SlideShare a Scribd company logo

Survey of Container Build Tools

Michael Ducy
Michael Ducy

A survey of problems involved in building containers and build tools such as: buildah nixos-container ansible-container Smith Distroless Buildkit Source to Image (s2i) Habitat

1 of 38
Download to read offline
@mfdii Survey of Container Build Tools Michael Ducy Community & Evangelism - Sysdig
@mfdii Agenda ● How containers should be used ● Problems with Dockerfile paradigm ● Specific tools ● Summary
@mfdii About me Spent the last 4.5 years at Chef Cloud, Automation, Performance & Capacity, Ops Ask me about goats (goatcan.do) Triton, Maroon, Buckeye
@mfdii Review of “What’s a Container” Cgroups Control what a process can use. ● Memory ● CPU ● Blkio ● Cpuacct ● Cpuset ● Devices ● Net_prio ● Freezer Namespaces Control what a process can see. ● PID ● Mount ● Network ● UTS ● IPC ● User ● Cgroup Thanks to Jess Frazelle (@jessfraz) for this slide https://goo.gl/7fVKFa
@mfdii Containers vs. Zones vs. Jails vs. VMs Thanks to Jess Frazelle (@jessfraz) for this slide https://goo.gl/7fVKFa Containers Cgroups Namespaces LSMs Zones First class concept Jails First class concept VMs First class concept Read more about this here: https://blog.jessfraz.com/post/containers-zones-jails-vms/
@mfdii What’s a Container
@mfdii Problem with the Dockerfile paradigm Builds aren’t deterministic or reproducable. Programmability through Bash Easy to turn a container image into a “VM” Lack of visibility into what’s really in the final image Bottom up approach vs application down
@mfdii Real World Numbers Show the Problem 7 to 1 container to host ratio (DataDog survey, April 2017) 10 to 1 container to host ratio(Sysdig survey April 2017)
@mfdii Base OS Image Size https://anchore.com/blog/breakdown-of-operating-systems-of-dockerhub/
@mfdii Official Image Size https://anchore.com/blog/breakdown-of-operating-systems-of-dockerhub/
@mfdii Public Image Size https://anchore.com/blog/breakdown-of-operating-systems-of-dockerhub/
@mfdii What can we infer?
@mfdii What can we infer?
@mfdii What can we infer? Nobody knows how to package their application in a container.
@mfdii Lots of choices Traditional Build Tools ● buildah ● nixos-container ● ansible-container ● Smith ● Distroless Source-to-Container Tools ● Buildkit ● Source-to-Image (s2i) ● Habitat
@mfdii buildah
@mfdii buildah Project from Project Atomic - https://github.com/projectatomic/buildah OCI and Docker Image Formats Doesn’t require a container runtime to build containers. Allows for some _interesting_ uses which are 0_0 LOLWUT Not deterministic.
@mfdii nixos-container Builds containers based on NixOS Imperative and Declarative approaches Containers can be auto-rebuilt when host OS updates Ability to get very granular with software installed in a container due to Nix’s packaging approach
@mfdii nixos-container
@mfdii nixos-container
@mfdii ansible-container Declarative approach (mostly) Allows you to build multiple containers from one container.yml (like docker-compose) Allows you to take advantage of Ansible expertise/playbooks you already have https://github.com/ansible/ansible-container
@mfdii Smith
@mfdii Smith Focuses on building “microcontainers” Principles of microcontainers 1. A microcontainer only contains the process to be run and its direct dependencies. 2. The microcontainer has files with no user ownership or special permissions beyond the executable bit. 3. The root filesystem of the container should be able to run read-only. All writes from the container should be into a directory called /write. Any unique config that an individual container instance will need should be placed into a directory called /read. Ephemeral files such as pid files can be written to /run.
@mfdii Smith Declarative (mostly) Builds containers that are significantly smaller (httpd built with Smith is 3% of Dockerhub image) Can use yum packages or Docker base images for source of binaries https://hackernoon.com/how-to-build-a-tiny-httpd-container-ae622c37db39
@mfdii What you want in a container
