Post on 10-Aug-2015
Docker + App Container -> OCP23 June 2015
Alex ToombsSoftware Engineer, Apcera
Who am I?
@ Apcera > 2 years
Platform Lead
Deployment, packaging, auditability
Not only microservice-based apps: legacy stacks, too
(...but not the focus today)
About Apcera
Develop a platform for enterprises to manage applications & services
Golang users! (>90% Go code in our main repo, since ~ August 2012)
Wrote our own container implementation (using common techs like cgroups,namespaces)
Digest Docker/ACI/whatever images to run (polyglot stacks welcome)
Hosted Slides
http://present.croissant.buffalo.im/apceraMeetup/apceraMeetup.slide#1
(on Continuum)
Docker vs CoreOS
Docker vs CoreOS
By Evrik and Mets501 [Public domain], via Wikimedia Commons
Docker vs CoreOS
Just kidding! We're all friends now
Original title: killed by shykes!
Awesome announcement yesterday: OCP!
Open Container Project (under the Linux Foundation)
First reference implementation: runC
Apcera's down with OCP!
Lots of big backers (Docker, Amazon, Google, Microsoft, CoreOS, etc.)
Docker
Docker: past
History: dotCloud's Docker project started in ~ early 2013
dotCloud has been around ~8 years; struck a chord with Docker
Docker: quickly became synonymous with containers
Docker: past
docker/docker repo, v0.1.0: https://github.com/docker/docker/releases/tag/v0.1.0
March 23, 2013
527 commits
dotCloud -> Docker
LXC (Linux Containers)
Docker: past
docker/docker repo, v0.9.0: https://github.com/docker/docker/releases/tag/v0.9.0
March 10, 2014
6739 commits
"Add the pure Go libcontainer library to make it possible to run containers..."
"Add native exec driver which uses libcontainer and make it the default execdriver."
LXC -> libcontainer
Docker: present
500,000,000 containers downloaded (according to Dockercon)
16,339 commits (post-lunch, today)
Many products: Engine, Compose, Swarm, Machine, Notary, etc.
Plugins are powerful
OCP! (more later)
Docker: future
Microkernels (just kidding)
Heavy focus on trust around containers (big criticism; tarsums, signatures, etc)
Support more platforms (e.g. Microsoft, for Windows Server)
libcontainer -> runC?
appc
appc: origins
CoreOS started appc project to define a spec for containers
Trust at the core; use common tools like pgp/tar/shasum for imageverification/portability
Independent from CoreOS, maintained by 6 people (up until recently!)
rkt: reference implementation
appc: tenets
Composable
Secure
Decentralized (!)
Open
appc: pieces
App Container Image: what image is run
App Container Image Discovery: how to find images
App Container Pod: what a deployable, executable unit is
App Container Executor: how pods are executed
appc + Apcera: Kurma
Apcera question: what to do with container runtimes?
libcontainer vs rkt vs our own tech vs something else...
Spec was attractive; well-defined interface
DNS discovery protocol: awesome!
Decentralized distribution vs centralized registry
Future: Open Container Project (OCP)
OCP
(http://opencontainers.org/)
OCP
Reference implementation: https://github.com/opencontainers/runc
Heavily libcontainer flavored
No image spec yet (adopting from appc?)
Highly in flux! (just over a day old, publicly)
Spec: emphasis on "working code" for moving spec forward
OCP: open questions
Image spec: what will that look like? (ACI, we hope)
Registry v2: pertains to above
Future of rkt
Future of libcontainer
Security scanning of images (mentioned briefly yesterday)
OCP + Apcera: ?
Committed to improving the spec
Provide feedback/PRs
Very interested in image verification (notary is cool, but independent)
Policy for allowed sets of keys, maybe?
Doesn't replace Docker; Docker has the distribution down
Thank you
23 June 2015
Alex ToombsSoftware Engineer, Apceraalex@apcera.com (mailto:alex@apcera.com)
@alextoombs (http://twitter.com/alextoombs)
See you at Gophercon!