The why and the what • Containers vs VMs • app-level dependency management • lightweight (startup time, footprint, average runtime) • security considerations • pets vs cattle (and flock of birds)
• Docker Hub https://hub.docker.com/ • Google Cloud https://cloud.google.com/tools/container-registry/ • AWS https://aws.amazon.com/ecr/ • Run your own https://docs.docker.com/registry/deploying/
11 • containers share same kernel (!) • namespaces (user NS: UID 0 recently introduced) • lock down networking (ICC, for example) • apply common sense when handling credentials
12 Please, don't bake credentials into images … rather do: $ docker run -d -e API_TOKEN=SECRET somedatabase $ docker run -d -v $(pwd):/fsecret:/fsecret:ro somedatabase → even better: use a key-value in-memory store such as Square's KeyWhiz, HashiCorp's Vault, or Crypt or native solutions such as Kubernetes Secrets for credentials.
13 Pets are individuals that you give names and when they get ill you nurse them back to health. Cattle are anonymous, identical to other cattle you assign numbers and when they get ill → next one. http://www.theregister.co.uk/2013/03/18/servers_pets_or_cattle_cern/
OF BIRDS 14 https://medium.com/@mhausenblas/pets-vs-cattle-vs-flock-of-birds-12f1da3abfc3 Flock of birds. Per-task computing: unit of compute is a function + dynamically allocated resources. • AWS Lambda • webtask.io • StackHut
ASF project • A cluster resource negotiator • Scalable to 10,000s of nodes but also useful for a handful of nodes • Fault-tolerant, battle-tested • An SDK for distributed apps • Native Docker support 23 Apache Mesos
init System for datacenters • starts instances of a long-running service somewhere in the cluster, for example, as Docker containers • restarts the instances if they crash • provides composition primitives • supports health checks • supports rolling upgrades
44 • open source container orchestration system • scheduling apps onto nodes + scaling • manages apps to match declared intentions • based on Google's internal cluster managers such as Borg
• container—sealed application package (Docker) • pod—small group of tightly coupled containers • labels—identifying metadata attached to objects (pods, services, etc.) • selector—query against labels, producing a set result • controller—control loop driving current state towards desired state • service—set of pods that work together (incl. proxy/load balancer)
• unit of scheduling • data sharing between its containers • shared mount point (volumes) • shared network namespace (same IP, see each other on localhost)
SELECTORS 48 • arbitrary metadata (in key-value format) attached to any API object • used for grouping, queryable by selectors • examples • pods managed by a replication controller • nodes capabilities for scheduling
51 • monitoring (e.g.: cAdvisor + InfluxDB + Heapster) • logging (e.g.: fluentd + ES + Kibana) • DNS (e.g.: skydns + kube2sky) • all of the above can be replaced by custom solutions (GCP, AWS, etc.)
OPERATING SYSTEM 54 Any Service or Container Any Infrastructure Mesosphere DCOS Your favorite services, container formats, and those yet to come Build apps once on DCOS, and run it anywhere Runs distributed apps anywhere as simply as running apps on your laptop
• Run stateless services such as Web servers, app servers (via Marathon) and stateful services like Crate, Kafka, HDFS, Cassandra, ArangoDB etc. together on one cluster • Dynamic partitioning of your cluster, depending on your needs (business requirements) • Increased utilization (10% → 80% an more)
mhausenblas
tsumita
kitsuya0828
imai448
ryder472
kimujun
tadaken3
sinsoku
nikkei_engineer_recruiting
hirosatogamo
oracle4engineer
.jpeg){kind=avatar}
arthur1
lycorp_recruit_jp
jacobian
csswizardry
holman
ufuk
thekraken
garrettdimon
skipperchong
mraible
addyosmani
vanstee
panda_program
jonyablonski
