ssl=1 ○ https://upload.wikimedia.org/wikipedia/commons/thumb/1/1d/AmazonWebservices_Logo.svg/800px -AmazonWebservices_Logo.svg.png ○ https://upload.wikimedia.org/wikipedia/commons/thumb/c/c9/Windows-server-2016.png/1024px-Wi ndows-server-2016.png ○ https://upload.wikimedia.org/wikipedia/commons/thumb/f/fa/Apple_logo_black.svg/2000px-Apple_l ogo_black.svg.png ○ https://i0.wp.com/blog.docker.com/wp-content/uploads/1-2.png?w=763&ssl=1 ○ https://tuchacloud.com/wp-content/uploads/2016/03/KVM-tucha.png ○ https://i1.wp.com/blog.docker.com/wp-content/uploads/3a660141-cb0c-426b-9b6b-cec7b8a2f548-1.jp g?resize=389%2C117&ssl=1 ○ https://upload.wikimedia.org/wikipedia/de/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png 22

Recommended

Introduction to the Moby Project
Introduction to the Moby ProjectIntroduction to the Moby Project
Introduction to the Moby ProjectJochen Zehnder
 
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to DockerDocker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Dockerbacongobbler
 
Libcontainer: joining forces under one roof
Libcontainer: joining forces under one roofLibcontainer: joining forces under one roof
Libcontainer: joining forces under one roofAndrey Vagin
 
Docker Introduction - DevOps Montreal Meetup
Docker Introduction - DevOps Montreal MeetupDocker Introduction - DevOps Montreal Meetup
Docker Introduction - DevOps Montreal MeetupColin Surprenant
 
Docker @haufe lexware tech lunch
Docker @haufe lexware tech lunchDocker @haufe lexware tech lunch
Docker @haufe lexware tech lunchHaufeLexwareRomania
 
OpenStack und Containers
OpenStack und ContainersOpenStack und Containers
OpenStack und Containersinovex GmbH
 
Docker slides temp
Docker slides tempDocker slides temp
Docker slides tempMonica Hunter
 
How Docker didn't invent containers (Docker Meetup Brno #1)
How Docker didn't invent containers (Docker Meetup Brno #1)How Docker didn't invent containers (Docker Meetup Brno #1)
How Docker didn't invent containers (Docker Meetup Brno #1)Pavel Snajdr
 

Recommended

Introduction to the Moby Project
Introduction to the Moby ProjectIntroduction to the Moby Project
Introduction to the Moby ProjectJochen Zehnder
 
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to DockerDocker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Dockerbacongobbler
 
Libcontainer: joining forces under one roof
Libcontainer: joining forces under one roofLibcontainer: joining forces under one roof
Libcontainer: joining forces under one roofAndrey Vagin
 
Docker Introduction - DevOps Montreal Meetup
Docker Introduction - DevOps Montreal MeetupDocker Introduction - DevOps Montreal Meetup
Docker Introduction - DevOps Montreal MeetupColin Surprenant
 
Docker @haufe lexware tech lunch
Docker @haufe lexware tech lunchDocker @haufe lexware tech lunch
Docker @haufe lexware tech lunchHaufeLexwareRomania
 
OpenStack und Containers
OpenStack und ContainersOpenStack und Containers
OpenStack und Containersinovex GmbH
 
Docker slides temp
Docker slides tempDocker slides temp
Docker slides tempMonica Hunter
 
How Docker didn't invent containers (Docker Meetup Brno #1)
How Docker didn't invent containers (Docker Meetup Brno #1)How Docker didn't invent containers (Docker Meetup Brno #1)
How Docker didn't invent containers (Docker Meetup Brno #1)Pavel Snajdr
 
Talk98
Talk98Talk98
Talk98Sammy Fung
 
Getting Towards Real Sandbox Containers
Getting Towards Real Sandbox ContainersGetting Towards Real Sandbox Containers
Getting Towards Real Sandbox ContainersC4Media
 
