SlideShare a Scribd company logo
State of Containers
Convergence of Big Data, AI and HPC
Technology ReCap
Comparison of Hypervisor and Container Virtualization
VM1 VM2
Stacked View
Hardware
Host Kernel
Userland
Services Hypervisor (type-2)
Kernel
Userland
appA appB
Userland
Kernel
Hardware
Host Kernel
Userland
Services
Cnt2Cnt1
Userland
appA appB
Userland
Traditional Virtualization Container Virtualization
VM-shortcuts
(PVM,pci-passthrough)
Operational Abstraction
end-user does not care...
hardware
hypervisor (type-1)
container
Traditional Virtualization
kernel
Interface View
libs
From Application to Kernel
application
libs
application
lib-calls
102
syscalls
101
hypercalls
hardware
kernel
hw-calls
Container Virtualization
Technology ReCap
Container Technology 101
But can share namespaces with other containers or even the host
Container Namespaces
A starting container gets his own namespaces to keep track process of resources.
PIDMNT IPCNET USR
Host
UTS CGRP
cnt0 cnt1 cnt2
CGroups
While namespaces isolate,
Control Groups constraint resources.
qnib/uplain-cudaImage layers R/O
Thin R/W layerContainer Layer
Storage Driver
Handling OverlayFS
The storage driver controls how images and containers are stored and managed on your Docker host.
qnib/uplain-cuda 1.5GB
[1] ubuntu:16.04 112MB
[5] apt-get update 153MB
config.json
1
5
[6] libcuda1-384 1.39GB
6
Seccomp (SELinux,AppArmor)
● While namespaces isolate,
● Control Groups constraint resources,
● seccomp filters syscalls (sane default).
● (SELinux/AppArmor allow for system-wide filters)
https://docs.docker.com/engine/security/seccomp/
Architecture ReCap
Open-Source Container Technology 101
HPC-runtime
workarounds
Runtime
runc + containerd
● runc
CLI tool for spawning and running containers according to the OCI specification
rootfs
config.json
runc executed container
{
"process": {
"terminal": true,
"consoleSize": {
"height": 25,
"width": 80
},
"user": {
"uid": 1,
"gid": 1,
"additionalGids": [5,6]
}
}
● Shifter / Charlie Cloud / Singularity
are not OCI compliant runtimes…
Runtime
runc + containerd
●
● containerd
An industry-standard container runtime with an emphasis on simplicity, robustness and portability.
● runc
CLI tool for spawning and running containers according to the OCI specification
HPC-runtime
workarounds
Architecture on Linux
Operating System
Control Groups
(cgroups)
Namespaces
(mnt,pid,ipc,...)
Layer Capabilities
AUFS,overlay,...
Other OS
Functionality
Docker Engine
REST interface
libcontainerd libnetwork storage plugins
containerd
Docker Client Docker Compose Docker Registry Docker Swarm/K8s
runc+
Architecture on Windows
Operating System
Other OS
Functionality
Docker Engine
REST interface
libcontainer libnetwork storage plugins
Docker Client Docker Compose Docker Registry Docker Swarm/K8s
Host Compute Service
Control Groups Namespaces Layer Capabilities
Object Namespace,
Process Table,
Networking
Job Objects Registry, Union like
filesystem extension
HPC Challenges
Host-Agnostic vs. Host-Specific
Service Cluster
Compute Cluster
Shared Systems
Scientist self-service
Storage
Engine
rank0
/home/
/scratch/
/proj/
Engine
rank1
Engine
rank2
Engine
rankN
Create Data
Display Data
Host
Shared File-Systems
Compute Jobs pin the user
Engine
/home/alice/
/home/bob/
Compute jobs need to be imperative, as processes work closely together.
➔ UID:GID ownership can be handled within container
process 0
child 0.1
process 0
child 0.1
Works as designed - host-agnostic!
➔ Best-practice (as of today) for containers suggest to do not trust the UID within the container at all!
root@n40l:/home# ls -l
total 16
drwx------ 2 alice alice 4096 Feb 17 11:12 alice
drwx------ 2 bob bob 4096 Feb 17 11:11 bob
root@n40l:~# su - bob
bob@n40l:~$ docker run -ti --rm -v /home/:/home/ --user=$(id -u alice):$(id -g alice) 
ubuntu touch /home/alice/bob_was_here
bob@n40l:~$ logout
root@n40l:~# ls -l /home/alice/
total 0
-rw-r--r-- 1 alice alice 0 Feb 17 11:38 bob_was_here
root@n40l:~#
Honor Shared Environments
Example
Alter User setting - Overwriting User with '1003:1003', was '1002:1002'
Mounts: [/home/:/home/]
$ docker run -v /var/run/:/var/run/ -ti --rm qnib/doxy:gpu doxy --proxy-socket=/var/run/hpc.sock --pattern-key=hpc 
--pin-user --user 1003:1003
2018/02/17 10:47:27 [II] Start Version: 0.2.4
2018/02/17 10:47:27 [doxy] Listening on /var/run/hpc.sock
2018/02/17 10:47:27 Serving proxy on '/var/run/hpc.sock'
Alter User setting - Overwrite User with '1003:1003', was '1002:1002'
Mounts: [/home/:/home/]
Honor Shared Environments [proof-of-concept]