@mfdii Distroless Declarative builds leveraging Google’s Bazel ‘"Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells any other programs you would expect to find in a standard Linux distribution.’ Provides stripped down base images Support for language runtimes: Java, Python, Go, C, Node, dotnet
@mfdii Source-to-Image “Source-to-Image (S2I) is a toolkit and workflow for building reproducible Docker images from source code.” One image can be used for builds, one can be used to run the artifact. Allows build environments to be tightly versioned and controlled for reproducibility Allows for control/security of the build environment through the use of build containers
@mfdii Source-to-Image
@mfdii Buildkit “BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.” Frontend’s specify a definition for how your software is built. Buildkit takes this human readable definition (frontend) and transforms it into low level build (LLB) definition. Exporters allow build artifacts to be exported in a variety of formats not just container formats. Focuses on “How can we create generic primitives for a build system?” https://blog.mobyproject.org/introducing-buildkit-17e056cc5317
@mfdii Buildkit
@mfdii Habitat
@mfdii Habitat
@mfdii Habitat BUILD DEPLOY SUPERVISE ▪ Consistent process for packaging all apps across all architectures. ▪ Scaffolding for key languages: Node.js, Ruby, Go, Java. ▪ Built in supervisor for Service Discovery, Templated Configs, Clustering Topologies, Health Check APIs, and more BUILD DEPLOY MANAGE ▪ Export to variety of different formats: Docker ACI CloudFoundry Kubernetes Mesos tar
@mfdii Habitat Build ServiceHabitat provides a cloud native build and packaging system HABITAT BUILDER Developer adds a plan.sh to define the build phases of their software. Scaffolding for common languages can be used provides sane defaults. Developer explicitly declares dependencies, required backing services, and what services/ports are exposed. Runtime lifecycle hooks can be defined for the application (start, reconfigure, etc). Templated configuration files can be included. Habitat Builder watches a GitHub repository for changes, when code is merged a build is performed based on the repo’s plan.sh. Build artifact includes runtime lifecycle hooks, configuration, and application binaries or code. Build artifact metadata includes dependent services, exposed services/ports, and required dependencies. Artifacts are stored in a Habitat Builder depot. USER PLAN PUBLIC DEPOT PRIVATE DEPOT
@mfdii Lots of choices ● buildah ○ Still coupling yourself to the operating system paradigms ● nixos-container ○ Niche OS, with it’s own insecure container model. Have to eat NixOS ● ansible-container ○ Great if you’ve committed to Ansible. ○ Ansible Service Bus for stateful services ● Smith ○ Microcontainers are what you want (++) ○ Janky to pull apart container images and still leverages OS package managers (to an extent) ● Distroless ○ Removes the OS (++), very language specific ○ Bazel is not the most approachable tool and real world examples are minimal
@mfdii Lots of choices ● Buildkit ○ Very interesting approach to solve the problem of building software in general. ○ Versioned build environments possible ○ Still too early, examples sparse, frontends for languages non-existent ● s2i ○ Versioned, secured build environments ○ Library of build/run images but built on OS paradigm ● Habitat ○ Easily describes software builds in BASH ○ Export formats for multiple platforms (++) ○ Does the right thing to determine what a build artifact needs to run ○ Have to eat the Supervisor which doesn’t fit with Kubernetes paradigms ○ Software libraries provided OOTB are not well maintained
@mfdii Summary Container Build Tools still have a long way to go. Each tool has ++ and -- Some tools sacrifice “best practice” for approachability Some tools make things overly complex What do we need? ● Buildpack type model for Source Code building ● Declarative container build manifest generated from the build ● Exporter to create container image of choice with only the app and deps
@mfdii Thank you Slides: https://www.slideshare.net/MichaelDucy/survey-of-container-build-tools ALSO Sysdig is hiring https://sysdig.com/jobs/

