Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pods @ Container Meetup Tokyo

Ian Lewis
November 03, 2016
Technology
2
580

Pods @ Container Meetup Tokyo

Ian Lewis

November 03, 2016
Tweet

More Decks by Ian Lewis

See All by Ian Lewis
Kubernetes Security Best Practices
ianlewis
38
26k
The Enemy Within: Running untrusted code in Kubernetes
ianlewis
0
1.2k
The Enemy Within: Running untrusted code with gVisor
ianlewis
4
1.1k
KubeCon EU Runtime Track Recap
ianlewis
3
1.6k
コンテナによるNoOpsオートメーション
ianlewis
2
140
Google Kubernetes Engine 概要 & アップデート @ GCPUG Kansai Summit Day 2018
ianlewis
2
880
Extending Kubernetes with Custom Resources and Operator Frameworks
ianlewis
10
3.7k
Kubernetesのセキュリティのベストプラクティス
ianlewis
12
17k
Scheduling and Resource Management in Kubernetes
ianlewis
2
1.4k

Other Decks in Technology

See All in Technology
Lambdaと地方とコミュニティ
miu_crescent
2
370
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
130
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
100
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
B2B SaaSから見た最近のC#/.NETの進化
sansantech
PRO
0
740
Amazon CloudWatch Network Monitor のススメ
yuki_ink
1
200
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
4
1.4k
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
380
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
2
350
Why does continuous profiling matter to developers? #appdevelopercon
salaboy
0
180
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
120

Featured

See All Featured
A Tale of Four Properties
chriscoyier
156
23k
A Philosophy of Restraint
colly
203
16k
Music & Morning Musume
bryan
46
6.2k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
Designing Experiences People Love
moore
138
23k
Building Your Own Lightsaber
phodgson
103
6.1k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Agile that works and the tools we love
rasmusluckow
327
21k

Transcript

  1. Docker & Pods The many forms of containers

  2. Confidential & Proprietary Google Cloud Platform 2 Ian Lewis Developer

    Advocate - Google Cloud Platform Tokyo, Japan google.com/+IanLewis-hoge @IanMLewis

  3. Confidential & Proprietary Google Cloud Platform 3 What are containers?

  4. Confidential & Proprietary Google Cloud Platform 4 1. Linux cgroup

    2. Linux Namespace a. IPC b. Network (eth & IP address) c. Mount d. PID e. User f. UTS (Hostname & NIS) Containers

  5. Confidential & Proprietary Google Cloud Platform 5 1. Linux cgroup

    2. Linux Namespace a. IPC b. Network (eth & IP address) c. Mount d. PID e. User f. UTS (Hostname & NIS) Containers Container Image File System Metadata

  6. Confidential & Proprietary Google Cloud Platform 6 docker run nginx

  7. Google Cloud Platform Docker Containers IPC Network PID Hostname Mount

    nginx IPC Network PID Hostname Mount nginx IPC Network PID Hostname Mount nginx

  8. Google Cloud Platform IPC Network PID Hostname Mounts nginx IPC

    Network PID Hostname Mount git pull IPC Network PID Hostname Mount nginx Docker Containers

  9. Google Cloud Platform IPC Network PID Hostname Mounts nginx IPC

    Network PID Hostname Mount git pull IPC Network PID Hostname Mount nginx Docker Containers VOLUME VOLUME Host Volume

  10. Google Cloud Platform IPC Network PID Hostname IPC Network PID

    Hostname Mount git pull IPC Network PID Hostname Mount nginx Docker Containers nginx Host Volume

  11. Copyright 2015 Google Inc Container Cluster Management Node Node Cluster

    Node

  12. Copyright 2015 Google Inc Container Cluster Management Node Node Node

    VOLUME?? VOLUME?? Cluster

  13. Copyright 2015 Google Inc Container Cluster Management Node VOLUME

  14. Copyright 2015 Google Inc Container Cluster Management Node NFS NFS

    NAS

  15. Copyright 2015 Google Inc Node Container Cluster Management Node N

    FS N FS NAS

  16. Google Cloud Platform Pods & Docker? confd nginx HUP W

    RITE READ etcd CHANGE nginx.conf app app app IP Address LB

  17. Google Cloud Platform Container Container Pods & Docker? confd nginx

    HUP W RITE READ etcd CHANGE ? ? ? ?

  18. Google Cloud Platform Pods & Docker? Container nginx confd foreman

  19. Google Cloud Platform Container foreman Pods & Docker? nginx confd

  20. Google Cloud Platform Container foreman Pods & Docker? Everything’s A-OK!!

    nginx confd Crash-Restart Loop

  21. Kubernetes κυβερνήτης: Greek for “pilot” or “helmsman of a ship”

    the open source cluster manager from Google

  22. Google Cloud Platform Pods Small group of containers & volumes

    Tightly coupled The atom of scheduling & placement Shared namespace • share IP address & localhost • share IPC, etc. Managed lifecycle • bound to a node, restart in place • can die, cannot be reborn with same ID Example: data puller & web server Consumers Content Manager File Puller Web Server Volume Pod

  23. Google Cloud Platform Pods & Docker? confd nginx HUP W

    RITE READ etcd CHANGE nginx.conf app app app IP Address LB

  24. Google Cloud Platform IPC Network Pods docker … --net=container:id --ipc=container:id

    Hostname cgroup Web Server Pod cgroup File Puller localhost

  25. Google Cloud Platform Pods (TODO) docker … --net=container:id --ipc=container:id --pid=container:id

    https://github.com/docker /docker/issues/10163 IPC Network PID Hostname cgroup Web Server cgroup File Puller localhost

  26. Thank you! Thanks! Ian Lewis twitter.com/IanMLewis