Docker & Linux Containers (with animations)

Linux Containers & Docker Ahmet Alp Balkan 8/14/2014
NOT MICROSOFT CONFIDENTIAL

‘Real’ containers

What is special about containers?

Power of Containers  
     

Power of Containers •  Standard format everybody agrees on
     

•  Once you seal the box, it gets shipped “as is”    

•  Once you seal the box, it gets shipped “as is” •  SeparaVon of concerns – Building ó Packaging ó Shipping

Containers vs. VMs

Type 1 Hypervisor

Type 1 Hypervisor Hardware

Type 1 Hypervisor Hardware Hypervisor Kernel

Type 1 Hypervisor Hardware VM VM
Hypervisor Kernel

OperaVng System OperaVng System Hypervisor Kernel

OperaVng System OperaVng System bins/libs bins/libs Hypervisor Kernel

OperaVng System OperaVng System bins/libs bins/libs App App App App Hypervisor Kernel

Type 2 Hypervisor

Type 2 Hypervisor Hardware

Type 2 Hypervisor Hardware OperaVng System

Type 2 Hypervisor Hardware Hypervisor So[ware
OperaVng System

OperaVng System App App App

VM VM OperaVng System OperaVng System bins/libs bins/libs App App App App OperaVng System App App App

Linux Containers

Linux Containers Hardware

Linux Containers Hardware OperaVng System (Linux)

Linux Containers Hardware OperaVng System (Linux) bins/libs

Container

Container App

Container App App

Container Container App App

Container Container bins/libs App App

Container Container bins/libs App App App

lxc: Linux Containers •  OS-‐Level virtualizaVon, no Hypervisor
•  Namespacing –  PIDs –  user IDs –  network tables –  mounted drivers –  … •  Started in 2006. •  Developed by a team of 4 –  v1.0 in 2014.

cgroups: Control Groups •  Fair resource usage sharing for
Linux kernel – CPU – Memory – I/O •  Started in 2007. – by 2 Google Engineers

Distributed ApplicaVon Model

Distributed ApplicaVon Model Front-‐end (web)

Distributed ApplicaVon Model Front-‐end (web) App services

Background workers

Background workers DB Cache Servers

Advantages of containers  
           

Advantages of containers •  Only one kernel runs on
the machine            

the machine •  No Hypervisor overhead. –  Apps directly run on CPU –  Rack space & power & more free CPU cycles      

the machine •  No Hypervisor overhead. –  Apps directly run on CPU –  Rack space & power & more free CPU cycles •  Run diﬀerent versions of OS on same server –  Run diﬀerent OSes on the same server  

the machine •  No Hypervisor overhead. –  Apps directly run on CPU –  Rack space & power & more free CPU cycles •  Run diﬀerent versions of OS on same server –  Run diﬀerent OSes on the same server •  Process isolaVon & security

Use of Linux Containers  
           

Use of Linux Containers •  Borg –  Google’s
“secret sauce” –  Everything runs in containers –  Not open source      

“secret sauce” –  Everything runs in containers –  Not open source •  Mesos –  Developed by Twiger –  Open sourced

“secret sauce” –  Everything runs in containers –  Not open source •  Mesos –  Developed by Twiger –  Open sourced “IT’S A WAY OF STITCHING TOGETHER A COLLECTION OF MACHINES INTO, BASICALLY, A BIG COMPUTER.”

…is a Linux container engine

…is Open Source

…is also a company.

Why was Docker born?  
         

Why was Docker born? •  Shipping code to servers
is hard          

is hard •  It’s hard to glue the technology – LXC + cgroups      

is hard •  It’s hard to glue the technology – LXC + cgroups – lmcky: “Let me contain that for you” •  open source version of Google’s container stack  

is hard •  It’s hard to glue the technology – LXC + cgroups – lmcky: “Let me contain that for you” •  open source version of Google’s container stack •  There is no standard image format

Another moVve: eliminaVng Ops  
         

Another moVve: eliminaVng Ops •  So[ware used to be
deployed by ops teams          

deployed by ops teams •  Docker might be “the ﬁrst true DevOps tool”        

deployed by ops teams •  Docker might be “the ﬁrst true DevOps tool” – Increased shipment cadence      

deployed by ops teams •  Docker might be “the ﬁrst true DevOps tool” – Increased shipment cadence – Fast moving engineering culture    

deployed by ops teams •  Docker might be “the ﬁrst true DevOps tool” – Increased shipment cadence – Fast moving engineering culture •  Sysadmins no more.  

deployed by ops teams •  Docker might be “the ﬁrst true DevOps tool” – Increased shipment cadence – Fast moving engineering culture •  Sysadmins no more. – A great abstracVon over infrastructure.

Why is Docker special?  
   

Why is Docker special? •  The real value is
not technology.    

not technology. •  It’s “gelng people to agree on something”.  

not technology. •  It’s “gelng people to agree on something”. – Packaging and delivery method.