Recommended

Monoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCampMonoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCamp
Michael Ducy
 
Monoliths, Myths, and Microservices
Monoliths, Myths, and MicroservicesMonoliths, Myths, and Microservices
Monoliths, Myths, and Microservices
Michael Ducy
 
Micro Services in .NET Core and Docker
Micro Services in .NET Core and DockerMicro Services in .NET Core and Docker
Micro Services in .NET Core and Docker
cjmyers
 
The Hardest Part of Microservices: Your Data - Christian Posta, Red Hat
The Hardest Part of Microservices: Your Data - Christian Posta, Red HatThe Hardest Part of Microservices: Your Data - Christian Posta, Red Hat
The Hardest Part of Microservices: Your Data - Christian Posta, Red Hat
Ambassador Labs
 
Microservices with Spring Boot
Microservices with Spring BootMicroservices with Spring Boot
Microservices with Spring Boot
Rasheed Waraich
 
From Monolithic to Microservices in 45 Minutes
From Monolithic to Microservices in 45 MinutesFrom Monolithic to Microservices in 45 Minutes
From Monolithic to Microservices in 45 Minutes
MongoDB
 
FIWARE Tech Summit - Building Real-Time Dashboards to Monitor Context
FIWARE Tech Summit - Building Real-Time Dashboards to Monitor ContextFIWARE Tech Summit - Building Real-Time Dashboards to Monitor Context
FIWARE Tech Summit - Building Real-Time Dashboards to Monitor Context
FIWARE
 
Introduction to microservices (from rails monolith)
Introduction to microservices (from rails monolith)Introduction to microservices (from rails monolith)
Introduction to microservices (from rails monolith)
Leandro Parazito
 

Recommended

Monoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCampMonoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCamp
Michael Ducy
 
Monoliths, Myths, and Microservices
Monoliths, Myths, and MicroservicesMonoliths, Myths, and Microservices
Monoliths, Myths, and Microservices
Michael Ducy
 
Micro Services in .NET Core and Docker
Micro Services in .NET Core and DockerMicro Services in .NET Core and Docker
Micro Services in .NET Core and Docker
cjmyers
 
The Hardest Part of Microservices: Your Data - Christian Posta, Red Hat
The Hardest Part of Microservices: Your Data - Christian Posta, Red HatThe Hardest Part of Microservices: Your Data - Christian Posta, Red Hat
The Hardest Part of Microservices: Your Data - Christian Posta, Red Hat
Ambassador Labs
 
Microservices with Spring Boot
Microservices with Spring BootMicroservices with Spring Boot
Microservices with Spring Boot
Rasheed Waraich
 
From Monolithic to Microservices in 45 Minutes
From Monolithic to Microservices in 45 MinutesFrom Monolithic to Microservices in 45 Minutes
From Monolithic to Microservices in 45 Minutes
MongoDB
 
FIWARE Tech Summit - Building Real-Time Dashboards to Monitor Context
FIWARE Tech Summit - Building Real-Time Dashboards to Monitor ContextFIWARE Tech Summit - Building Real-Time Dashboards to Monitor Context
FIWARE Tech Summit - Building Real-Time Dashboards to Monitor Context
FIWARE
 
Introduction to microservices (from rails monolith)
Introduction to microservices (from rails monolith)Introduction to microservices (from rails monolith)
Introduction to microservices (from rails monolith)
Leandro Parazito
 
Think Small To Go Big - Introduction To Microservices
Think Small To Go Big - Introduction To MicroservicesThink Small To Go Big - Introduction To Microservices
Think Small To Go Big - Introduction To Microservices
Ryan Baxter
 
WSO2 Workshop Sydney 2016 - Microservices
WSO2 Workshop Sydney 2016 - MicroservicesWSO2 Workshop Sydney 2016 - Microservices
WSO2 Workshop Sydney 2016 - Microservices
Dassana Wijesekara
 
FIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE Tech Summit - Professional Dashboards for DummiesFIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE
 
Introduction to microservices Jornada Microservices
Introduction to microservices Jornada MicroservicesIntroduction to microservices Jornada Microservices
Introduction to microservices Jornada Microservices
Roan Brasil Monteiro
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
Christian Posta
 
Atlanta Microservices Day: Istio Service Mesh
Atlanta Microservices Day: Istio Service MeshAtlanta Microservices Day: Istio Service Mesh
Atlanta Microservices Day: Istio Service Mesh
Christian Posta
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryFestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
Philip Welz
 
Microservice architecture
Microservice architectureMicroservice architecture
Microservice architecture
Slim Ouertani
 
Making sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverlessMaking sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverless
Christian Posta
 
Microservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuffMicroservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuff
nklmish
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
Christian Posta
 
Servers? Where we're going we don't need servers.
Servers? Where we're going we don't need servers.Servers? Where we're going we don't need servers.
Servers? Where we're going we don't need servers.
drnugent
 
Launching a Business in Less Than 2 Months
Launching a Business in Less Than 2 MonthsLaunching a Business in Less Than 2 Months
Launching a Business in Less Than 2 Months
Amazon Web Services
 
Sustaining Your Career
Sustaining Your CareerSustaining Your Career
Sustaining Your Career
Scott Lowe
 
An eventful tour from enterprise integration to serverless and functions
An eventful tour from enterprise integration to serverless and functionsAn eventful tour from enterprise integration to serverless and functions
An eventful tour from enterprise integration to serverless and functions
Christian Posta
 
Microservices: The OSGi way A different vision on microservices
Microservices: The OSGi way A different vision on microservicesMicroservices: The OSGi way A different vision on microservices
Microservices: The OSGi way A different vision on microservicesMiguel Pastor
 
Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Microservices: A Security Nightmare?
Microservices: A Security Nightmare?
Container Solutions
 
