The why and the what: • Containers vs VMs • app-level dependency management • lightweight (startup time, footprint, average runtime) • isolation & security
• namespaces • Isolate PIDs between processes • Isolate process to network resources • Isolate the hostname to fake it out (UTS) • Isolate the filesystem mount points (chroot) • Isolate inter process communication (IPC) • Isolate specific users to specific processes • cgroups https://sysadmincasts.com/episodes/14-introduction-to-linux-control-groups-cgroups
• Docker Hub https://hub.docker.com/ • Google Cloud https://cloud.google.com/tools/container-registry/ • AWS https://aws.amazon.com/ecr/ • Run your own https://docs.docker.com/registry/deploying/
9 • containers share same kernel (!) • namespaces (user NS: UID 0 recently introduced) • lock down networking (ICC, for example) • apply common sense when handling credentials
10 Please, don't bake credentials into images … rather do: $ docker run -d -e API_TOKEN=SECRET somedatabase $ docker run -d -v $(pwd):/fsecret:/fsecret:ro somedatabase → even better: use a key-value in-memory store such as Square's KeyWhiz, HashiCorp's Vault, or Crypt or native solutions such as Kubernetes Secrets for credentials.
Any Service on DC/OS Any Infrastructure DC/OS Your favorite services, container formats, and those yet to come Build apps once on DCOS, and run it anywhere Runs distributed apps anywhere as simply as running apps on your laptop
• A top-level ASF project • A cluster resource negotiator • Scalable to 10,000s of nodes but also useful for a handful of nodes • Fault-tolerant, battle-tested • An SDK for distributed apps • Native Docker support mesos.apache.org
resource: anything a task consumes to do its work • standard resources: cpu mem disk ports • Dominant Resource Fairness (DRF) algorithm guarantees fair allocation across resource types
• One cluster for • stateless services such as Web servers & app servers (via Marathon) • stateful services like PostgreSQL, MemSQL, Kafka, Cassandra, etc. • elastic data processing via Spark, Akka, etc. • CI/CD, for example Jenkins+Marathon • Dynamic partitioning of your cluster, depending on your needs • Increased utilization (10% → 80%+)
DC/OS 'init system' • starts instances of a long-running services • restarts the instances if they crash • provides composition primitives • supports health checks • supports rolling upgrades
• Groups can contain one or more apps/groups • Dependency management • Scaling https://mesosphere.com/blog/2015/06/21/web-application-analytics-using-docker-and-marathon/
mhausenblas
tacck
niwatakeru
trishagee
rrreeeyyy
hogelog
.jpeg){kind=avatar}
arthur1
salaboy
ken5scal
coincheck_recruit
asei
naospon
syntasso
phodgson
geoffreycrofte
philhawksworth
jacobian
andyhume
kastner
samanthasiow
samlambert
eileencodes
brianwarren
jonrohan
matthewcrist