Cloud as one big machine

Cloud as one big machine docker client

Cloud as one big machine docker client $
docker run …

Cloud as one big machine docker client $
docker run … libswarm

Demo Vme

Demo Vme Linux VM on Azure

Demo Vme Linux VM on Azure docker daemon

docker client

docker client Container Container

docker client Container Container App App

Docker Image Layers

Docker Image Layers ubuntu

Docker Image Layers ubuntu apache+php

Docker Image Layers ubuntu apache+php ADD
/my/applicaIon

/my/applicaIon ADD /my/conﬁguraIon

/my/applicaIon ADD /my/conﬁguraIon 200 MB

/my/applicaIon ADD /my/conﬁguraIon 200 MB 250 MB

/my/applicaIon ADD /my/conﬁguraIon 200 MB 250 MB 260 MB

/my/applicaIon ADD /my/conﬁguraIon 200 MB 250 MB 260 MB 261 MB

/my/applicaIon ADD /my/configuraIon 200 MB 250 MB 260 MB 261 MB 50 MB diff 10 MB diff 1 MB diff

Layers & Reuse

Layers & Reuse Base Linux DistribuVon image

Layers & Reuse Base Linux DistribuVon image Google
conﬁguraVon

Layers & Reuse Base Linux DistribuVon image Google
conﬁguraVon mapreduce crawler web frontend video encoder

Dockerﬁle          

Dockerﬁle FROM ubuntu:latest        

Dockerﬁle FROM ubuntu:latest MAINTAINER Ahmet <[email protected]>      

Dockerﬁle FROM ubuntu:latest MAINTAINER Ahmet <[email protected]> RUN apt-get install
nginx mysql python    

nginx mysql python ADD /my/app /var/www/app  

nginx mysql python ADD /my/app /var/www/app ENTRYPOINT /var/www/app/server.py

nginx mysql python ADD /my/app /var/www/app ENTRYPOINT /var/www/app/server.py $ docker build

Dockerﬁle inheritance        

Dockerﬁle inheritance FROM microsoft/aspnet-vnext      

Dockerﬁle inheritance FROM microsoft/aspnet-vnext MAINTAINER Bob <[email protected]>    

Dockerﬁle inheritance FROM microsoft/aspnet-vnext MAINTAINER Bob <[email protected]> ADD /my/app
/var/www/app  

/var/www/app ENTRYPOINT /var/www/app/Server.cs

/var/www/app ENTRYPOINT /var/www/app/Server.cs Reuse

Docker use cases  
             

Docker use cases •  Just like VMs in producVon
–  SpoVfy, eBay            

–  SpoVfy, eBay •  One oﬀ tasks          

–  SpoVfy, eBay •  One oﬀ tasks –  Build automaVon        

–  SpoVfy, eBay •  One oﬀ tasks –  Build automaVon –  ConVnuous integraVon      

–  SpoVfy, eBay •  One oﬀ tasks –  Build automaVon –  ConVnuous integraVon –  TesVng    

–  SpoVfy, eBay •  One oﬀ tasks –  Build automaVon –  ConVnuous integraVon –  TesVng –  Bug repros  

–  SpoVfy, eBay •  One oﬀ tasks –  Build automaVon –  ConVnuous integraVon –  TesVng –  Bug repros •  Making the cloud look like “one big machine”

… is a minimal host OS (Linux) for Docker.

…is an open source project

…is also a company

…is auto self-‐updaVng.

…has rollbacks. (updates are atomic)

Clustering  
               

Clustering •  Kubernetes (by Google) –  for clustering
Docker containers across nodes –  Inspired by Google’s internal systems like Borg/ Omega –  Open source –  10+ years of experience in running containers –  ContribuVons by Microso[ & IBM etc.      

Clustering •  Kubernetes (by Google) –  for clustering
Docker containers across nodes –  Inspired by Google’s internal systems like Borg/ Omega –  Open source –  10+ years of experience in running containers –  ContribuVons by Microso[ & IBM etc. •  ﬂeet (by CoreOS) –  for clustering CoreOS nodes –  Open source

Cons of Docker  
       

Cons of Docker •  Linux only – Probably will
never support Windows.      

never support Windows. •  Security risks    

never support Windows. •  Security risks •  Same pricing as VMs  

never support Windows. •  Security risks •  Same pricing as VMs •  SVll developing ecosystem

Further reading •  Return of the Borg (Wired)
•  Inside the Borg and Mesos (Verge) •  Google Open Sources Its Secret Weapon in Cloud CompuVng: Kubernetes (Wired) •  Docker: hgp://docker.com •  CoreOS: hgp://coreos.com •  Running Docker on Windows (docker.com) •  Docker on Azure (azure.com) •  Omega: ﬂexible, scalable schedulers for large compute clusters SIGOPS EuroSys 2013, ACM, pp. 351-‐364 (Google Research)

Thanks. QuesVons?

Docker & Linux Containers (with animations)

Docker & Linux Containers (with animations)

More Decks by Ahmet Alp Balkan

Other Decks in Technology

Featured

Transcript