Micro-frontends – is it a new normal?
Micro-frontends – is it a new normal?Micro-frontends – is it a new normal?
Micro-frontends – is it a new normal?
Lohika_Odessa_TechTalks
 
Lowering the risk of monolith to microservices
Lowering the risk of monolith to microservicesLowering the risk of monolith to microservices
Lowering the risk of monolith to microservices
Christian Posta
 
How to avoid microservice pitfalls
How to avoid microservice pitfallsHow to avoid microservice pitfalls
How to avoid microservice pitfalls
Particular Software
 
Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdf
Abid Malik
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 

More Related Content

What's hot

Think Small To Go Big - Introduction To Microservices
Think Small To Go Big - Introduction To MicroservicesThink Small To Go Big - Introduction To Microservices
Think Small To Go Big - Introduction To Microservices
Ryan Baxter
 
WSO2 Workshop Sydney 2016 - Microservices
WSO2 Workshop Sydney 2016 - MicroservicesWSO2 Workshop Sydney 2016 - Microservices
WSO2 Workshop Sydney 2016 - Microservices
Dassana Wijesekara
 
FIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE Tech Summit - Professional Dashboards for DummiesFIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE
 
Introduction to microservices Jornada Microservices
Introduction to microservices Jornada MicroservicesIntroduction to microservices Jornada Microservices
Introduction to microservices Jornada Microservices
Roan Brasil Monteiro
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
Christian Posta
 
Atlanta Microservices Day: Istio Service Mesh
Atlanta Microservices Day: Istio Service MeshAtlanta Microservices Day: Istio Service Mesh
Atlanta Microservices Day: Istio Service Mesh
Christian Posta
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryFestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
Philip Welz
 
Microservice architecture
Microservice architectureMicroservice architecture
Microservice architecture
Slim Ouertani
 
Making sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverlessMaking sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverless
Christian Posta
 
Microservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuffMicroservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuff
nklmish
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
Christian Posta
 
Servers? Where we're going we don't need servers.
Servers? Where we're going we don't need servers.Servers? Where we're going we don't need servers.
Servers? Where we're going we don't need servers.
drnugent
 
Launching a Business in Less Than 2 Months
Launching a Business in Less Than 2 MonthsLaunching a Business in Less Than 2 Months
Launching a Business in Less Than 2 Months
Amazon Web Services
 
Sustaining Your Career
Sustaining Your CareerSustaining Your Career
Sustaining Your Career
Scott Lowe
 
An eventful tour from enterprise integration to serverless and functions
An eventful tour from enterprise integration to serverless and functionsAn eventful tour from enterprise integration to serverless and functions
An eventful tour from enterprise integration to serverless and functions
Christian Posta
 
Microservices: The OSGi way A different vision on microservices
Microservices: The OSGi way A different vision on microservicesMicroservices: The OSGi way A different vision on microservices
Microservices: The OSGi way A different vision on microservicesMiguel Pastor
 
Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Microservices: A Security Nightmare?
Microservices: A Security Nightmare?
Container Solutions
 
Micro-frontends – is it a new normal?
Micro-frontends – is it a new normal?Micro-frontends – is it a new normal?
Micro-frontends – is it a new normal?
Lohika_Odessa_TechTalks
 
Lowering the risk of monolith to microservices
Lowering the risk of monolith to microservicesLowering the risk of monolith to microservices
Lowering the risk of monolith to microservices
Christian Posta
 
How to avoid microservice pitfalls
How to avoid microservice pitfallsHow to avoid microservice pitfalls
How to avoid microservice pitfalls
Particular Software
 

What's hot (20)

Think Small To Go Big - Introduction To Microservices
Think Small To Go Big - Introduction To MicroservicesThink Small To Go Big - Introduction To Microservices
Think Small To Go Big - Introduction To Microservices
 
WSO2 Workshop Sydney 2016 - Microservices
WSO2 Workshop Sydney 2016 - MicroservicesWSO2 Workshop Sydney 2016 - Microservices
WSO2 Workshop Sydney 2016 - Microservices
 
FIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE Tech Summit - Professional Dashboards for DummiesFIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE Tech Summit - Professional Dashboards for Dummies
 
Introduction to microservices Jornada Microservices
Introduction to microservices Jornada MicroservicesIntroduction to microservices Jornada Microservices
Introduction to microservices Jornada Microservices
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
 
Atlanta Microservices Day: Istio Service Mesh
Atlanta Microservices Day: Istio Service MeshAtlanta Microservices Day: Istio Service Mesh
Atlanta Microservices Day: Istio Service Mesh
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryFestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
 
Microservice architecture
Microservice architectureMicroservice architecture
Microservice architecture
 
Making sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverlessMaking sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverless
 
Microservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuffMicroservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuff
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
 
Servers? Where we're going we don't need servers.
Servers? Where we're going we don't need servers.Servers? Where we're going we don't need servers.
Servers? Where we're going we don't need servers.
 
