Containers #101 : Docker ONBUILD triggers and Introduction to Docker Compose
Docker Overview - Rise of the Containers
-
Upload
ryan-hodgin -
Category
Technology
-
view
297 -
download
1
Transcript of Docker Overview - Rise of the Containers
Agenda
§ Execu?ve Summary § Where does Docker fit in the world of Servers and Hypervisors? § What’s an Applica?on Container? § How is Docker different? – What is a Docker image? – What is a Docker file? – What is a Docker registry?
§ How popular is Docker? § What is the performance like? § What’s Docker working on now? § How does Docker change designs? § What are some of Docker’s challenges? § What’s next for Docker? § What is IBM doing with Docker?
4/17/15 2
Docker: Execu?ve Summary § Background – Docker provides the leading applica?on container engine; open source under
the Apache 2.0 license – Enables an applica?on image to be constructed with its run?me dependencies
and deployed iden?cally on mul?ple environments without modifica?on. – Version 1.0 announced on June 9th, 2014 – Makes use of technology available in all mainstream Linux distribu?ons – Referred to as “Virtualiza?on 2.0” due to its removal of o^en unnecessary
por?ons of hypervisors. – Containers can be_er u?lize hardware resources and perform be_er than
tradi?onal virtualiza?on. – Integrates solu?ons from DevOps community to improve release management
and deployments. – Rapidly growing in interest and usage by both developers and system
administrators. – Docker is being aggressively adopted by many key tech companies • Announcements from IBM, Microso8, Google, Amazon, VMWare, Red Hat, etc..
– Docker Inc. now valued at more than $1B with latest rounding of VC funding.
4/17/15 3
Docker Engine: A “Hypervisor” for Containers
4/17/15 5
Hardware
Hypervisor Virtual Machine
OperaJng System
Bins / libs
App App
Virtual Machine
OperaJng System
Bins / libs
App App
Hardware
OperaJng System
Container
Bins / libs
App App
Container
Bins / libs
App App
Hardware
OperaJng System
Container
Bins / libs
App App
Container
Bins / libs
App App
CLI REST API Dockerfiles
Type 1 Hypervisor Linux Containers Docker
Conceptual Mapping
VM à Container Hypervisor à Docker Engine
Containers Aren’t A New Concept § Containers have existed for years in the Unix world:
4/17/15 6
IBM AIX WPARs
Oracle Solaris Zones BSD Jails
Technology for Containers Added to Linux
4/17/15 7
User S
pace
Kernel Space
Kernel
System Call Interface
Architecture Dependent Kernel Code
GLIBC / Pseudo FS / User Space Tools & Libs
Linux Container Tooling
Linux Container Commodi?za?on
Orchestra?on & Management
Hardware
cgroup
s
namespa
ces
chroots
LSM
lxc
Deployments have shi^ed to VMs and images § VMs and images commonly used in the Cloud world: – AWS Xen and Amazon Machine Images – So^Layer Xen and Standard/Flex Images – Microso^ Azure – Customized Hyper-‐V and VM Images – Google Compute Engine – KVM – OpenStack -‐ KVM
§ Similar technologies are used in tradi?onal data centers: – VMWare vSphere – Citrix Xen – KVM – Microso^ Hyper-‐V
4/17/15 8
Docker Containers vs. Tradi?onal VMs § Tradi?onal VMs include wasted resources to support the Guest OS while Docker makes use of layering to share common OS / lib por?ons of images.
4/17/15 9
What is a container? § Modeled on the success of shipping containers, an applica?on container is designed to contain a complete deployment unit for an applica?on to allow for automa?on, version tracking, and rapid deployment.
4/17/15 10
What is in a container? § Applica?on deployments have focused on the applica?on binaries and relied on opera?ons for the applica?on’s dependencies (Java JRE, Ruby Gems, Python, App Server, etc.)
§ Docker images include these applica?on dependencies in the container along with the applica?on.
4/17/15 11
WAR file construcJon:
Docker image construcJon:
Docker: Dockerfiles § Dockerfiles document how to construct the container and what to execute when it is running.
§ Normally a container should contain a single process. § Dockerfiles are readable and maintainable along with applica?on source code.