Manipulating API payload via proxy
bob@n40l:~$ docker -H unix:///var/run/hpc.sock create -v /home/:/home/ 
--user=$(id -u alice):$(id -g alice) ubuntu touch /home/alice/bob_tried
2117ed54e6063928db5c3ed7688a3ab96a3c60fcf3b54407fb27336dfe14e9de
charlie@n40l:~$ docker start -a 2117ed54e6063928db5c3ed7688a3ab96a3c60fcf3b54407fb27336dfe14e9de
touch: cannot touch '/home/alice/bob_tried': Permission denied
Host1
Host-Agnostic vs. Host-Specific
kernel-bypassing devices
● To use kernel-bypassing devices and drivers have to be present into a container
○ drivers can be part of the container, which bloats the container
○ a local volume on the host, which adds/augments the library into the container
● These devices/drivers might be host-specific (e.g. different GPUs per host require different mappings)
Docker Engine
process1
GPU
/dev/nvidia0
/lib/cuda/1.2
Host2
Docker Engine
process1
GPU
/dev/nvidia1
/lib/cuda/1.2.1
Add GPU stuff
New device: /dev/nvidia0:/dev/nvidia0
New device: /dev/nvidiactl:/dev/nvidiactl
Mounts: [/usr/lib/nvidia-384:/usr/local/nvidia/]
p2.xlarge:/root/# docker run -v /var/run/:/var/run/ -ti --rm qnib/doxy:gpu doxy --proxy-socket=/var/run/hpc.sock 
--pattern-key=hpc --gpu --cuda-lib-path=/usr/lib/nvidia-384
2018/02/17 10:47:27 [II] Start Version: 0.2.4
2018/02/17 10:47:27 [doxy] Listening on /var/run/hpc.sock
2018/02/17 10:47:27 Serving proxy on '/var/run/hpc.sock'
Kernel-bypassing devices [proof-of-concept]
Manipulating API payload via proxy
bob@p2.xlarge:~$ docker -H unix:///var/run/hpc.sock create ubuntu /usr/local/nvidia/bin/nvidia-smi -L
a3307eefa31233bdcb36e161ffe0ef433d93f80e43cc1dfe9ee32c45c10dc50d
bob@p2.xlarge:~$ docker start -a a3307eefa31233bdcb36e161ffe0ef433d93f80e43cc1dfe9ee32c45c10dc50d
GPU 0: Tesla K80 (UUID: GPU-4095713a-1f9b-791d-841d-8b35143127d4)
Underpin Orchestration
Combine Data Lake and Distributed Compute
Engine vs. Workload Scheduler
● As of today, service orchestrators start containers unaware of shared systems
● HPC workload schedulers start userland processes within shared environment.
Docker Engine
SWARM Kubernetes
Shared System
process1 process2
HPC Workload Scheduler
Shared System
HPC-runtime
workarounds
job-process1 job-process2
slurmd
Engine serves Service and Workload Schedulers
By making the Docker-Engine aware of shared environments and kernel-bypassing
hardware, it can serve all use-cases.
SWARM Kubernetes
Shared System
process1 process2
HPC Workload
Scheduler
job-process1
Docker Engine
Outlook
2018 the year of High Performance Containers
Tentative Milestones
Critical MVP milestones
#1 Secure Operations and kernel-bypassing support
#1.1 Secure Operation in shared environment
In particular pinning a user to use his UID in shared file-systems, so that users are
not able to access other userdata.
#1.2 Transparent Support of kernel-bypassing Devices
Host-specific GPU and Interconnects (e.g. InfiniBand)
#2 Integration of Workload Scheduler
#2.0 Integration of HPC workload schedulers
As a reference the open-source and widely adopted scheduler SLURM should
implement container scheduling. Other can follow.
Student Cluster Competition
Docker is coaching the SCC-Team of the Student Cluster
Competition at ISC 2018 in Frankfurt. Goals are:
1. Use of containerized auxiliary services (Monitoring, …)
2. Prototype workflow
Call For Action
How to get involved?
If you are already a customer of ours
➔ push for HPC/Big Data use-cases
If not
➔ become one and push for HPC/Big Data use-cases
To prepare for adoption:
➔ Enhance your operation / container knowledge by using DockerEE in non-HPC services
➔ Create Center-Of-Excellence for Containers
➔ Make yourself familiar with Supply Chain (a lot of gold here)
➔ Educating you Dev/Scientists/Engineers to use container (HPC) best-practices
➔ Ask for all of the above...
Mid-/Long-Term
Containers are a gold-mine
➔ Reproducibility
◆ signed images (/content-hashes) ensure integrity
➔ Bundle apps/libs using a Recipe (Dockerfile)
◆ Fosters collaboration
◆ optimize the user-land to best support the application, no need to consider impact to others.
◆ automate optimization with permuted pkg / config
➔ Fingerprint application (/workload)
◆ battle-tested workload OR needs to run through Q&A?
➔ diskless Storage Driver?
◆ treat shared FS as object store for all image blobs
◆ burst-buffer as to instantiate file-system of container
➔ read-only input data as volume pre-loaded on host, used by containers
➔ Using Containers fine-grained observibility comes for free
THANK YOU :)