Launching a Business in Less Than 2 Months
Launching a Business in Less Than 2 MonthsLaunching a Business in Less Than 2 Months
Launching a Business in Less Than 2 Months
 
Sustaining Your Career
Sustaining Your CareerSustaining Your Career
Sustaining Your Career
 
An eventful tour from enterprise integration to serverless and functions
An eventful tour from enterprise integration to serverless and functionsAn eventful tour from enterprise integration to serverless and functions
An eventful tour from enterprise integration to serverless and functions
 
Microservices: The OSGi way A different vision on microservices
Microservices: The OSGi way A different vision on microservicesMicroservices: The OSGi way A different vision on microservices
Microservices: The OSGi way A different vision on microservices
 
Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Microservices: A Security Nightmare?
Microservices: A Security Nightmare?
 
Micro-frontends – is it a new normal?
Micro-frontends – is it a new normal?Micro-frontends – is it a new normal?
Micro-frontends – is it a new normal?
 
Lowering the risk of monolith to microservices
Lowering the risk of monolith to microservicesLowering the risk of monolith to microservices
Lowering the risk of monolith to microservices
 
How to avoid microservice pitfalls
How to avoid microservice pitfallsHow to avoid microservice pitfalls
How to avoid microservice pitfalls
 

Similar to Survey of Container Build Tools

Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdf
Abid Malik
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 
JOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in ProductionJOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in Production
Jordan Open Source Association
 
Development-Environment Up & Running with Docker
Development-Environment Up & Running with DockerDevelopment-Environment Up & Running with Docker
Development-Environment Up & Running with Docker
Michael Wellner
 
Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015
Jérôme Petazzoni
 
Docker based-pipelines
Docker based-pipelinesDocker based-pipelines
Docker based-pipelines
DevOps.com
 
Instant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositoriesInstant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositories
Yshay Yaacobi
 
LinuxKit & Moby - The next level of the container ecosystem
LinuxKit & Moby - The next level of the container ecosystemLinuxKit & Moby - The next level of the container ecosystem
LinuxKit & Moby - The next level of the container ecosystem
Patrick Kleindienst
 
IoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesIoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSes
Mender.io
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...
All Things Open
 
Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...
Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...
Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...
Ambassador Labs
 
Introduction to Containers
Introduction to ContainersIntroduction to Containers
Introduction to Containers
Dharmit Shah
 
VASCAN - Docker and Security
VASCAN - Docker and SecurityVASCAN - Docker and Security
VASCAN - Docker and Security
Michael Irwin
 
Open collaboration in the Moby Project
Open collaboration in the Moby ProjectOpen collaboration in the Moby Project
Open collaboration in the Moby Project
Akihiro Suda
 
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Daniel Oh
 
Docker based-Pipelines with Codefresh
Docker based-Pipelines with CodefreshDocker based-Pipelines with Codefresh
Docker based-Pipelines with Codefresh
Codefresh
 
Michigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOFMichigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOF
Jeffrey Sica
 
Containerization using docker and its applications
Containerization using docker and its applicationsContainerization using docker and its applications
Containerization using docker and its applications
Puneet Kumar Bhatia (MBA, ITIL V3 Certified)
 

Similar to Survey of Container Build Tools (20)

Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdf
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
JOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in ProductionJOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in Production
 
Development-Environment Up & Running with Docker
Development-Environment Up & Running with DockerDevelopment-Environment Up & Running with Docker
Development-Environment Up & Running with Docker
 
Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015
 
Docker based-pipelines
Docker based-pipelinesDocker based-pipelines
Docker based-pipelines
 
Instant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositoriesInstant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositories
 
LinuxKit & Moby - The next level of the container ecosystem
LinuxKit & Moby - The next level of the container ecosystemLinuxKit & Moby - The next level of the container ecosystem
LinuxKit & Moby - The next level of the container ecosystem
 
IoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesIoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSes
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
 
Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...
 
Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...
Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...
Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...
 
