Linux  Containers  &  Docker   Ahmet  Alp  Balkan   8/14/2014   NOT  MICROSOFT  CONFIDENTIAL   

‘Real’  containers   

What  is  special  about  containers?   

Power  of  Containers   •  Standard  format  everybody  agrees  on   •  Once  you  seal  the  box,  it  gets  shipped  “as  is”   •  SeparaVon  of  concerns   – Building  ó  Packaging  ó  Shipping   

Containers  vs.  VMs   

Type  1  Hypervisor     Hardware   VM   VM   OperaVng  System   OperaVng  System   bins/libs   bins/libs   App   App   App   App   Hypervisor   Kernel   

Type  2  Hypervisor     Hardware   Hypervisor  So[ware   VM   VM   OperaVng  System   OperaVng  System   bins/libs   bins/libs   App   App   App   App   OperaVng  System   App   App   App   

Linux  Containers   Hardware   OperaVng  System  (Linux)   bins/libs   Container   Container   bins/libs   App   App   App   

lxc:  Linux  Containers   •  OS-­‐Level  virtualizaVon,  no  Hypervisor   •  Namespacing   –  PIDs   –  user  IDs   –  network  tables   –  mounted  drivers   –  …   •  Started  in  2006.   •  Developed  by  a  team  of  4   –  v1.0  in  2014.   

cgroups:  Control  Groups   •  Fair  resource  usage  sharing  for  Linux  kernel   – CPU   – Memory   – I/O   •  Started  in  2007.   – by  2  Google  Engineers   

Distributed  ApplicaVon  Model   Front-­‐end  (web)   App  services   Background  workers   DB   Cache  Servers   

Advantages  of  containers   •  Only  one  kernel  runs  on  the  machine   •  No  Hypervisor  overhead.   –  Apps  directly  run  on  CPU   –  Rack  space  &  power  &  more  free  CPU  cycles   •  Run  different  versions  of  OS  on  same  server   –  Run  different  OSes  on  the  same  server   •  Process  isolaVon  &  security   

Use  of  Linux  Containers   •  Borg   –  Google’s  “secret  sauce”   –  Everything  runs  in  containers   –  Not  open  source     •  Mesos   –  Developed  by  Twiger   –  Open  sourced   “IT’S  A  WAY  OF  STITCHING  TOGETHER  A   COLLECTION  OF  MACHINES  INTO,  BASICALLY,   A  BIG  COMPUTER.”   

No content

…is  a  Linux  container  engine   

…is  Open  Source   

…is  also  a  company.   

Why  was  Docker  born?   •  Shipping  code  to  servers  is  hard   •  It’s  hard  to  glue  the  technology   – LXC  +  cgroups   – lmcky:  “Let  me  contain  that  for  you”   •  open  source  version  of  Google’s  container  stack     •  There  is  no  standard  image  format   

Another  moVve:  eliminaVng  Ops   •  So[ware  used  to  be  deployed  by  ops  teams   •  Docker  might  be  “the  first  true  DevOps  tool”   – Increased  shipment  cadence   – Fast  moving  engineering  culture   •  Sysadmins  no  more.   – A  great  abstracVon  over  infrastructure.   

Why  is  Docker  special?   •  The  real  value  is  not  technology.   •  It’s  “gelng  people  to  agree  on  something”.   – Packaging  and  delivery  method.   

Cloud  as  one  big  machine   docker  client   $  docker  run  …   libswarm   

Demo  Vme   Linux  VM  on  Azure   docker  daemon   docker  client   Container   Container   App   App   

Docker  Image  Layers   ubuntu   apache+php   ADD    /my/applicaIon   ADD    /my/configuraIon   200  MB   250  MB   260  MB   261  MB   50  MB  diff   10  MB  diff   1  MB  diff   

Layers  &  Reuse   Base  Linux  DistribuVon  image   Google  configuraVon   mapreduce   crawler   web  frontend   video  encoder   

Dockerfile   FROM ubuntu:latest MAINTAINER Ahmet RUN apt-get install nginx mysql python ADD /my/app /var/www/app ENTRYPOINT /var/www/app/server.py $ docker build 

Dockerfile  inheritance   FROM microsoft/aspnet-vnext MAINTAINER Bob ADD /my/app /var/www/app ENTRYPOINT /var/www/app/Server.cs Reuse   

Docker  use  cases   •  Just  like  VMs  in  producVon   –  SpoVfy,  eBay   •  One  off  tasks   –  Build  automaVon   –  ConVnuous  integraVon   –  TesVng   –  Bug  repros   •  Making  the  cloud  look  like  “one  big  machine”     

…  is  a  minimal  host  OS  (Linux)  for  Docker.   

…is  an  open  source  project   

…is  also  a  company   

…is  auto  self-­‐updaVng.   

…has  rollbacks.     (updates  are  atomic)   

Clustering   •  Kubernetes  (by  Google)   –  for  clustering  Docker  containers  across  nodes   –  Inspired  by  Google’s  internal  systems  like  Borg/ Omega   –  Open  source   –  10+  years  of  experience  in  running  containers   –  ContribuVons  by  Microso[  &  IBM  etc.   •  fleet  (by  CoreOS)   –  for  clustering  CoreOS  nodes   –  Open  source     

Cons  of  Docker   •  Linux  only   – Probably  will  never  support  Windows.     •  Security  risks     •  Same  pricing  as  VMs   •  SVll  developing  ecosystem   

Further  reading   •  Return  of  the  Borg  (Wired)   •  Inside  the  Borg  and  Mesos  (Verge)   •  Google  Open  Sources  Its  Secret  Weapon  in  Cloud   CompuVng:  Kubernetes  (Wired)   •  Docker:  hgp://docker.com   •  CoreOS:  hgp://coreos.com   •  Running  Docker  on  Windows  (docker.com)   •  Docker  on  Azure  (azure.com)   •  Omega:  flexible,  scalable  schedulers  for  large  compute   clusters  SIGOPS  EuroSys  2013,  ACM,  pp.  351-­‐364     (Google  Research)   

Thanks.   QuesVons?