About Me
CTO/CO-FOUNDER
systems engineer
@brandonphilips
github.com/philips
Slide 3
Slide 3 text
@brandonphilips
Slide 4
Slide 4 text
CoreOS Linux
- Modern Kernels for Containers
- Regular rolling update Alpha, Beta, Stable
- Container runtimes out of the box
- Docker
- rkt
- systemd-nspawn
Slide 5
Slide 5 text
100+ repos
github.com/coreos
Slide 6
Slide 6 text
No content
Slide 7
Slide 7 text
container user story
Slide 8
Slide 8 text
you as an sw engineer
Slide 9
Slide 9 text
your
with Ada.Text_IO;
procedure Hello_World is
use Ada.Text_IO;
begin
Put_Line("Hello, world!");
end;
#include
int main()
{
printf("Hello, world!\n");
}
package main
import "fmt"
func main() {
fmt.Println("Hello, world!")
}
Slide 10
Slide 10 text
your
container
image
Slide 11
Slide 11 text
your
container
image
d474e8c57737625c
Slide 12
Slide 12 text
your d474e8c57737625c
Signed By: Alice
Slide 13
Slide 13 text
your
d474e8
Slide 14
Slide 14 text
your
d474e8
d474e8
d474e8
Signed By: Alice
Signed By: Alice
Signed By: Alice
Slide 15
Slide 15 text
mesos + containers
- Containerizers have existed for a long time
- Uses Linux primitives to isolate from host system
- Images not standardized: naming/finding/building
- Marathon & Aurora fork/exec processes well
- Tricky to use external init processes (e.g. docker)
- What we will discuss
- A specification for images (appc)
- A runtime that can be fork/execd (rkt)
Slide 16
Slide 16 text
let's build an appc image
Slide 17
Slide 17 text
github.com/coreos/rkt
Slide 18
Slide 18 text
$ rkt
Slide 19
Slide 19 text
$ rkt
Slide 20
Slide 20 text
$ rkt fetch
Slide 21
Slide 21 text
$ rkt run
Slide 22
Slide 22 text
bash
rkt
application
Slide 23
Slide 23 text
runit
rkt
application
Slide 24
Slide 24 text
systemd
rkt
application
Slide 25
Slide 25 text
upstart
rkt
application
Slide 26
Slide 26 text
$ rkt run coreos.com/etcd:v2.0.11
Slide 27
Slide 27 text
stage0
Slide 28
Slide 28 text
stage1
Slide 29
Slide 29 text
stage2
Slide 30
Slide 30 text
github.com/appc/spec
Slide 31
Slide 31 text
Image Format
Application Container Image (.aci)
tarball of rootfs + manifest
uniquely identified by ImageID (hash)
Slide 32
Slide 32 text
Image Discovery
Resolves app name →artefact (.aci)
example.com/http-server
coreos.com/etcd
DNS + HTTPS + HTML meta tags
Slide 33
Slide 33 text
Crypto Verification
Take an ACI, public key and signature.
Verify()
Slide 34
Slide 34 text
Pods
grouping of multiple applications
(templated or deterministic)
shared execution context
(namespaces, volumes)
Slide 35
Slide 35 text
Executor
runtime environment
isolators, networking, lifecycle
metadata service
Slide 36
Slide 36 text
github.com/opencontainers/specs
Slide 37
Slide 37 text
appc and OCI
aka https://xkcd.com/927
Slide 38
Slide 38 text
OCI - Open Containers Initiative
- Announced June 2015 (as OCP)
- Lightweight, open governance project
- Linux Foundation
- Container runtime format
- configuration on disk, execution environment
- Runtime implementation (runc)
Slide 39
Slide 39 text
appc vs OCI
appc
- image format
- runtime
environment
- pods
- image discovery
OCI
- runtime format
- runtime
environment
Slide 40
Slide 40 text
appc vs OCI
appc runtime
- environment
variables
- Linux device files
- hooks
- etc...
- multiple apps
OCI runtime
- environment
variables
- Linux device files
- hooks
- etc...
- single app
(process)