Introduction to Containers
Introduction to ContainersIntroduction to Containers
Introduction to Containers
 
VASCAN - Docker and Security
VASCAN - Docker and SecurityVASCAN - Docker and Security
VASCAN - Docker and Security
 
Open collaboration in the Moby Project
Open collaboration in the Moby ProjectOpen collaboration in the Moby Project
Open collaboration in the Moby Project
 
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
 
Docker based-Pipelines with Codefresh
Docker based-Pipelines with CodefreshDocker based-Pipelines with Codefresh
Docker based-Pipelines with Codefresh
 
Michigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOFMichigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOF
 
Containerization using docker and its applications
Containerization using docker and its applicationsContainerization using docker and its applications
Containerization using docker and its applications
 
Containerization using docker and its applications
Containerization using docker and its applicationsContainerization using docker and its applications
Containerization using docker and its applications
 

More from Michael Ducy

Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
Michael Ducy
 
Rethinking Open Source in the Age of Cloud
Rethinking Open Source in the Age of CloudRethinking Open Source in the Age of Cloud
Rethinking Open Source in the Age of Cloud
Michael Ducy
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
Michael Ducy
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with Falco
Michael Ducy
 
DevOps in a Cloud Native World
DevOps in a Cloud Native WorldDevOps in a Cloud Native World
DevOps in a Cloud Native World
Michael Ducy
 
Securing your Container Environment with Open Source
Securing your Container Environment with Open SourceSecuring your Container Environment with Open Source
Securing your Container Environment with Open Source
Michael Ducy
 
Sysdig Open Source Intro
Sysdig Open Source IntroSysdig Open Source Intro
Sysdig Open Source Intro
Michael Ducy
 
Monitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in KubernetesMonitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in Kubernetes
Michael Ducy
 
Sysdig Tokyo Meetup 2018 02-27
Sysdig Tokyo Meetup 2018 02-27Sysdig Tokyo Meetup 2018 02-27
Sysdig Tokyo Meetup 2018 02-27
Michael Ducy
 
Principles of Monitoring Microservices
Principles of Monitoring MicroservicesPrinciples of Monitoring Microservices
Principles of Monitoring Microservices
Michael Ducy
 
Why Pipelines Matter
Why Pipelines MatterWhy Pipelines Matter
Why Pipelines Matter
Michael Ducy
 
The Future of Everything
The Future of EverythingThe Future of Everything
The Future of Everything
Michael Ducy
 
Improving Goat Production
Improving Goat ProductionImproving Goat Production
Improving Goat Production
Michael Ducy
 
Changing the Way Development and Operations Works
Changing the Way Development and Operations WorksChanging the Way Development and Operations Works
Changing the Way Development and Operations Works
Michael Ducy
 
CloudStack Day 14 - Automation: The Key to Hybrid Cloud
CloudStack Day 14 - Automation: The Key to Hybrid CloudCloudStack Day 14 - Automation: The Key to Hybrid Cloud
CloudStack Day 14 - Automation: The Key to Hybrid Cloud
Michael Ducy
 
The Road to Hybrid Cloud is Paved with Automation
The Road to Hybrid Cloud is Paved with AutomationThe Road to Hybrid Cloud is Paved with Automation
The Road to Hybrid Cloud is Paved with AutomationMichael Ducy
 
The Velocity of Bureaucracy
The Velocity of BureaucracyThe Velocity of Bureaucracy
The Velocity of Bureaucracy
Michael Ducy
 
The Goat and the Silo
The Goat and the SiloThe Goat and the Silo
The Goat and the Silo
Michael Ducy
 
Little Tech, Big Impact - Monktoberfest 2013
Little Tech, Big Impact - Monktoberfest 2013Little Tech, Big Impact - Monktoberfest 2013
Little Tech, Big Impact - Monktoberfest 2013
Michael Ducy
 
Object, measure thyself
Object, measure thyselfObject, measure thyself
Object, measure thyself
Michael Ducy
 

More from Michael Ducy (20)

Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
 
Rethinking Open Source in the Age of Cloud
Rethinking Open Source in the Age of CloudRethinking Open Source in the Age of Cloud
Rethinking Open Source in the Age of Cloud
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with Falco
 
DevOps in a Cloud Native World
DevOps in a Cloud Native WorldDevOps in a Cloud Native World
DevOps in a Cloud Native World
 
Securing your Container Environment with Open Source
Securing your Container Environment with Open SourceSecuring your Container Environment with Open Source
Securing your Container Environment with Open Source
 
Sysdig Open Source Intro
Sysdig Open Source IntroSysdig Open Source Intro
Sysdig Open Source Intro
 
Monitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in KubernetesMonitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in Kubernetes
 