Academy PRO: Docker. Lecture 1
Academy PRO: Docker. Lecture 1Academy PRO: Docker. Lecture 1
Academy PRO: Docker. Lecture 1Binary Studio
 
A brief history of Linux Containers
A brief history of Linux Containers A brief history of Linux Containers
A brief history of Linux Containers Kirill Kolyshkin
 
Brief history of Linux containers
Brief history of Linux containersBrief history of Linux containers
Brief history of Linux containersOpenVZ
 
Docker for Drupal development
Docker for Drupal developmentDocker for Drupal development
Docker for Drupal developmentWilliam Mortada
 
Docker integration
Docker integrationDocker integration
Docker integrationVijay Bellur
 
Moby Introduction - June 2017
Moby Introduction - June 2017Moby Introduction - June 2017
Moby Introduction - June 2017Patrick Chanezon
 
Autentia OS - 20180210 - Docker y las películas de chinos
Autentia OS - 20180210 - Docker y las películas de chinosAutentia OS - 20180210 - Docker y las películas de chinos
Autentia OS - 20180210 - Docker y las películas de chinosAlejandro Pérez García
 
Containerization & Docker - Under the Hood
Containerization & Docker - Under the HoodContainerization & Docker - Under the Hood
Containerization & Docker - Under the HoodImesha Sudasingha
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signingMoby Project
 
Canonical AWS Summit London 2011
Canonical AWS Summit London 2011Canonical AWS Summit London 2011
Canonical AWS Summit London 2011Amazon Web Services
 
LibCT: one lib to rule them all -- Andrey Vagin
LibCT: one lib to rule them all -- Andrey VaginLibCT: one lib to rule them all -- Andrey Vagin
LibCT: one lib to rule them all -- Andrey VaginOpenVZ
 
GettingStartedWithDocker_docker
GettingStartedWithDocker_dockerGettingStartedWithDocker_docker
GettingStartedWithDocker_dockerHasibul Haque
 
KubeCon EU 2016: Scaling Open edX with Kubernetes
KubeCon EU 2016: Scaling Open edX with KubernetesKubeCon EU 2016: Scaling Open edX with Kubernetes
KubeCon EU 2016: Scaling Open edX with KubernetesKubeAcademy
 
LibCT и контейнеры на уровне приложений -- Александр Бурлука
LibCT и контейнеры на уровне приложений -- Александр Бурлука LibCT и контейнеры на уровне приложений -- Александр Бурлука
LibCT и контейнеры на уровне приложений -- Александр БурлукаOpenVZ
 
Ceph Day Santa Clara Welcome
Ceph Day Santa Clara WelcomeCeph Day Santa Clara Welcome
Ceph Day Santa Clara WelcomeCeph Community
 
Introducing docker
Introducing dockerIntroducing docker
Introducing dockerDharmit Shah
 
Open collaboration in the Moby Project
Open collaboration in the Moby ProjectOpen collaboration in the Moby Project
Open collaboration in the Moby ProjectAkihiro Suda
 
Being a Moby maintainer
Being a Moby maintainerBeing a Moby maintainer
Being a Moby maintainerAkihiro Suda
 
Survey of Container Build Tools
Survey of Container Build ToolsSurvey of Container Build Tools
Survey of Container Build ToolsMichael Ducy
 
Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Patrick Chanezon
 

More Related Content

What's hot

Getting Towards Real Sandbox Containers
Getting Towards Real Sandbox ContainersGetting Towards Real Sandbox Containers
Getting Towards Real Sandbox ContainersC4Media
 
Academy PRO: Docker. Lecture 1
Academy PRO: Docker. Lecture 1Academy PRO: Docker. Lecture 1
Academy PRO: Docker. Lecture 1Binary Studio
 
A brief history of Linux Containers
A brief history of Linux Containers A brief history of Linux Containers
A brief history of Linux Containers Kirill Kolyshkin
 