More Related Content

What's hot

Shifter: Containers in HPC Environments
Shifter: Containers in HPC EnvironmentsShifter: Containers in HPC Environments
Shifter: Containers in HPC Environments
inside-BigData.com
 
Pachyderm: Building a Big Data Beast On Kubernetes
Pachyderm: Building a Big Data Beast On KubernetesPachyderm: Building a Big Data Beast On Kubernetes
Pachyderm: Building a Big Data Beast On Kubernetes
KubeAcademy
 
Tutorial ceph-2
Tutorial ceph-2Tutorial ceph-2
Tutorial ceph-2
Tommy Lee
 
A guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on KubernetesA guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on Kubernetes
t8kobayashi
 
Multi Master PostgreSQL Cluster on Kubernetes
Multi Master PostgreSQL Cluster on KubernetesMulti Master PostgreSQL Cluster on Kubernetes
Multi Master PostgreSQL Cluster on Kubernetes
Ohyama Masanori
 
Designing HPC & Deep Learning Middleware for Exascale Systems
Designing HPC & Deep Learning Middleware for Exascale SystemsDesigning HPC & Deep Learning Middleware for Exascale Systems
Designing HPC & Deep Learning Middleware for Exascale Systems
inside-BigData.com
 
The state of SQL-on-Hadoop in the Cloud
The state of SQL-on-Hadoop in the CloudThe state of SQL-on-Hadoop in the Cloud
The state of SQL-on-Hadoop in the Cloud
Nicolas Poggi
 
Overview of Scientific Workflows - Why Use Them?
Overview of Scientific Workflows - Why Use Them?Overview of Scientific Workflows - Why Use Them?
Overview of Scientific Workflows - Why Use Them?
inside-BigData.com
 
Best Practices: Large Scale Multiphysics
Best Practices: Large Scale MultiphysicsBest Practices: Large Scale Multiphysics
Best Practices: Large Scale Multiphysics
inside-BigData.com
 
Data weekender deploying prod grade sql 2019 big data clusters
Data weekender deploying prod grade sql 2019 big data clustersData weekender deploying prod grade sql 2019 big data clusters
Data weekender deploying prod grade sql 2019 big data clusters
Chris Adkin
 
Apache Spark on K8s and HDFS Security
Apache Spark on K8s and HDFS SecurityApache Spark on K8s and HDFS Security
Apache Spark on K8s and HDFS Security
Databricks
 
Open ebs 101
Open ebs 101Open ebs 101
Open ebs 101
LibbySchulze
 
Kubernetes on Bare Metal at the Kitchener-Waterloo Kubernetes and Cloud Nativ...
Kubernetes on Bare Metal at the Kitchener-Waterloo Kubernetes and Cloud Nativ...Kubernetes on Bare Metal at the Kitchener-Waterloo Kubernetes and Cloud Nativ...
Kubernetes on Bare Metal at the Kitchener-Waterloo Kubernetes and Cloud Nativ...
CloudOps2005
 
Taking Your Database Beyond the Border of a Single Kubernetes Cluster
Taking Your Database Beyond the Border of a Single Kubernetes ClusterTaking Your Database Beyond the Border of a Single Kubernetes Cluster
Taking Your Database Beyond the Border of a Single Kubernetes Cluster
Christopher Bradford
 
AddThis: Scaling Cassandra up and down into containers with ZFS
AddThis: Scaling Cassandra up and down into containers with ZFSAddThis: Scaling Cassandra up and down into containers with ZFS
AddThis: Scaling Cassandra up and down into containers with ZFS
DataStax Academy
 
Hadoop Cluster on Docker Containers
Hadoop Cluster on Docker ContainersHadoop Cluster on Docker Containers
Hadoop Cluster on Docker Containers
pranav_joshi
 
Data relay introduction to big data clusters
Data relay introduction to big data clustersData relay introduction to big data clusters
Data relay introduction to big data clusters
Chris Adkin
 
Big data and Kubernetes
Big data and KubernetesBig data and Kubernetes
Big data and Kubernetes
Anirudh Ramanathan
 
Ncar globally accessible user environment
Ncar globally accessible user environmentNcar globally accessible user environment
Ncar globally accessible user environment
inside-BigData.com
 