Sysdig Tokyo Meetup 2018 02-27
Sysdig Tokyo Meetup 2018 02-27Sysdig Tokyo Meetup 2018 02-27
Sysdig Tokyo Meetup 2018 02-27
 
Principles of Monitoring Microservices
Principles of Monitoring MicroservicesPrinciples of Monitoring Microservices
Principles of Monitoring Microservices
 
Why Pipelines Matter
Why Pipelines MatterWhy Pipelines Matter
Why Pipelines Matter
 
The Future of Everything
The Future of EverythingThe Future of Everything
The Future of Everything
 
Improving Goat Production
Improving Goat ProductionImproving Goat Production
Improving Goat Production
 
Changing the Way Development and Operations Works
Changing the Way Development and Operations WorksChanging the Way Development and Operations Works
Changing the Way Development and Operations Works
 
CloudStack Day 14 - Automation: The Key to Hybrid Cloud
CloudStack Day 14 - Automation: The Key to Hybrid CloudCloudStack Day 14 - Automation: The Key to Hybrid Cloud
CloudStack Day 14 - Automation: The Key to Hybrid Cloud
 
The Road to Hybrid Cloud is Paved with Automation
The Road to Hybrid Cloud is Paved with AutomationThe Road to Hybrid Cloud is Paved with Automation
The Road to Hybrid Cloud is Paved with Automation
 
The Velocity of Bureaucracy
The Velocity of BureaucracyThe Velocity of Bureaucracy
The Velocity of Bureaucracy
 
The Goat and the Silo
The Goat and the SiloThe Goat and the Silo
The Goat and the Silo
 
Little Tech, Big Impact - Monktoberfest 2013
Little Tech, Big Impact - Monktoberfest 2013Little Tech, Big Impact - Monktoberfest 2013
Little Tech, Big Impact - Monktoberfest 2013
 
Object, measure thyself
Object, measure thyselfObject, measure thyself
Object, measure thyself
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 