Brief history of Linux containers
Brief history of Linux containersBrief history of Linux containers
Brief history of Linux containersOpenVZ
 
Docker for Drupal development
Docker for Drupal developmentDocker for Drupal development
Docker for Drupal developmentWilliam Mortada
 
Docker integration
Docker integrationDocker integration
Docker integrationVijay Bellur
 
Moby Introduction - June 2017
Moby Introduction - June 2017Moby Introduction - June 2017
Moby Introduction - June 2017Patrick Chanezon
 
Autentia OS - 20180210 - Docker y las películas de chinos
Autentia OS - 20180210 - Docker y las películas de chinosAutentia OS - 20180210 - Docker y las películas de chinos
Autentia OS - 20180210 - Docker y las películas de chinosAlejandro Pérez García
 
Containerization & Docker - Under the Hood
Containerization & Docker - Under the HoodContainerization & Docker - Under the Hood
Containerization & Docker - Under the HoodImesha Sudasingha
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signingMoby Project
 
Canonical AWS Summit London 2011
Canonical AWS Summit London 2011Canonical AWS Summit London 2011
Canonical AWS Summit London 2011Amazon Web Services
 
LibCT: one lib to rule them all -- Andrey Vagin
LibCT: one lib to rule them all -- Andrey VaginLibCT: one lib to rule them all -- Andrey Vagin
LibCT: one lib to rule them all -- Andrey VaginOpenVZ
 
GettingStartedWithDocker_docker
GettingStartedWithDocker_dockerGettingStartedWithDocker_docker
GettingStartedWithDocker_dockerHasibul Haque
 
KubeCon EU 2016: Scaling Open edX with Kubernetes
KubeCon EU 2016: Scaling Open edX with KubernetesKubeCon EU 2016: Scaling Open edX with Kubernetes
KubeCon EU 2016: Scaling Open edX with KubernetesKubeAcademy
 
LibCT и контейнеры на уровне приложений -- Александр Бурлука
LibCT и контейнеры на уровне приложений -- Александр Бурлука LibCT и контейнеры на уровне приложений -- Александр Бурлука
LibCT и контейнеры на уровне приложений -- Александр БурлукаOpenVZ
 
Ceph Day Santa Clara Welcome
Ceph Day Santa Clara WelcomeCeph Day Santa Clara Welcome
Ceph Day Santa Clara WelcomeCeph Community
 
Introducing docker
Introducing dockerIntroducing docker
Introducing dockerDharmit Shah
 

What's hot (18)

Talk98
Talk98Talk98
Talk98
 
Getting Towards Real Sandbox Containers
Getting Towards Real Sandbox ContainersGetting Towards Real Sandbox Containers
Getting Towards Real Sandbox Containers
 
Academy PRO: Docker. Lecture 1
Academy PRO: Docker. Lecture 1Academy PRO: Docker. Lecture 1
Academy PRO: Docker. Lecture 1
 
A brief history of Linux Containers
A brief history of Linux Containers A brief history of Linux Containers
A brief history of Linux Containers
 
Brief history of Linux containers
Brief history of Linux containersBrief history of Linux containers
Brief history of Linux containers
 
Docker for Drupal development
Docker for Drupal developmentDocker for Drupal development
Docker for Drupal development
 
Docker integration
Docker integrationDocker integration
Docker integration
 
Moby Introduction - June 2017
Moby Introduction - June 2017Moby Introduction - June 2017
Moby Introduction - June 2017
 
Autentia OS - 20180210 - Docker y las películas de chinos
Autentia OS - 20180210 - Docker y las películas de chinosAutentia OS - 20180210 - Docker y las películas de chinos
Autentia OS - 20180210 - Docker y las películas de chinos
 
Containerization & Docker - Under the Hood
Containerization & Docker - Under the HoodContainerization & Docker - Under the Hood
Containerization & Docker - Under the Hood
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signing
 
Canonical AWS Summit London 2011
Canonical AWS Summit London 2011Canonical AWS Summit London 2011
Canonical AWS Summit London 2011
 