4/17/15 12
Docker: Images, Layers & Registries
4/17/15 13
The layers build on one another and only the differences are stored in each layer.
DockerHub
4/17/15 15
Build Ship
Run
Dev
QA
Source
Staging
Physical
Virtual
Cloud
Infrastructure Management
Infrastructure Management
DockerFile
Source Code Repository
TEST TEST
TEST TEST
TEST
GCE RAX IBM
Mac/Win Dev Machine
Boot2Docker
Docker
Analytics DB
Prod Machine
Linux OS
Docker
Docker
++
Users Collab
Provenance Policy
Docker Hub
Registries
Public Curated Private
Docker Hub API
Third Party Tools
Prod Machine
Linux OS
Docker
Docker
Prod Machine
Linux OS
Docker
Docker
VM
Docker
Docker
VM
Docker
Docker
VM
Docker
Docker
QA Machine
Linux OS
Docker
Docker
§ Public and private repositories are used to host images.
Docker: Open Planorm
4/17/15 16
Any App
Any infrastructure • Physical • Virtual cloud
+ 65K apps + 50K projects
API
Engine Hub cloud-‐based plagorm services for distributed
applicaJons
API
open source so8ware at the heart of the Docker plagorm
Docker: Ecosystem
4/17/15 17
Official Repos & 65K+ Dockerized Apps
Community 700+ Contributors 175+ Meetups in 40 countries 2.75M Downloads 50K Projects on GitHub
Support Enterprise Support Robust DocumentaJon ImplementaJon, IntegraJon, Training Network of Partners
The Docker Planorm Docker Engine
Docker Hub
Build, Ship, and Run
Partners
Content
Users
Docker: Adop?on
4/17/15 18
Docker has the highest buying intenJon score of any enterprise company or open-‐source project in six years of tracking by research firm Enterprise Technology Research.
Docker: Performance § Performance comparison with KVM by IBM Research shows near bare metal performance that “equals or exceeds KVM performance in every case we tested.”
§ See full report at: h_p://domino.research.ibm.com/library/cyberdig.nsf/papers/0929052195DD819C85257D2300681E7B/%24File/rc25482.pdf
4/17/15 19
DockerCon14 Europe Announcements § At its event on 12/4-‐12/5, Docker announced: – Docker Orchestra?on Services • Adds ability to assemble mulJ-‐container applicaJons • Supports any infrastructure (laptop, private, public clouds, etc.) • Manages all containers of an applicaJon as a single group • Cluster an applicaJon’s containers for HA and resource opJmizaJon • Includes three new services: – Docker Machine – a host running the Docker Engine – Docker Swarm – a Docker-‐naJve clustering service that works with Docker Engines and pools their resources across
them – Docker Compose – allows for applicaJon assembly
– Docker Hub Enterprise • Allows for Developers to create mulJ-‐container distributed applicaJons behind-‐the-‐firewall. • Integrates private and public Docker repositories. • Brought to market by IBM, Amazon, and Microso8 as part of broader set of product and service offerings.
• Architected for high-‐availability and horizontal scalability • Planned availability in 2Q 2015
4/17/15 20
Docker Machine § Machine makes it really easy to create Docker hosts on your computer, on cloud providers and inside your own data center. It creates servers, installs Docker on them, then configures the Docker client to talk to them.
4/17/15 21
§ Drivers exist for: – So^Layer – AWS – DigitalOcean – Azure – Google Compute Engine – Rackspace – OpenStack – Virtualbox – VMWare Fusion – VMWare vSphere – Hyperv
Docker Swarm § Docker Swarm is na?ve clustering for Docker. It turns a pool of Docker hosts into a single, virtual host.
§ Has support for etcd, consul, and zookeeper host discovery systems. § Integra?ons planned with Bluemix, Mesos, Kubernetes, AWS, Azure
4/17/15 22
Docker Compose § Compose is a tool for defining and running complex applica?ons with Docker. With Compose, you define a mul?-‐container applica?on in a single file, then spin your applica?on up in a single command which does everything that needs to be done to get it running.