Reproducible Computational Pipelines with Docker and Nextflow
Reproducible Computational Pipelines with Docker and NextflowReproducible Computational Pipelines with Docker and Nextflow
Reproducible Computational Pipelines with Docker and Nextflow
inside-BigData.com
 

What's hot (20)

Shifter: Containers in HPC Environments
Shifter: Containers in HPC EnvironmentsShifter: Containers in HPC Environments
Shifter: Containers in HPC Environments
 
Pachyderm: Building a Big Data Beast On Kubernetes
Pachyderm: Building a Big Data Beast On KubernetesPachyderm: Building a Big Data Beast On Kubernetes
Pachyderm: Building a Big Data Beast On Kubernetes
 
Tutorial ceph-2
Tutorial ceph-2Tutorial ceph-2
Tutorial ceph-2
 
A guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on KubernetesA guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on Kubernetes
 
Multi Master PostgreSQL Cluster on Kubernetes
Multi Master PostgreSQL Cluster on KubernetesMulti Master PostgreSQL Cluster on Kubernetes
Multi Master PostgreSQL Cluster on Kubernetes
 
Designing HPC & Deep Learning Middleware for Exascale Systems
Designing HPC & Deep Learning Middleware for Exascale SystemsDesigning HPC & Deep Learning Middleware for Exascale Systems
Designing HPC & Deep Learning Middleware for Exascale Systems
 
The state of SQL-on-Hadoop in the Cloud
The state of SQL-on-Hadoop in the CloudThe state of SQL-on-Hadoop in the Cloud
The state of SQL-on-Hadoop in the Cloud
 
Overview of Scientific Workflows - Why Use Them?
Overview of Scientific Workflows - Why Use Them?Overview of Scientific Workflows - Why Use Them?
Overview of Scientific Workflows - Why Use Them?
 
Best Practices: Large Scale Multiphysics
Best Practices: Large Scale MultiphysicsBest Practices: Large Scale Multiphysics
Best Practices: Large Scale Multiphysics
 
Data weekender deploying prod grade sql 2019 big data clusters
Data weekender deploying prod grade sql 2019 big data clustersData weekender deploying prod grade sql 2019 big data clusters
Data weekender deploying prod grade sql 2019 big data clusters
 
Apache Spark on K8s and HDFS Security
Apache Spark on K8s and HDFS SecurityApache Spark on K8s and HDFS Security
Apache Spark on K8s and HDFS Security
 
Open ebs 101
Open ebs 101Open ebs 101
Open ebs 101
 
Kubernetes on Bare Metal at the Kitchener-Waterloo Kubernetes and Cloud Nativ...
Kubernetes on Bare Metal at the Kitchener-Waterloo Kubernetes and Cloud Nativ...Kubernetes on Bare Metal at the Kitchener-Waterloo Kubernetes and Cloud Nativ...
Kubernetes on Bare Metal at the Kitchener-Waterloo Kubernetes and Cloud Nativ...
 
Taking Your Database Beyond the Border of a Single Kubernetes Cluster
Taking Your Database Beyond the Border of a Single Kubernetes ClusterTaking Your Database Beyond the Border of a Single Kubernetes Cluster
Taking Your Database Beyond the Border of a Single Kubernetes Cluster
 
AddThis: Scaling Cassandra up and down into containers with ZFS
AddThis: Scaling Cassandra up and down into containers with ZFSAddThis: Scaling Cassandra up and down into containers with ZFS
AddThis: Scaling Cassandra up and down into containers with ZFS
 
Hadoop Cluster on Docker Containers
Hadoop Cluster on Docker ContainersHadoop Cluster on Docker Containers
Hadoop Cluster on Docker Containers
 
Data relay introduction to big data clusters
Data relay introduction to big data clustersData relay introduction to big data clusters
Data relay introduction to big data clusters
 
Big data and Kubernetes
Big data and KubernetesBig data and Kubernetes
Big data and Kubernetes
 
Ncar globally accessible user environment
Ncar globally accessible user environmentNcar globally accessible user environment
Ncar globally accessible user environment
 
Reproducible Computational Pipelines with Docker and Nextflow
Reproducible Computational Pipelines with Docker and NextflowReproducible Computational Pipelines with Docker and Nextflow
Reproducible Computational Pipelines with Docker and Nextflow
 

Similar to State of Containers and the Convergence of HPC and BigData

DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3s
Haggai Philip Zagury
 
Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Ricardo Amaro
 
Laravel, docker, kubernetes
Laravel, docker, kubernetesLaravel, docker, kubernetes
Laravel, docker, kubernetes
Peter Mein
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
Andrey Hristov
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
Andrey Hristov
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Imesh Gunaratne
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned  Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
corehard_by
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
Liran Cohen
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
Nicolas De Loof
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
kanedafromparis
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
Akihiro Suda
 
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik DornJDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
PROIDEA
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
Phil Estes
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Walid Shaari
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Nissan Dookeran
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
Roman Rodomansky
 