LibCT: one lib to rule them all -- Andrey Vagin
LibCT: one lib to rule them all -- Andrey VaginLibCT: one lib to rule them all -- Andrey Vagin
LibCT: one lib to rule them all -- Andrey Vagin
 
GettingStartedWithDocker_docker
GettingStartedWithDocker_dockerGettingStartedWithDocker_docker
GettingStartedWithDocker_docker
 
KubeCon EU 2016: Scaling Open edX with Kubernetes
KubeCon EU 2016: Scaling Open edX with KubernetesKubeCon EU 2016: Scaling Open edX with Kubernetes
KubeCon EU 2016: Scaling Open edX with Kubernetes
 
LibCT и контейнеры на уровне приложений -- Александр Бурлука
LibCT и контейнеры на уровне приложений -- Александр Бурлука LibCT и контейнеры на уровне приложений -- Александр Бурлука
LibCT и контейнеры на уровне приложений -- Александр Бурлука
 
Ceph Day Santa Clara Welcome
Ceph Day Santa Clara WelcomeCeph Day Santa Clara Welcome
Ceph Day Santa Clara Welcome
 
Introducing docker
Introducing dockerIntroducing docker
Introducing docker
 

Similar to LinuxKit & Moby - The next level of the container ecosystem

Open collaboration in the Moby Project
Open collaboration in the Moby ProjectOpen collaboration in the Moby Project
Open collaboration in the Moby ProjectAkihiro Suda
 
Being a Moby maintainer
Being a Moby maintainerBeing a Moby maintainer
Being a Moby maintainerAkihiro Suda
 
Survey of Container Build Tools
Survey of Container Build ToolsSurvey of Container Build Tools
Survey of Container Build ToolsMichael Ducy
 
Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Patrick Chanezon
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesPhil Estes
 
LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)
LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)
LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)Docker, Inc.
 
Cloud Native Applications on Kubernetes: a DevOps Approach
Cloud Native Applications on Kubernetes: a DevOps ApproachCloud Native Applications on Kubernetes: a DevOps Approach
Cloud Native Applications on Kubernetes: a DevOps ApproachNicola Ferraro
 
Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinDjalal Harouni
 
Containerd - core container runtime component
Containerd - core container runtime component Containerd - core container runtime component
Containerd - core container runtime component Docker, Inc.
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesPhil Estes
 
HLayer / Docker and its ecosystem
HLayer / Docker and its ecosystemHLayer / Docker and its ecosystem
HLayer / Docker and its ecosystemAymen EL Amri
 
Docker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine EvolutionDocker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine EvolutionPhil Estes
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talkaspyker
 
Docker Concepts for Oracle/MySQL DBAs and DevOps
Docker Concepts for Oracle/MySQL DBAs and DevOpsDocker Concepts for Oracle/MySQL DBAs and DevOps
Docker Concepts for Oracle/MySQL DBAs and DevOpsZohar Elkayam
 
docker : how to deploy Digital Experience in a container drinking a cup of co...
docker : how to deploy Digital Experience in a container drinking a cup of co...docker : how to deploy Digital Experience in a container drinking a cup of co...
docker : how to deploy Digital Experience in a container drinking a cup of co...Matteo Bisi
 
.docker : how to deploy Digital Experience in a container drinking a cup of c...
.docker : how to deploy Digital Experience in a container drinking a cup of c....docker : how to deploy Digital Experience in a container drinking a cup of c...
.docker : how to deploy Digital Experience in a container drinking a cup of c...Andrea Fontana
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisOW2
 
Going Production with Docker and Swarm
Going Production with Docker and SwarmGoing Production with Docker and Swarm
Going Production with Docker and SwarmC4Media
 

Similar to LinuxKit & Moby - The next level of the container ecosystem (20)

Open collaboration in the Moby Project
Open collaboration in the Moby ProjectOpen collaboration in the Moby Project
Open collaboration in the Moby Project
 
