Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Docker & Pods

Ian Lewis
March 05, 2016
Technology
8
2.1k

Docker & Pods

Ian Lewis

March 05, 2016
Tweet

More Decks by Ian Lewis

See All by Ian Lewis
Kubernetes Security Best Practices
ianlewis
39
26k
The Enemy Within: Running untrusted code in Kubernetes
ianlewis
0
1.2k
The Enemy Within: Running untrusted code with gVisor
ianlewis
4
890
KubeCon EU Runtime Track Recap
ianlewis
3
1.5k
コンテナによるNoOpsオートメーション
ianlewis
2
130
Google Kubernetes Engine 概要 & アップデート @ GCPUG Kansai Summit Day 2018
ianlewis
2
830
Extending Kubernetes with Custom Resources and Operator Frameworks
ianlewis
10
3.6k
Kubernetesのセキュリティのベストプラクティス
ianlewis
12
16k
Scheduling and Resource Management in Kubernetes
ianlewis
2
1.3k

Other Decks in Technology

See All in Technology
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
4
890
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.9k
現代CSSフレームワークの内部実装とその仕組み
poteboy
8
3.5k
Compose Compiler Metricsを使った実践的なコードレビュー
tomorrowkey
1
210
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
590
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
160
最近たまに見かけるTiDBってなんだ? - Findy
pingcap0315
2
750
VS CodeでAWSを操作しよう
smt7174
7
1.6k
データベース02: データベースの概念
trycycle
0
140
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
280
ChatworkのSRE部って実は 半分くらいPlatform Engineering部かもしれない
saramune
0
150
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
330

Featured

See All Featured
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
659
120k
Optimizing for Happiness
mojombo
370
69k
Writing Fast Ruby
sferik
621
60k
How to Ace a Technical Interview
jacobian
272
22k
A better future with KSS
kneath
231
16k
Web Components: a chance to create the future
zenorocha
305
41k
Building Applications with DynamoDB
mza
88
5.6k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
Building a Scalable Design System with Sketch
lauravandoore
456
32k
KATA
mclloyd
15
12k
Debugging Ruby Performance
tmm1
70
11k

Transcript

  1. Docker & Pods The many forms of containers

  2. Confidential & Proprietary Google Cloud Platform 2 Ian Lewis Developer

    Advocate - Google Cloud Platform Tokyo, Japan google.com/+IanLewis-hoge @IanMLewis
  3. None

  4. Confidential & Proprietary Google Cloud Platform 4 What are containers?

  5. Confidential & Proprietary Google Cloud Platform 5 1. Linux cgroup

    2. Linux Namespace a. IPC b. Network (eth & IP address) c. Mount d. PID e. User f. UTS (Hostname & NIS) Containers

  6. Confidential & Proprietary Google Cloud Platform 6 1. Linux cgroup

    2. Linux Namespace a. IPC b. Network (eth & IP address) c. Mount d. PID e. User f. UTS (Hostname & NIS) Containers Container Image File System Metadata

  7. Confidential & Proprietary Google Cloud Platform 7 docker run nginx

  8. Google Cloud Platform Docker Containers IPC Network PID Hostname Mount

    nginx IPC Network PID Hostname Mount nginx IPC Network PID Hostname Mount nginx

  9. Google Cloud Platform IPC Network PID Hostname Mounts nginx IPC

    Network PID Hostname Mount git pull IPC Network PID Hostname Mount nginx Docker Containers

  10. Google Cloud Platform IPC Network PID Hostname IPC Network PID

    Hostname Mount git pull IPC Network PID Hostname Mount nginx VOLUME Docker Containers nginx

  11. Copyright 2015 Google Inc Container Cluster Management Node Node Cluster

    Node

  12. Copyright 2015 Google Inc Container Cluster Management Node Node Node

    VOLUME?? VOLUME?? Cluster

  13. Copyright 2015 Google Inc Container Cluster Management Node VOLUME

  14. Copyright 2015 Google Inc Container Cluster Management Node NFS NFS

    NAS

  15. Copyright 2015 Google Inc Node Container Cluster Management Node N

    FS N FS NAS

  16. Google Cloud Platform Pods & Docker? confd nginx HUP W

    RITE READ etcd CHANGE nginx.conf app app app IP Address LB

  17. Google Cloud Platform Container Container Pods & Docker? confd nginx

    HUP W RITE READ etcd CHANGE ? ? ? ?