Dayta AI Seminar - Kubernetes, Docker and AI on Cloud
Dayta AI Seminar - Kubernetes, Docker and AI on CloudDayta AI Seminar - Kubernetes, Docker and AI on Cloud
Dayta AI Seminar - Kubernetes, Docker and AI on Cloud
Jung-Hong Kim
 
Build optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and DockerBuild optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and Docker
Dmytro Patkovskyi
 
Kubernetes
KubernetesKubernetes
Kubernetes
Linjith Kunnon
 

Similar to State of Containers and the Convergence of HPC and BigData (20)

DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3s
 
Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant
 
Laravel, docker, kubernetes
Laravel, docker, kubernetesLaravel, docker, kubernetes
Laravel, docker, kubernetes
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned  Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
 
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik DornJDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
 
Dayta AI Seminar - Kubernetes, Docker and AI on Cloud
Dayta AI Seminar - Kubernetes, Docker and AI on CloudDayta AI Seminar - Kubernetes, Docker and AI on Cloud
Dayta AI Seminar - Kubernetes, Docker and AI on Cloud
 
Build optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and DockerBuild optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and Docker
 
Kubernetes
KubernetesKubernetes
Kubernetes
 

More from inside-BigData.com

Major Market Shifts in IT
Major Market Shifts in ITMajor Market Shifts in IT
Major Market Shifts in IT
inside-BigData.com
 
Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...
inside-BigData.com
 
Transforming Private 5G Networks
Transforming Private 5G NetworksTransforming Private 5G Networks
Transforming Private 5G Networks
inside-BigData.com
 
The Incorporation of Machine Learning into Scientific Simulations at Lawrence...
The Incorporation of Machine Learning into Scientific Simulations at Lawrence...The Incorporation of Machine Learning into Scientific Simulations at Lawrence...
The Incorporation of Machine Learning into Scientific Simulations at Lawrence...
inside-BigData.com
 
How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...
How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...
How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...
inside-BigData.com
 
Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...
Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...
Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...
inside-BigData.com
 
HPC Impact: EDA Telemetry Neural Networks
HPC Impact: EDA Telemetry Neural NetworksHPC Impact: EDA Telemetry Neural Networks
HPC Impact: EDA Telemetry Neural Networks
inside-BigData.com
 
Biohybrid Robotic Jellyfish for Future Applications in Ocean Monitoring
Biohybrid Robotic Jellyfish for Future Applications in Ocean MonitoringBiohybrid Robotic Jellyfish for Future Applications in Ocean Monitoring
Biohybrid Robotic Jellyfish for Future Applications in Ocean Monitoring
inside-BigData.com
 
Machine Learning for Weather Forecasts
Machine Learning for Weather ForecastsMachine Learning for Weather Forecasts
Machine Learning for Weather Forecasts
inside-BigData.com
 
HPC AI Advisory Council Update
HPC AI Advisory Council UpdateHPC AI Advisory Council Update
HPC AI Advisory Council Update
inside-BigData.com
 
Fugaku Supercomputer joins fight against COVID-19
Fugaku Supercomputer joins fight against COVID-19Fugaku Supercomputer joins fight against COVID-19
Fugaku Supercomputer joins fight against COVID-19
inside-BigData.com
 
Energy Efficient Computing using Dynamic Tuning
Energy Efficient Computing using Dynamic TuningEnergy Efficient Computing using Dynamic Tuning
Energy Efficient Computing using Dynamic Tuning
inside-BigData.com
 
HPC at Scale Enabled by DDN A3i and NVIDIA SuperPOD
HPC at Scale Enabled by DDN A3i and NVIDIA SuperPODHPC at Scale Enabled by DDN A3i and NVIDIA SuperPOD
HPC at Scale Enabled by DDN A3i and NVIDIA SuperPOD
inside-BigData.com
 
State of ARM-based HPC
State of ARM-based HPCState of ARM-based HPC
State of ARM-based HPC
inside-BigData.com
 
Versal Premium ACAP for Network and Cloud Acceleration
Versal Premium ACAP for Network and Cloud AccelerationVersal Premium ACAP for Network and Cloud Acceleration
Versal Premium ACAP for Network and Cloud Acceleration
inside-BigData.com
 
Zettar: Moving Massive Amounts of Data across Any Distance Efficiently
Zettar: Moving Massive Amounts of Data across Any Distance EfficientlyZettar: Moving Massive Amounts of Data across Any Distance Efficiently
Zettar: Moving Massive Amounts of Data across Any Distance Efficiently
inside-BigData.com
 
Scaling TCO in a Post Moore's Era
Scaling TCO in a Post Moore's EraScaling TCO in a Post Moore's Era
Scaling TCO in a Post Moore's Era
inside-BigData.com
 
CUDA-Python and RAPIDS for blazing fast scientific computing
CUDA-Python and RAPIDS for blazing fast scientific computingCUDA-Python and RAPIDS for blazing fast scientific computing
CUDA-Python and RAPIDS for blazing fast scientific computing
inside-BigData.com
 