Being a Moby maintainer
Being a Moby maintainerBeing a Moby maintainer
Being a Moby maintainer
 
Survey of Container Build Tools
Survey of Container Build ToolsSurvey of Container Build Tools
Survey of Container Build Tools
 
Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open Communities
 
LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)
LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)
LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)
 
Cloud Native Applications on Kubernetes: a DevOps Approach
Cloud Native Applications on Kubernetes: a DevOps ApproachCloud Native Applications on Kubernetes: a DevOps Approach
Cloud Native Applications on Kubernetes: a DevOps Approach
 
Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - Berlin
 
Containerd - core container runtime component
Containerd - core container runtime component Containerd - core container runtime component
Containerd - core container runtime component
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's Engines
 
HLayer / Docker and its ecosystem
HLayer / Docker and its ecosystemHLayer / Docker and its ecosystem
HLayer / Docker and its ecosystem
 
Docker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine EvolutionDocker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine Evolution
 
Docker Dojo
Docker DojoDocker Dojo
Docker Dojo
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talk
 
Docker Concepts for Oracle/MySQL DBAs and DevOps
Docker Concepts for Oracle/MySQL DBAs and DevOpsDocker Concepts for Oracle/MySQL DBAs and DevOps
Docker Concepts for Oracle/MySQL DBAs and DevOps
 
docker : how to deploy Digital Experience in a container drinking a cup of co...
docker : how to deploy Digital Experience in a container drinking a cup of co...docker : how to deploy Digital Experience in a container drinking a cup of co...
docker : how to deploy Digital Experience in a container drinking a cup of co...
 
.docker : how to deploy Digital Experience in a container drinking a cup of c...
.docker : how to deploy Digital Experience in a container drinking a cup of c....docker : how to deploy Digital Experience in a container drinking a cup of c...
.docker : how to deploy Digital Experience in a container drinking a cup of c...
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
 
Hello, Docker!
Hello, Docker!Hello, Docker!
Hello, Docker!
 
Going Production with Docker and Swarm
Going Production with Docker and SwarmGoing Production with Docker and Swarm
Going Production with Docker and Swarm
 

Recently uploaded

TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 

Recently uploaded (20)

Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 

LinuxKit & Moby - The next level of the container ecosystem

  • 1. LinuxKit & Moby The next level of the container ecosystem
  • 2. 2
  • 3. $ whoami ● Patrick Kleindienst ● Masters student at Stuttgart Media University, course of studies “Computer Science & Media” ● Master’s candidate at IBM Research & Development (Böblingen) @Apophis1990 3
  • 4. Outline ● About LinuxKit ○ Motivation ○ Design Principles: Portability, Leanness, Security ● About Project Moby ○ Motivation ○ Diving through container history ● Demo: Moby & LinuxKit in action 4
  • 5. LinuxKit: Motivation “Last year, one of the most common requests we heard from our users was to bring a Docker-native experience to their platforms. These platforms were many and varied[.] (...) One of the issues we encountered was that [...] users wanted Linuxcontainer support but the platform itself did not ship with Linux included.” (Justin Cormack, [1]) Cloud Server Desktop 5
  • 7. ● Released by Docker Inc. at DockerCon 2017 in Austin (Texas) ● Addresses need for secure, lean and portable Linux subsystems ● Brings native Docker and Linux container support to various platforms ● Already in use in e.g. Docker for Mac/Windows for a couple of time 7
  • 8. LinuxKit Design Principles: Portability Supported server/desktop hypervisors: ● HyperKit (macOS) ● Hyper-V (Windows) ● qemu (macOS, Windows, Linux) ● VMware (macOS, Windows) Supported cloud platforms: ● Amazon Web Services ● Google Cloud ● Microsoft Azure ● packet.net 8
  • 9. LinuxKit Design Principles: Leanness ● Image core = Linux Kernel + some system libraries + container runtime ● Everything else is optional! ● Small foot print, image size ~ 35 MB ● minimal boot time ● Helps with security 9
  • 10. LinuxKit Design Principles: Security ● container-specific OSes reduce attack surface ● less overhead -> less attack vectors (compared to popular distros like Debian) ● Isolation: optional services run inside dedicated containers ● Containerized services allow for fine-grained control of privileges and resource consumption ● Immutable infrastructure (read-only filesystem) 10
  • 11. Why security matters - an example What’s so special about the “ping” binary? # ls -l $(which ping) -rwsr-xr-x 1 root root 44168 Mai 7 2014 /bin/ping (taken from LinuxMint 18.1 Serena) 11
  • 12. Ok but, … what does LinuxKit have to do with Moby? 12
  • 13. The Moby Project ● Also released by Docker Inc. at DockerCon 2017 in Austin (Texas) ● Tribute to size and needs of the community ● Moby provides: ○ A library of containerized backend components (runC, containerd, notary, networking, …) ○ A framework for assembling these components into functional container platforms ○ A reference assembly (Moby Origin) as the base for the Docker container platform ● Building container platforms by means of containers 13
  • 14. At the beginning (2013-2014) Containers as a pioneer domain; monolithic opensource Docker codebase 14
  • 15. The cloud era (2015-2016) Massive adoption for cloud-native apps; strip down monolith into components 15
  • 16. Today (2017) Containers going mainstream; Embraced by more and more environments, platforms and industries 16
  • 17. Future of the container ecosystem (>= 2017) Collaboration and sharing of assemblies; Use assemblies and existing/custom components to build specialized container platforms 17
  • 18. Give me an example! 18
  • 20. Thank you for your attention! 20
  • 21. Sources (1) ● Videos: ○ Docker Inc. 2017. DockerCon 2017 - General Session Day 1. YouTube video. 1:50:22. Posted by “Docker”. April 24, 2017. https://www.youtube.com/watch?v=hwkqju_BXEo&t=4sm ● Blogs: ○ [1] Cormack, Justin. 2017. Announcing LinuxKit: A Toolkit for building secure, lean and portable Linux subsystems. Accessed June 29, 2017. https://blog.docker.com/2017/04/introducing-linuxkit-container-os-toolkit/ ○ [2] Hykes, Solomon. 2017. Introducing Moby Project: A new open-source project to advance the software containerization movement. Accessed June 29, 2017. https://blog.docker.com/2017/04/introducing-the-moby-project/ ○ [3] Docker Inc. 2017. linuxkit/linuxkit. Accessed June 29, 2017. https://github.com/linuxkit/linuxkit ○ [4] Docker Inc. 2017. moby/moby. Accessed June 29, 2017https://github.com/moby/moby ○ [5] Moby Project. 2017. Moby Project. Accessed June 29, 2017. https://mobyproject.org/ 21
  • 22. Sources (2) ● Pictures: ○ https://i2.wp.com/blog.docker.com/wp-content/uploads/linux-kit@2x.png?resize=400%2C96&ssl=1 ○ https://upload.wikimedia.org/wikipedia/commons/thumb/1/1d/AmazonWebservices_Logo.svg/800px -AmazonWebservices_Logo.svg.png ○ https://upload.wikimedia.org/wikipedia/commons/thumb/c/c9/Windows-server-2016.png/1024px-Wi ndows-server-2016.png ○ https://upload.wikimedia.org/wikipedia/commons/thumb/f/fa/Apple_logo_black.svg/2000px-Apple_l ogo_black.svg.png ○ https://i0.wp.com/blog.docker.com/wp-content/uploads/1-2.png?w=763&ssl=1 ○ https://tuchacloud.com/wp-content/uploads/2016/03/KVM-tucha.png ○ https://i1.wp.com/blog.docker.com/wp-content/uploads/3a660141-cb0c-426b-9b6b-cec7b8a2f548-1.jp g?resize=389%2C117&ssl=1 ○ https://upload.wikimedia.org/wikipedia/de/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png 22