  18. Google Cloud Platform Pods & Docker? Container nginx confd foreman

  19. Google Cloud Platform Container foreman Pods & Docker? nginx confd

  20. Google Cloud Platform Container foreman Pods & Docker? Everything’s A-OK!!

    nginx confd Crash-Restart Loop

  21. Copyright 2015 Google Inc Google has been running all of

    it’s services in containers for about 10 years. We start about 2 billion containers per week. Images by Connie Zhou

  22. Confidential & Proprietary Google Cloud Platform 22 http://research.google.com/pubs/pub43438.html

  23. http://research.google.com/pubs/pub43438.html

  24. Image by Connie Zhou

  25. job hello_world = { runtime = { cell = 'ic'

    } // Cell (cluster) to run in binary = '.../hello_world_webserver' // Program to run args = { port = '%port%' } // Command line parameters requirements = { // Resource requirements ram = 100M disk = 100M cpu = 0.1 } replicas = 5 // Number of tasks } 10000 Developer View

  26. Hello world! Hello world! Hello world! Hello world! Hello world!

    Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Image by Connie Zhou Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world! Hello world!

  27. Kubernetes κυβερνήτης: Greek for “pilot” or “helmsman of a ship”

    the open source cluster manager from Google

  28. Google Cloud Platform Pods Small group of containers & volumes

    Tightly coupled The atom of scheduling & placement Shared namespace • share IP address & localhost • share IPC, etc. Managed lifecycle • bound to a node, restart in place • can die, cannot be reborn with same ID Example: data puller & web server Consumers Content Manager File Puller Web Server Volume Pod

  29. Google Cloud Platform Pods & Docker? confd nginx HUP W

    RITE READ etcd CHANGE nginx.conf app app app IP Address LB

  30. Google Cloud Platform IPC Network Pods docker … --net=container: id

    --ipc=container:id Hostname cgroup Web Server Pod cgroup File Puller localhost

  31. Google Cloud Platform Pods (TODO) docker … --net=container: id --ipc=container:id

    -- pid=container:id https://github. com/docker/docker/issue s/10163 IPC Network PID Hostname cgroup Web Server cgroup File Puller localhost

  32. Kubernetes Master/Scheduler Cluster: Execution Environment Machine Host Machine Host Machine

    Host Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Node

  33. Log Roller Web Server Machine Host Machine Host Machine Host

    Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Kubernetes Master/Scheduler Pods Container Container Pod

  34. FE FE FE FE FE FE BE BE BE BE

    BE BE BE BE BE Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Kubernetes - Master/Scheduler How to differentiate multiple pods?

  35. labels: role: frontend FE FE FE FE FE FE BE

    BE BE BE BE BE BE BE BE Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Kubernetes - Master/Scheduler Labels

  36. labels: role: frontend stage: production Machine Host Machine Host Machine

    Host Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Kubernetes - Master/Scheduler FE FE FE FE FE FE BE BE BE BE BE BE BE BE BE Labels

  37. FE FE FE FE replicas: 4 template: ... labels: role:

    frontend stage: production Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Kubernetes - Master/Scheduler Replication Controller: Managing Many Pods

  38. FE replicas: 1 template: ... labels: role: frontend stage: production

    Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Kubernetes - Master/Scheduler Replication Controller: Scaling FE FE FE

  39. FE FE FE replicas: 3 template: ... labels: role: frontend

    stage: production Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Machine Host Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Container Agent Kubernetes - Master/Scheduler Replication Controller: Scaling

  40. Thank you! Thanks! Ian Lewis twitter.com/IanMLewis