Introducing HPC with a Raspberry Pi Cluster
Introducing HPC with a Raspberry Pi ClusterIntroducing HPC with a Raspberry Pi Cluster
Introducing HPC with a Raspberry Pi Cluster
inside-BigData.com
 
Overview of HPC Interconnects
Overview of HPC InterconnectsOverview of HPC Interconnects
Overview of HPC Interconnects
inside-BigData.com
 

More from inside-BigData.com (20)

Major Market Shifts in IT
Major Market Shifts in ITMajor Market Shifts in IT
Major Market Shifts in IT
 
Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...Preparing to program Aurora at Exascale - Early experiences and future direct...
Preparing to program Aurora at Exascale - Early experiences and future direct...
 
Transforming Private 5G Networks
Transforming Private 5G NetworksTransforming Private 5G Networks
Transforming Private 5G Networks
 
The Incorporation of Machine Learning into Scientific Simulations at Lawrence...
The Incorporation of Machine Learning into Scientific Simulations at Lawrence...The Incorporation of Machine Learning into Scientific Simulations at Lawrence...
The Incorporation of Machine Learning into Scientific Simulations at Lawrence...
 
How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...
How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...
How to Achieve High-Performance, Scalable and Distributed DNN Training on Mod...
 
Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...
Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...
Evolving Cyberinfrastructure, Democratizing Data, and Scaling AI to Catalyze ...
 
HPC Impact: EDA Telemetry Neural Networks
HPC Impact: EDA Telemetry Neural NetworksHPC Impact: EDA Telemetry Neural Networks
HPC Impact: EDA Telemetry Neural Networks
 
Biohybrid Robotic Jellyfish for Future Applications in Ocean Monitoring
Biohybrid Robotic Jellyfish for Future Applications in Ocean MonitoringBiohybrid Robotic Jellyfish for Future Applications in Ocean Monitoring
Biohybrid Robotic Jellyfish for Future Applications in Ocean Monitoring
 
Machine Learning for Weather Forecasts
Machine Learning for Weather ForecastsMachine Learning for Weather Forecasts
Machine Learning for Weather Forecasts
 
HPC AI Advisory Council Update
HPC AI Advisory Council UpdateHPC AI Advisory Council Update
HPC AI Advisory Council Update
 
Fugaku Supercomputer joins fight against COVID-19
Fugaku Supercomputer joins fight against COVID-19Fugaku Supercomputer joins fight against COVID-19
Fugaku Supercomputer joins fight against COVID-19
 
Energy Efficient Computing using Dynamic Tuning
Energy Efficient Computing using Dynamic TuningEnergy Efficient Computing using Dynamic Tuning
Energy Efficient Computing using Dynamic Tuning
 
HPC at Scale Enabled by DDN A3i and NVIDIA SuperPOD
HPC at Scale Enabled by DDN A3i and NVIDIA SuperPODHPC at Scale Enabled by DDN A3i and NVIDIA SuperPOD
HPC at Scale Enabled by DDN A3i and NVIDIA SuperPOD
 
State of ARM-based HPC
State of ARM-based HPCState of ARM-based HPC
State of ARM-based HPC
 
Versal Premium ACAP for Network and Cloud Acceleration
Versal Premium ACAP for Network and Cloud AccelerationVersal Premium ACAP for Network and Cloud Acceleration
Versal Premium ACAP for Network and Cloud Acceleration
 
Zettar: Moving Massive Amounts of Data across Any Distance Efficiently
Zettar: Moving Massive Amounts of Data across Any Distance EfficientlyZettar: Moving Massive Amounts of Data across Any Distance Efficiently
Zettar: Moving Massive Amounts of Data across Any Distance Efficiently
 
Scaling TCO in a Post Moore's Era
Scaling TCO in a Post Moore's EraScaling TCO in a Post Moore's Era
Scaling TCO in a Post Moore's Era
 
CUDA-Python and RAPIDS for blazing fast scientific computing
CUDA-Python and RAPIDS for blazing fast scientific computingCUDA-Python and RAPIDS for blazing fast scientific computing
CUDA-Python and RAPIDS for blazing fast scientific computing
 
Introducing HPC with a Raspberry Pi Cluster
Introducing HPC with a Raspberry Pi ClusterIntroducing HPC with a Raspberry Pi Cluster
Introducing HPC with a Raspberry Pi Cluster
 
Overview of HPC Interconnects
Overview of HPC InterconnectsOverview of HPC Interconnects
Overview of HPC Interconnects
 

Recently uploaded

Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 

Recently uploaded (20)

Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 

State of Containers and the Convergence of HPC and BigData

  • 1. State of Containers Convergence of Big Data, AI and HPC
  • 2. Technology ReCap Comparison of Hypervisor and Container Virtualization
  • 3. VM1 VM2 Stacked View Hardware Host Kernel Userland Services Hypervisor (type-2) Kernel Userland appA appB Userland Kernel Hardware Host Kernel Userland Services Cnt2Cnt1 Userland appA appB Userland Traditional Virtualization Container Virtualization VM-shortcuts (PVM,pci-passthrough) Operational Abstraction end-user does not care...
  • 4. hardware hypervisor (type-1) container Traditional Virtualization kernel Interface View libs From Application to Kernel application libs application lib-calls 102 syscalls 101 hypercalls hardware kernel hw-calls Container Virtualization
  • 6. But can share namespaces with other containers or even the host Container Namespaces A starting container gets his own namespaces to keep track process of resources. PIDMNT IPCNET USR Host UTS CGRP cnt0 cnt1 cnt2
  • 7. CGroups While namespaces isolate, Control Groups constraint resources.
  • 8. qnib/uplain-cudaImage layers R/O Thin R/W layerContainer Layer Storage Driver Handling OverlayFS The storage driver controls how images and containers are stored and managed on your Docker host. qnib/uplain-cuda 1.5GB [1] ubuntu:16.04 112MB [5] apt-get update 153MB config.json 1 5 [6] libcuda1-384 1.39GB 6
  • 9. Seccomp (SELinux,AppArmor) ● While namespaces isolate, ● Control Groups constraint resources, ● seccomp filters syscalls (sane default). ● (SELinux/AppArmor allow for system-wide filters) https://docs.docker.com/engine/security/seccomp/
  • 11. HPC-runtime workarounds Runtime runc + containerd ● runc CLI tool for spawning and running containers according to the OCI specification rootfs config.json runc executed container { "process": { "terminal": true, "consoleSize": { "height": 25, "width": 80 }, "user": { "uid": 1, "gid": 1, "additionalGids": [5,6] } } ● Shifter / Charlie Cloud / Singularity are not OCI compliant runtimes…
  • 12. Runtime runc + containerd ● ● containerd An industry-standard container runtime with an emphasis on simplicity, robustness and portability. ● runc CLI tool for spawning and running containers according to the OCI specification
  • 13. HPC-runtime workarounds Architecture on Linux Operating System Control Groups (cgroups) Namespaces (mnt,pid,ipc,...) Layer Capabilities AUFS,overlay,... Other OS Functionality Docker Engine REST interface libcontainerd libnetwork storage plugins containerd Docker Client Docker Compose Docker Registry Docker Swarm/K8s runc+
  • 14. Architecture on Windows Operating System Other OS Functionality Docker Engine REST interface libcontainer libnetwork storage plugins Docker Client Docker Compose Docker Registry Docker Swarm/K8s Host Compute Service Control Groups Namespaces Layer Capabilities Object Namespace, Process Table, Networking Job Objects Registry, Union like filesystem extension
  • 16. Service Cluster Compute Cluster Shared Systems Scientist self-service Storage Engine rank0 /home/ /scratch/ /proj/ Engine rank1 Engine rank2 Engine rankN Create Data Display Data
  • 17. Host Shared File-Systems Compute Jobs pin the user Engine /home/alice/ /home/bob/ Compute jobs need to be imperative, as processes work closely together. ➔ UID:GID ownership can be handled within container process 0 child 0.1 process 0 child 0.1
  • 18. Works as designed - host-agnostic! ➔ Best-practice (as of today) for containers suggest to do not trust the UID within the container at all! root@n40l:/home# ls -l total 16 drwx------ 2 alice alice 4096 Feb 17 11:12 alice drwx------ 2 bob bob 4096 Feb 17 11:11 bob root@n40l:~# su - bob bob@n40l:~$ docker run -ti --rm -v /home/:/home/ --user=$(id -u alice):$(id -g alice) ubuntu touch /home/alice/bob_was_here bob@n40l:~$ logout root@n40l:~# ls -l /home/alice/ total 0 -rw-r--r-- 1 alice alice 0 Feb 17 11:38 bob_was_here root@n40l:~# Honor Shared Environments Example
  • 19. Alter User setting - Overwriting User with '1003:1003', was '1002:1002' Mounts: [/home/:/home/] $ docker run -v /var/run/:/var/run/ -ti --rm qnib/doxy:gpu doxy --proxy-socket=/var/run/hpc.sock --pattern-key=hpc --pin-user --user 1003:1003 2018/02/17 10:47:27 [II] Start Version: 0.2.4 2018/02/17 10:47:27 [doxy] Listening on /var/run/hpc.sock 2018/02/17 10:47:27 Serving proxy on '/var/run/hpc.sock' Alter User setting - Overwrite User with '1003:1003', was '1002:1002' Mounts: [/home/:/home/] Honor Shared Environments [proof-of-concept] Manipulating API payload via proxy bob@n40l:~$ docker -H unix:///var/run/hpc.sock create -v /home/:/home/ --user=$(id -u alice):$(id -g alice) ubuntu touch /home/alice/bob_tried 2117ed54e6063928db5c3ed7688a3ab96a3c60fcf3b54407fb27336dfe14e9de charlie@n40l:~$ docker start -a 2117ed54e6063928db5c3ed7688a3ab96a3c60fcf3b54407fb27336dfe14e9de touch: cannot touch '/home/alice/bob_tried': Permission denied
