Post on 13-Apr-2017
Docker Architecture
Presentation By:
Amir Arsalan Ghorbanzadeh
Mohammadreza Amini
Docker Architecture
Autumn 2015IRAN OpenStack Users Group OpenStack.ir
Agenda:● What is docker ?● Cgroups● Namespace● Filesystem● Networking
OpenStack.ir | IRAN Community
Docker Architecture
OpenStack.ir | IRAN Community
Docker Architecture
• What is a Container?
– Group of processes contained in a Isolated Environment
– Isolation provided by Concepts like cgroups and namespaces
Before we get started
OpenStack.ir | IRAN Community
Docker Architecture
What is docker ?
OpenStack.ir | IRAN Community
Docker Architecture
What is docker ?
Docker is an open platform for developing, shipping, and running
applications. Docker is designed to deliver your applications faster.
With Docker you can separate your applications from your infrastructure
AND treat your infrastructure like a managed application. Docker helps
you ship code faster, test faster, deploy faster, and shorten the cycle
between writing code and running code.
OpenStack.ir | IRAN Community
Docker Architecture
Docker Features
Image Management Resource Isolation File system Isolation Network Isolation
Change Management Sharing Process Management
OpenStack.ir | IRAN Community
Docker Architecture
Linux kernel feature to limit, account and isolate resource usage, such as:
Control Groups & Namespaces
● CPU● Memory ● Disk I/O
OpenStack.ir | IRAN Community
Docker Architecture
CGroup
This allows you to manage the resources of a group of processes.
● Cpu : Managing the CPU shares of a container● Memory : Managing the memory shares of a container● Block devices(disk) : Limiting read/write speed and limiting disk space
OpenStack.ir | IRAN Community
Docker Architecture
Namespace
Namespaces isolate processes such as users lists, network devices, process lists and filesystems.
● mnt (mount points, filesystems)
● pid (processes)
● net (network stack)
● ipc (System V IPC)
● uts (hostname)
● user (UIDs)
OpenStack.ir | IRAN Community
Docker Architecture
File System
OpenStack.ir | IRAN Community
Docker Architecture
This Linux service allows you to mount files and directories from other filesystems (ie. a namespace isolated file system) and combine them to
form a single file system
Union file system
OpenStack.ir | IRAN Community
Docker Architecture
The VOLUME instruction creates a mount point with the specified
name and marks it as holding externally mounted volumes from native
host or other containers.
Volume
OpenStack.ir | IRAN Community
Docker Architecture
Networking
OpenStack.ir | IRAN Community
Docker Architecture
Docker uses a bridge to connect all
containers on the same host to the
local network.
OpenStack.ir | IRAN Community
Docker Architecture
Communication between containers
OpenStack.ir | IRAN Community
Docker Architecture
● Docker0 bridge
● iptables
Whether two containers can communicate is governed, at the operating system level, by two factors:
OpenStack.ir | IRAN Community
Docker Architecture
Any Question?
OpenStack.ir | IRAN Community
Docker Architecture
Stay in Touch and Join Us:
● Home Page: OpenStack.ir
● Meetup age:Meetup.com/IranOpenStack
● Mailing List: OpenStackir@Lists.OpenStack.org
● Twitter: @OpenStackIR , #OpenStackIRAN
● IRC Channel on FreeNode: #OpenStack-ir
Iran OpenStack Community
OpenStack.ir | IRAN Community
Docker Architecture
Mohammadreza AminiSenior Linux AdministrationMohammadreza@openstack.ir
Amir arsalan GhorbanzadehSenior Python DeveloperArsalan@openstack.ir
Thank You