app container · app container spec noun a new, open specification for running applications in...
TRANSCRIPT
Jonathan Boullegithub.com/jonboulle@baronboulle
appc != Rocket
App Container Spec nounA new, open specification for running
applications in containers
Containers?!
KERNELSYSTEMDSSH
PYTHONJAVANGINXMYSQLOPENSSL
dist
ro d
istr
o di
stro
dis
tro
dist
ro d
istr
o di
stro
dis
tro
dist
ro d
istr
o di
stro
APP
KERNELSYSTEMDSSH
LXC/DOCKER/ROCKET
PYTHONJAVANGINXMYSQLOPENSSL
dist
ro d
istr
o di
stro
dis
tro
dist
ro d
istr
o di
stro
dis
tro
dist
ro d
istr
o di
stro
APP
Application Containersself-contained
portabledecoupled from operating system
appc principlesWhy are we doing this?
OpenIndependent GitHub organisation
Contributions from Cloud Foundry, Mesosphere, Google, Red Hat
(and many others!)
Simple but efficientSimple to understand and implement, but eye to optimisation (e.g. content-based
caching)
SecureCryptographic image addressing
Image signing and encryptionContainer identity
Standards-basedWell-known tools (tar, gzip, gpg, http), extensible with modern technologies
(bittorrent, xz)
ComposableIntegrate with existing systems
Non-prescriptive about build workflowsOS/architecture agnostic
appc components
Image FormatApplication Container Imagetarball of rootfs + manifest
uniquely identified by ImageID (hash)
Image DiscoveryApp name →artefact
HTTPS + HTML
Executorgrouped applicationsruntime environment
isolatorsnetworking
Metadata Servicehttp://$AC_METADATA_URL/acMetadata
container metadatacontainer identity (HMAC verification)
appc tooling
$ actool buildrootfs + manifest → ACI
$ actool validateis this ACI compliant with the spec?
$ actool discoverexample.com/app -> https://example.
com/releases/app.aci
ACE validatoris this executor compliant with the spec?
$EXECUTOR run ace_validator.aci
appc community
cdaylward/libappcC++ library for working with app containers
cdaylward/noseconeC++ executor for running app containers
(sidenote: mesos)https://issues.apache.org/jira/browse/MESOS-2162
3ofcoins/jetpackFreeBSD Jails/ZFS-based executor
(by @mpasternacki)
sgotti/acidoACI toolkit (build ACIs from ACIs)
appc/docker2acidocker2aci busybox/latest
docker2aci quay.io/coreos/etcd
appc/goacigoaci github.com/coreos/etcd
appc statusStabilisingv0.3.0+git
TODO: pods, isolators
github.com/coreos/[email protected]
implementation of appcdiscoveryexecutor
metadata service
golang + Linuxself-contained
init system agnostic
CLI onlyno daemon
apps run directly under spawning process
bash
rkt
application
runit
rkt
application
systemd
rkt
application
upstart
rkt
application
Rocket internalsmodular architecture
execution divided into stagesstage0 → stage1 → stage2
stage0rkt binary
discover, retrieve application imagesset up container filesystems
stage1execution environment for apps
container rootfs + init binaryapp process management, cgroups,
metadata service
stage2actual app execution
rocket v0.1.0first version (announcement)
somewhat limited..
rkt fetchrkt fetch https://example.com/my_app.aci
rkt fetch coreos.com/etcd:v2.0.0.rc1simple CAS on disk
rkt runrkt run coreos.com/etcd:v2.0.0-rc.1
rkt run ./my-app.acirkt run sha512-fcdf125873...
rocket v0.3.2+gitwhat's new?
new commands!rkt enterrkt list
rkt statusrkt gc
rkt trust
rkt enter, listenter the namespaces of an application
list containers on the system
rkt status, rkt gcfile-based locking (flock)
mark-and-sweep gc (time based)
rkt trusteasily manage public ACI signing keys
rkt trust --prefix coreos.com/etcdrkt trust --root https://foo.com/key.asc
stage1 as ACIno more go-bindata
swappable execution environmentsdistribution packaging friendly!
Docker image supportrkt run docker://redis:latest
Rocket Crash course!
rocket v0.4.0+what's coming?
networking"it's complicated"
networkingIP-per-pod
extensible plugin-based systemhttp://goo.gl/lQA9PB
host systemd integration$ machinectl list
$ machinectl terminate
developer environmentsinteractive containers
filesystem diffs → new ACI
Kubernetesgithub.com/GoogleCloudPlatform/kubernetes/issues/2725
http://goo.gl/kJTj96
App Container+
get involved!GitHub: "help wanted" label
Questions?
Credits
● SpaceX Falcon 9 Landing by Elon Musk ● Golang gopher by Renee French, licensed
under CC BY 3.0● Tux by Larry Ewing, Simon Budig and Anja
Gerwinski