  • 20. Host1 Host-Agnostic vs. Host-Specific kernel-bypassing devices ● To use kernel-bypassing devices and drivers have to be present into a container ○ drivers can be part of the container, which bloats the container ○ a local volume on the host, which adds/augments the library into the container ● These devices/drivers might be host-specific (e.g. different GPUs per host require different mappings) Docker Engine process1 GPU /dev/nvidia0 /lib/cuda/1.2 Host2 Docker Engine process1 GPU /dev/nvidia1 /lib/cuda/1.2.1
  • 21. Add GPU stuff New device: /dev/nvidia0:/dev/nvidia0 New device: /dev/nvidiactl:/dev/nvidiactl Mounts: [/usr/lib/nvidia-384:/usr/local/nvidia/] p2.xlarge:/root/# docker run -v /var/run/:/var/run/ -ti --rm qnib/doxy:gpu doxy --proxy-socket=/var/run/hpc.sock --pattern-key=hpc --gpu --cuda-lib-path=/usr/lib/nvidia-384 2018/02/17 10:47:27 [II] Start Version: 0.2.4 2018/02/17 10:47:27 [doxy] Listening on /var/run/hpc.sock 2018/02/17 10:47:27 Serving proxy on '/var/run/hpc.sock' Kernel-bypassing devices [proof-of-concept] Manipulating API payload via proxy bob@p2.xlarge:~$ docker -H unix:///var/run/hpc.sock create ubuntu /usr/local/nvidia/bin/nvidia-smi -L a3307eefa31233bdcb36e161ffe0ef433d93f80e43cc1dfe9ee32c45c10dc50d bob@p2.xlarge:~$ docker start -a a3307eefa31233bdcb36e161ffe0ef433d93f80e43cc1dfe9ee32c45c10dc50d GPU 0: Tesla K80 (UUID: GPU-4095713a-1f9b-791d-841d-8b35143127d4)
  • 22. Underpin Orchestration Combine Data Lake and Distributed Compute
  • 23. Engine vs. Workload Scheduler ● As of today, service orchestrators start containers unaware of shared systems ● HPC workload schedulers start userland processes within shared environment. Docker Engine SWARM Kubernetes Shared System process1 process2 HPC Workload Scheduler Shared System HPC-runtime workarounds job-process1 job-process2 slurmd
  • 24. Engine serves Service and Workload Schedulers By making the Docker-Engine aware of shared environments and kernel-bypassing hardware, it can serve all use-cases. SWARM Kubernetes Shared System process1 process2 HPC Workload Scheduler job-process1 Docker Engine
  • 25. Outlook 2018 the year of High Performance Containers
  • 26. Tentative Milestones Critical MVP milestones #1 Secure Operations and kernel-bypassing support #1.1 Secure Operation in shared environment In particular pinning a user to use his UID in shared file-systems, so that users are not able to access other userdata. #1.2 Transparent Support of kernel-bypassing Devices Host-specific GPU and Interconnects (e.g. InfiniBand) #2 Integration of Workload Scheduler #2.0 Integration of HPC workload schedulers As a reference the open-source and widely adopted scheduler SLURM should implement container scheduling. Other can follow.
  • 27. Student Cluster Competition Docker is coaching the SCC-Team of the Student Cluster Competition at ISC 2018 in Frankfurt. Goals are: 1. Use of containerized auxiliary services (Monitoring, …) 2. Prototype workflow
  • 28. Call For Action How to get involved? If you are already a customer of ours ➔ push for HPC/Big Data use-cases If not ➔ become one and push for HPC/Big Data use-cases To prepare for adoption: ➔ Enhance your operation / container knowledge by using DockerEE in non-HPC services ➔ Create Center-Of-Excellence for Containers ➔ Make yourself familiar with Supply Chain (a lot of gold here) ➔ Educating you Dev/Scientists/Engineers to use container (HPC) best-practices ➔ Ask for all of the above...
  • 29. Mid-/Long-Term Containers are a gold-mine ➔ Reproducibility ◆ signed images (/content-hashes) ensure integrity ➔ Bundle apps/libs using a Recipe (Dockerfile) ◆ Fosters collaboration ◆ optimize the user-land to best support the application, no need to consider impact to others. ◆ automate optimization with permuted pkg / config ➔ Fingerprint application (/workload) ◆ battle-tested workload OR needs to run through Q&A? ➔ diskless Storage Driver? ◆ treat shared FS as object store for all image blobs ◆ burst-buffer as to instantiate file-system of container ➔ read-only input data as volume pre-loaded on host, used by containers ➔ Using Containers fine-grained observibility comes for free