4/17/15 23
Defined in yaml:
Designing for Docker – Applica?on Design § Because of Docker’s design, refactoring may be needed to run on Docker well. Cloud-‐friendly designs principles like The Twelve Factor App and Microservices can enable applica?ons to run well in Docker containers.
4/17/15 24
hop://marJnfowler.com/arJcles/microservices.html
hop://12factor.net/
hop://www.slideshare.net/adrianco
Designing for Docker – Opera?on System Design § Opera?ng systems are being redesigned to focus on running containers. Dubbed “Minimalist OS”, these opera?ng systems offer some key poten?al benefits: – Improved security through smaller a_ack surfaces and isola?on techniques – Small image sizes and fast start up ?mes – Transac?onal upgrade and rollback op?ons
§ Some examples of these minimalist OSes include: – CoreOS – Red Hat’s Project Atomic – Ubuntu’s Snappy Ubuntu Core – RancherOS – Microso^’s Nano Server
4/17/15 25
Architecture of RancherOS
Docker Challenges: Networking
§ Connec?ng containers within the same host isn’t too difficult but the complexity grows when containers need to communicate across hosts.
§ How is this being addressed: – Service Discovery: • Docker Swarm • Etcd • Consul • Zookeeper
– So^ware Defined Networks (SDN) • Socketplane.io (Docker AcquisiJon) • IBM’s SDN-‐VE • Weave • CoreOS’ Flannel
4/17/15 26
Docker Challenges: Lack of Enterprise Features
§ Enterprise features commonly found in modern virtualiza?on planorms not yet available in Docker. Features such as: – Fine Grained Administra?on Access Control – Live Migra?on of Containers – Backup and Restore Op?ons – Administra?on Tools for Large Scale Deployments – Support for Audi?ng and Logging – Regulatory Compliance
§ Ac?ve development underway to address these gaps. Major enterprise technology vendors are construc?ng solu?ons for many of these areas.
4/17/15 27
Docker Challenges: Security
§ Container security receiving much more scru?ny now and poten?al vulnerabili?es are receiving a_en?on. Areas of risk include: – Docker Engine daemon runs as root – Lack of encryp?on op?ons – Docker API endpoints – Integrity of images – Containers may be able to execute too many
system calls – Containers may have access to file system
§ Coordinated development underway to address these issues.
§ Concerns especially high concerns for mul?-‐tenant deployments: – “These containers aren't secure. They don't have that kind of isola?on. They're sharing so
much of their underlying opera?ng system that they can't be effec?vely secured, at least not to the kind of level of risk that we'd be comfortable running two different customers in containers side by side” – Microso^ Azure CTO Mark Russinovich
4/17/15 28
Docker Compe??on Announcements: CoreOS
§ 12/1/14 – Announces new container run?me Rocket: – CoreOS claims Docker has lost sight of original “standard container” vision: “Docker now is building tools for launching cloud servers, systems for clustering, and a wide range of func?ons: building images, running images, uploading, downloading, and eventually even overlay networking, all compiled into one monolithic binary running primarily as root on your server”
– Requests community input on a new standard: • App Container Image • App Container RunJme
4/17/15 29
What’s Next for Docker?
§ 04/14/2015 – Docker Raises $95M Series D Round for Its Container Planorm
§ Construc?ng full planorm for containers § Integra?ng strategic acquisi?ons (Orchard, Kitema?c, SocketPlane) § Adding enterprise features through partnerships (IBM, Amazon, Google, Red Hat, VMWare, Microso^, etc.)
§ Adding support for Windows Containers through Microso^ partnership § Becoming the deployment planorm of choice for microservices § Mone?zing images and containers
4/17/15 30
What’s IBM Doing with Docker § Open Source Par?cipa?on: – IBM contributes to the Docker projects (core contributors) – IBM contributes Docker related func?onality to other projects as well (OpenStack)
§ New Products/Offerings: – IBM Container Service on Bluemix (currently in Beta, GA planned for 2Q15) – IBM Docker Hub Enterprise Registry (to be released in 2Q15)
§ Support for Docker on IBM hardware: – pSeries Power Systems – zSeries Mainframe Systems
§ Support for Docker on IBM So^ware: – UrbanCode – PureApp – WebSphere – DB2
4/17/15 31