don’t talk to strangers: test isolation with containers

Don’t talk to strangers

Test isolation with containers

Hristo Iliev, Georgi Sabev | SAP Labs 18-19 November, Sofia

Hristo Iliev

ISTAcon.org 18-19 November, Sofia

SAP

• NetWeaver Application Server Java

• SAP HANA Cloud Platform

Open Source

• Eclipse Virgo

• Cloud Foundry (Diego & Abacus)

Georgi Sabev


SAP

• SAP HANA Cloud Platform

Open Source

• Cloud Foundry (Diego & Abacus)

PicturesCreative Commons @ Flickr


Creating Working Software


Tests

Automation

Discipline

Problems


Test Pollution


Environment variables

Database records

Files

Programs / libraries

Resource contention


Processes compete for

• CPU

• Memory

• I/O

Multiple environments


OS

Mobile / Desktop

Cloud / Standalone

Databases

Versions

Test problems summary


Test pollution

Resource contention

Multiple environments

Solutions


Traditional

• Dedicated hardware

• Virtual machines

• Cloud: AWS, Azure

New tools

Containersbuild, isolate, ship


Container: Resource isolation

Tenant 1 Tenant 2 Tenant 3

Pro

cess

A

Pro

cess

B

Pro

cess

C

Pro

cess

D

Pro

cess

E

Pro

cess

F

CPU

Kernel




Pro

cess

A

Pro

cess

B

Pro

cess

C

Pro

cess

D

Pro

cess

E

Pro

cess

F

Kernel

A FEDCB




Pro

cess

A

Pro

cess

B

Pro

cess

C

Pro

cess

D

Pro

cess

E

Pro

cess

F

CPU

Kernel

A FEDCB




Pro

cess

A

Pro

cess

B

Pro

cess

C

Pro

cess

D

Pro

cess

E

Pro

cess

F

CPU

Kernel

A FEDCB

Linux Kernel


Container: Namespace isolation


Pro

cess

A

Pro

cess

B

Pro

cess

C

Pro

cess

A

Pro

cess

A

Pro

cess

B

PID, Network, Mount, User

Kernel


Containerization = Lightweight Virtualization


Operating System

Hypervisor

Virtual Machine

Operating System

Bins / libs

App App

Virtual Machine

Operating System

Bins / libs

App App

Container Daemon

Container

Bins / libs

App App

Container

Bins / libs

App App

Virtualization Containerization

Operating System

Hardware Hardware

Container

?


Container

ISTAcon.org18-19 November, Sofia

Network

User

cgroups

PID

Isolation

Container

+

Content


Network

User

cgroups

PID

Isolation

Container

++

Content Processes


Network

User

cgroups

PID

Isolation

Container

Network

User

cgroups

PID


Container actions

Make me a container


Container actions

Put this in itMake me a container


Container actions

Put this in it Run this for meMake me a container


Docker


“Build, Ship, Run” Containers

• Dockerfile

• Docker image

• Docker Hub

Logos


Docker

Linux

Go lang

Demo


https://github.com/hsiliev/strangers


Containers: Pros & Cons


Pros

• Isolation

• Reproducible environment

• Easy to maintain

Cons

• Multi-platform

• Discipline

Software Production


Complexity

Tests

Automation

PipelinesMultiple-builds


Popular solutions


Build servers

Jenkins

Travis

…

Homegrown

ConcourseCI, Pipelines, Delivery


Concourse


Reproducible builds

Simple building blocks

Docker containers

Concourse: Concepts


Resources

Tasks

Jobs

Build Job

ConfigureMakeInstall

Source Binary

Concourse: Pipeline


resource

jobvalidated resource

Demo


https://github.com/hsiliev/strangers


Concourse: Pros & Cons


Pros

• Reproducible environment

• Native pipeline support

• Release process modeling

Cons

• Maturity

• Scripting

Q&AISTAcon.org 18-19 November, Sofia

Thank you!

[email protected]

[email protected]

Hristo Iliev, Georgi Sabev | SAP Labs 18-19 November, Sofia