Survey of Container Build Tools

  • 1. @mfdii Survey of Container Build Tools Michael Ducy Community & Evangelism - Sysdig
  • 2. @mfdii Agenda ● How containers should be used ● Problems with Dockerfile paradigm ● Specific tools ● Summary
  • 3. @mfdii About me Spent the last 4.5 years at Chef Cloud, Automation, Performance & Capacity, Ops Ask me about goats (goatcan.do) Triton, Maroon, Buckeye
  • 4. @mfdii Review of “What’s a Container” Cgroups Control what a process can use. ● Memory ● CPU ● Blkio ● Cpuacct ● Cpuset ● Devices ● Net_prio ● Freezer Namespaces Control what a process can see. ● PID ● Mount ● Network ● UTS ● IPC ● User ● Cgroup Thanks to Jess Frazelle (@jessfraz) for this slide https://goo.gl/7fVKFa
  • 5. @mfdii Containers vs. Zones vs. Jails vs. VMs Thanks to Jess Frazelle (@jessfraz) for this slide https://goo.gl/7fVKFa Containers Cgroups Namespaces LSMs Zones First class concept Jails First class concept VMs First class concept Read more about this here: https://blog.jessfraz.com/post/containers-zones-jails-vms/
  • 7. @mfdii Problem with the Dockerfile paradigm Builds aren’t deterministic or reproducable. Programmability through Bash Easy to turn a container image into a “VM” Lack of visibility into what’s really in the final image Bottom up approach vs application down
  • 8. @mfdii Real World Numbers Show the Problem 7 to 1 container to host ratio (DataDog survey, April 2017) 10 to 1 container to host ratio(Sysdig survey April 2017)
  • 9. @mfdii Base OS Image Size https://anchore.com/blog/breakdown-of-operating-systems-of-dockerhub/
  • 14. @mfdii What can we infer? Nobody knows how to package their application in a container.
  • 15. @mfdii Lots of choices Traditional Build Tools ● buildah ● nixos-container ● ansible-container ● Smith ● Distroless Source-to-Container Tools ● Buildkit ● Source-to-Image (s2i) ● Habitat
  • 17. @mfdii buildah Project from Project Atomic - https://github.com/projectatomic/buildah OCI and Docker Image Formats Doesn’t require a container runtime to build containers. Allows for some _interesting_ uses which are 0_0 LOLWUT Not deterministic.
  • 18. @mfdii nixos-container Builds containers based on NixOS Imperative and Declarative approaches Containers can be auto-rebuilt when host OS updates Ability to get very granular with software installed in a container due to Nix’s packaging approach
  • 21. @mfdii ansible-container Declarative approach (mostly) Allows you to build multiple containers from one container.yml (like docker-compose) Allows you to take advantage of Ansible expertise/playbooks you already have https://github.com/ansible/ansible-container
  • 23. @mfdii Smith Focuses on building “microcontainers” Principles of microcontainers 1. A microcontainer only contains the process to be run and its direct dependencies. 2. The microcontainer has files with no user ownership or special permissions beyond the executable bit. 3. The root filesystem of the container should be able to run read-only. All writes from the container should be into a directory called /write. Any unique config that an individual container instance will need should be placed into a directory called /read. Ephemeral files such as pid files can be written to /run.
  • 24. @mfdii Smith Declarative (mostly) Builds containers that are significantly smaller (httpd built with Smith is 3% of Dockerhub image) Can use yum packages or Docker base images for source of binaries https://hackernoon.com/how-to-build-a-tiny-httpd-container-ae622c37db39
  • 25. @mfdii What you want in a container
  • 26. @mfdii Distroless Declarative builds leveraging Google’s Bazel ‘"Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells any other programs you would expect to find in a standard Linux distribution.’ Provides stripped down base images Support for language runtimes: Java, Python, Go, C, Node, dotnet
  • 27. @mfdii Source-to-Image “Source-to-Image (S2I) is a toolkit and workflow for building reproducible Docker images from source code.” One image can be used for builds, one can be used to run the artifact. Allows build environments to be tightly versioned and controlled for reproducibility Allows for control/security of the build environment through the use of build containers
  • 29. @mfdii Buildkit “BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.” Frontend’s specify a definition for how your software is built. Buildkit takes this human readable definition (frontend) and transforms it into low level build (LLB) definition. Exporters allow build artifacts to be exported in a variety of formats not just container formats. Focuses on “How can we create generic primitives for a build system?” https://blog.mobyproject.org/introducing-buildkit-17e056cc5317
  • 33. @mfdii Habitat BUILD DEPLOY SUPERVISE ▪ Consistent process for packaging all apps across all architectures. ▪ Scaffolding for key languages: Node.js, Ruby, Go, Java. ▪ Built in supervisor for Service Discovery, Templated Configs, Clustering Topologies, Health Check APIs, and more BUILD DEPLOY MANAGE ▪ Export to variety of different formats: Docker ACI CloudFoundry Kubernetes Mesos tar
  • 34. @mfdii Habitat Build ServiceHabitat provides a cloud native build and packaging system HABITAT BUILDER Developer adds a plan.sh to define the build phases of their software. Scaffolding for common languages can be used provides sane defaults. Developer explicitly declares dependencies, required backing services, and what services/ports are exposed. Runtime lifecycle hooks can be defined for the application (start, reconfigure, etc). Templated configuration files can be included. Habitat Builder watches a GitHub repository for changes, when code is merged a build is performed based on the repo’s plan.sh. Build artifact includes runtime lifecycle hooks, configuration, and application binaries or code. Build artifact metadata includes dependent services, exposed services/ports, and required dependencies. Artifacts are stored in a Habitat Builder depot. USER PLAN PUBLIC DEPOT PRIVATE DEPOT
  • 35. @mfdii Lots of choices ● buildah ○ Still coupling yourself to the operating system paradigms ● nixos-container ○ Niche OS, with it’s own insecure container model. Have to eat NixOS ● ansible-container ○ Great if you’ve committed to Ansible. ○ Ansible Service Bus for stateful services ● Smith ○ Microcontainers are what you want (++) ○ Janky to pull apart container images and still leverages OS package managers (to an extent) ● Distroless ○ Removes the OS (++), very language specific ○ Bazel is not the most approachable tool and real world examples are minimal
  • 36. @mfdii Lots of choices ● Buildkit ○ Very interesting approach to solve the problem of building software in general. ○ Versioned build environments possible ○ Still too early, examples sparse, frontends for languages non-existent ● s2i ○ Versioned, secured build environments ○ Library of build/run images but built on OS paradigm ● Habitat ○ Easily describes software builds in BASH ○ Export formats for multiple platforms (++) ○ Does the right thing to determine what a build artifact needs to run ○ Have to eat the Supervisor which doesn’t fit with Kubernetes paradigms ○ Software libraries provided OOTB are not well maintained
  • 37. @mfdii Summary Container Build Tools still have a long way to go. Each tool has ++ and -- Some tools sacrifice “best practice” for approachability Some tools make things overly complex What do we need? ● Buildpack type model for Source Code building ● Declarative container build manifest generated from the build ● Exporter to create container image of choice with only the app and deps