Introduction to Kunal Kushwaha 

whoami? - Kunal Kushwaha ๏ NTT Labs ๏ Contributor - Docker & related projects. ๏ Docker Tokyo Meetup Co Organizer. @kunalkushwaha 

Linux Containers • A container is a group of isolated processes – cgroups – namespace • Isolated processes run straight on the host – native CPU performance – minimal memory overhead – minimal network performance overhead 

Cgroups 

Cgroups (control groups) • Linux kernel feature • Resource limitations • Accounting • Groups of processes • May be nested 

Cgroups submodules • memory • CPU • network IO • disk IO 

Namespaces 

namespaces • Linux kernel feature • wrap particular global system resource in an abstracted & isolated instance • May be nested 

Different kinds of namespaces • Currently 6 namespaces supported by Linux Kernel • mnt (mount points, filesystems) • pid (processess) • net (network stack) • ipc (System V IPC) • uts (hostname) • user (UIDs) 

Implementations 

VM vs Containers 

12 VMs 

13 Containers 

Containers vs VM App A Hypervisor (Type 2) Host OS Server Guest OS Bins/ Libs App A’ Guest OS Bins/ Libs App B Guest OS Bins/ Libs App A’ Docker Host OS Server Bins/Libs App A Bins/Libs App B App B’ App B’ App B’ VM Container Containers are isolated, but share OS Kernel and, where appropriate, bins/ libraries Guest OS Guest OS … result is significantly faster deployment, much less overhead, easier migration, faster restart. isolation is achieved with OS components like cgroups, namespaces, secomp, SELinux, apparmor etc. 

Startup Time 

Pros & Cons • Startup time reduced to few seconds from minutes. • lightweight • No hypervisor overhead • Can run 100 to 1000 containers instead of 10-20 VM’s. • Less secure 

No content

Loosely Coupled Services Many Small Servers ~2000 Today Monolithic Big Servers Slow changing Rapidly updated Application are changing 

•Many different stacks. •Many different targets. Deployment becomes very complex 

Virtual machines Server Public Cloud Disaster Recovery Developer Laptop Server Cluster Data Center Static Website Web Front End Background Workers User DB Analytics DB Queue API Endpoint Development Test & QA Production Scale Out The deployment challenge 

The Matrix from Hell 

Cargo Transport pre-1960 Multiplicity of Goods Multipilicity of methods for transporting/ storing Do I worry about how goods interact (e.g. coffee beans next to spices) Can I transport quickly and smoothly (e.g. from boat to train to truck) 

Also an NxN Matrix ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 

Solution: Intermodal Shipping Container Multiplicity of Goods Multiplicity of methods for transporting/storing Do I worry about how goods interact (e.g. coffee beans next to spices) Can I transport quickly and smoothly (e.g. from boat to train to truck) …in between, can be loaded and unloaded, stacked, transported efficiently over long distances, and transferred from one mode of transport to another A standard container that is loaded with virtually any goods, and stays sealed until it reaches final delivery. 

This eliminated NxN Problem… ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 

…and Spawned an Intermodal Shipping Container Ecosystem • 90% of all cargo now shipped in a standard container • Order of magnitude reduction in cost and time to load and unload ships • Massive reduction in losses due to theft or damage • Huge reduction in freight cost as percent of final goods (from >25% to <3%) • massive globalizations • 5000 ships deliver 200M containers per year 

Docker is Shipping Container system for Code Static website Web frontend User DB Queue Analytics DB Development VM QA server Public Cloud Contributor’s laptop Multiplicity of Stacks Multiplicity of hardware environments Production Cluster Customer Data Center Do services and apps interact appropriately? Can I migrate smoothly and quickly …that can be manipulated using standard operations and run consistently on virtually any hardware platform An engine that enables any payload to be encapsulated as a lightweight, portable, self-sufficient container… 

Or… put more simply Static website Web frontend User DB Queue Analytics DB Development VM QA server Public Cloud Contributor’s laptop Multiplicity of Stacks Multiplicity of hardware environments Production Cluster Customer Data Center Do services and apps interact appropriately? Can I migrate smoothly and quickly Operator: Configure Once, Run Anything Developer: Build Once, Run Anywhere (Finally) 

Eliminate the Matrix from Hell 

No content

Docker • Package • Docker provides the ability to package and run an application in a loosely isolated environment called a container. • Encapsulate your applications (and supporting components) into Docker containers • Run • The isolation and security allow you to run many containers simultaneously on a given host. • Because of the lightweight nature of containers, which run without the extra load of a hypervisor, you can run more containers on a given hardware combination than if you were using virtual machines. • Docker provides tooling and a platform to manage the lifecycle of your containers: • Ship • Distribute and ship containers to your teams for further development and testing • Deploy applications to your production environment, whether it is in a local data center or the Cloud 

Build on Giants 

Container Revolution • Started by making Linux containers usable. • Whole ecosystem was built. • Now moving towards standards • OCI (Open Container Initiative) • Runtime Specs • Image Specs • Docker libcontainer and image specs are donated for both. • No lock-in. 

Docker for Windows/Mac •Currently in public beta •Easy to install: Get up and running on Docker in minutes •Leverages Hyper-V (Windows) or xhyv (Mac)
 −Docker for Windows requires Windows Pro 10, Enterprise, or Education •Full API / CLI compatibility •OS integration for increased stability and speed 

•Native Windows containers powered by Docker Engine •Windows kernel engineered with new primitives to support containers •Deep integration with 2+ years of engineering collaboration in Docker Engine and Windows Server •Microsoft is top 5 Docker open source project contributor and a Docker maintainer Infrastructure Windows Server 2016 Bins/Libs App Docker Engine Bins/Libs App Bins/Libs App Docker + Windows Server = Windows Containers 

Docker ecosystem Dev Tools Official Repositories Operating Systems Big Data Service Discovery Build / Continuous Integration Configuration Management Consulting &Training Management Storage Clustering & Scheduling Networking Infrastructure & Service Providers Security Monitoring & Logging 

QA