What is a (Docker) Container, really?

Transcript

1. 1 Confidential
   ©2019 VMware, Inc. Kubernetes in a Nutshell

2. Confidential
   ©2019 VMware, Inc. 2 „Kubernetes is an open-source

   System for automating Deployment, Scaling, and Management of containerized Applications.” The Origin of Kubernetes

3. Confidential
   ©2019 VMware, Inc. 3 Google Search (late 1990s)

   Borg (~2003) Cgroups (2007) Omega (~2012) Docker (2013) The Origin of Kubernetes Kubernetes (2014) @embano1

4. Confidential
   ©2019 VMware, Inc. 4 Kubernetes Cluster Kubernetes High-Level

   Architecture Infrastructure (Compute, Storage, Networking) Control Plane Worker Pod Pod Pod Pod Pod API Kubernetes Cloud Provider @embano1

5. Confidential
   ©2019 VMware, Inc. 5 So what is a

   Container, really? Kernel Mode Cgroups Namespaces Security Capabilities Scheduler Syscall task_struct … Scheduling Entity (se) “running” syscall.Exec(ENTRYPOINT/CMD)* A Structure in Kernel Memory. The Kernel has no Notion of a “Container”. It’s yet another Executable. User Mode Docker Engine ContainerCreate() * After Container Sandbox Initialization (nsenter.go/nsexec.c) sched_class fair.c (CFS) @embano1

6. Confidential
   ©2019 VMware, Inc. 6 The Pod – The

   atomic Unit in Kubernetes Kubernetes Primitives /pause Container #1 Container #2 Pod Limits Requests https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.13/#podspec-v1-core Volumes Priority Affinity Probes IP @embano1

7. Confidential
   ©2019 VMware, Inc. 7 Higher Level Objects Kubernetes

   Primitives Pod “redis-<id>-1” ReplicaSet “redis-<ID>” “desired: 3” Deployment “redis” “strategy: rollingUpdate” Pod “redis-<id>-2” Pod “redis-<id>-3” myCustomController “kind: redisCluster” Horizontal Pod Autoscaler (HPA) Metrics Provider myCustomController kubectl create –f redis.yaml REST API SDKs API

8. Confidential
   ©2019 VMware, Inc. 8 Controllers and Reconciliation Loops

   Kubernetes Primitives Observe Analyze Act