Slide 1

Slide 1 text

@coreoslinux @brandonphilips

Slide 2

Slide 2 text

About Me CTO/CO-FOUNDER systems engineer @brandonphilips github.com/philips

Slide 3

Slide 3 text

@brandonphilips

Slide 4

Slide 4 text

CoreOS Linux - Modern Kernels for Containers - Regular rolling update Alpha, Beta, Stable - Container runtimes out of the box - Docker - rkt - systemd-nspawn

Slide 5

Slide 5 text

100+ repos github.com/coreos

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

container user story

Slide 8

Slide 8 text

you as an sw engineer

Slide 9

Slide 9 text

your with Ada.Text_IO; procedure Hello_World is use Ada.Text_IO; begin Put_Line("Hello, world!"); end; #include int main() { printf("Hello, world!\n"); } package main import "fmt" func main() { fmt.Println("Hello, world!") }

Slide 10

Slide 10 text

your container image

Slide 11

Slide 11 text

your container image d474e8c57737625c

Slide 12

Slide 12 text

your d474e8c57737625c Signed By: Alice

Slide 13

Slide 13 text

your d474e8

Slide 14

Slide 14 text

your d474e8 d474e8 d474e8 Signed By: Alice Signed By: Alice Signed By: Alice

Slide 15

Slide 15 text

mesos + containers - Containerizers have existed for a long time - Uses Linux primitives to isolate from host system - Images not standardized: naming/finding/building - Marathon & Aurora fork/exec processes well - Tricky to use external init processes (e.g. docker) - What we will discuss - A specification for images (appc) - A runtime that can be fork/execd (rkt)

Slide 16

Slide 16 text

let's build an appc image

Slide 17

Slide 17 text

github.com/coreos/rkt

Slide 18

Slide 18 text

$ rkt

Slide 19

Slide 19 text

$ rkt

Slide 20

Slide 20 text

$ rkt fetch

Slide 21

Slide 21 text

$ rkt run

Slide 22

Slide 22 text

bash rkt application

Slide 23

Slide 23 text

runit rkt application

Slide 24

Slide 24 text

systemd rkt application

Slide 25

Slide 25 text

upstart rkt application

Slide 26

Slide 26 text

$ rkt run coreos.com/etcd:v2.0.11

Slide 27

Slide 27 text

stage0

Slide 28

Slide 28 text

stage1

Slide 29

Slide 29 text

stage2

Slide 30

Slide 30 text

github.com/appc/spec

Slide 31

Slide 31 text

Image Format Application Container Image (.aci) tarball of rootfs + manifest uniquely identified by ImageID (hash)

Slide 32

Slide 32 text

Image Discovery Resolves app name →artefact (.aci) example.com/http-server coreos.com/etcd DNS + HTTPS + HTML meta tags

Slide 33

Slide 33 text

Crypto Verification Take an ACI, public key and signature. Verify()

Slide 34

Slide 34 text

Pods grouping of multiple applications (templated or deterministic) shared execution context (namespaces, volumes)

Slide 35

Slide 35 text

Executor runtime environment isolators, networking, lifecycle metadata service

Slide 36

Slide 36 text

github.com/opencontainers/specs

Slide 37

Slide 37 text

appc and OCI aka https://xkcd.com/927

Slide 38

Slide 38 text

OCI - Open Containers Initiative - Announced June 2015 (as OCP) - Lightweight, open governance project - Linux Foundation - Container runtime format - configuration on disk, execution environment - Runtime implementation (runc)

Slide 39

Slide 39 text

appc vs OCI appc - image format - runtime environment - pods - image discovery OCI - runtime format - runtime environment

Slide 40

Slide 40 text

appc vs OCI appc runtime - environment variables - Linux device files - hooks - etc... - multiple apps OCI runtime - environment variables - Linux device files - hooks - etc... - single app (process)

Slide 41

Slide 41 text

Conclusions

Slide 42

Slide 42 text

github.com/coreos/rkt

Slide 43

Slide 43 text

MESOS-1806 +

Slide 44

Slide 44 text

github.com/appc/spec App Container

Slide 45

Slide 45 text

github.com/opencontainers/specs OCI

Slide 46

Slide 46 text

Thank you @brandonphilips coreos.com tectonic.com