CONTAINERS TECHNOLOGY
WITH DOCKER
CONTAINERS @ OVH
JORIS BONNEFOY MICKAËL FORTUNATO
INTRODUCTIONCONTAINERS
INTRODUCTION TO CONTAINERS TECHNOLOGIES
HISTORY OF CONTAINERS
1982 chroot
2000 FreeBSD Jails
2001 Linux-VServer
2005 Solaris Zones
2006 Generic Process
Containers
2007 Control groups
2008 Kernel namespaces
2008 LXC
2013 Docker
HOW TO DEPLOY AND ISOLATE AN APPLICATION ANYWHERE WITHOUT TAKING CARE ABOUT THE ENVIRONMENT?
Container-based Virtualization
INTRODUCTION TO CONTAINERS TECHNOLOGIES
INTRODUCTION TO CONTAINERS TECHNOLOGIES
WHAT IS THE CONTAINER-BASED VIRTUALIZATION?
INTRODUCTION TO CONTAINERS TECHNOLOGIES
WHAT IS THE CONTAINER-BASED VIRTUALIZATION?
QUESTIONS?DO YOU HAVE SOME
UNDERSTANDING THE UNDERLYING ARCHITECTURE
CONTAINERS
USER AND KERNEL SPACES
INTRODUCTION TO CONTAINERS TECHNOLOGIES
NON-ISOLATED APPLICATIONS
INTRODUCTION TO CONTAINERS TECHNOLOGIES
ISOLATED APPLICATIONS
INTRODUCTION TO CONTAINERS TECHNOLOGIES
CONTAINERS VS VIRTUAL MACHINES
INTRODUCTION TO CONTAINERS TECHNOLOGIES
CONTAINERS VS VIRTUAL MACHINES
INTRODUCTION TO CONTAINERS TECHNOLOGIES
QUESTIONS?DO YOU HAVE SOME
ISOLATION: NAMESPACES, CONTROL GROUPS, UID SHIFT
DOCKER
DOCKER - A CONTAINER STANDARD
CONTROL GROUPS
DOCKER - A CONTAINER STANDARD
PID NAMESPACE
DOCKER - A CONTAINER STANDARD
NETWORK NAMESPACE
DOCKER - A CONTAINER STANDARD
USER NAMESPACE / UID SHIFT
QUESTIONS?DO YOU HAVE SOME
IMAGES AND STORAGE
DOCKER
DOCKER - A CONTAINER STANDARD
DOCKER IMAGES & CONTAINERS
▸ UnionFS
▸ Each layer is a branch
▸ An image is the union mount of a set of branches
▸ Copy-on-Write
▸ Images are shared between containers, layers are read-only
▸ A read/write layer is added at the top to handle the modification made into the container
DOCKER - A CONTAINER STANDARD
DOCKER IMAGES & CONTAINERS
▸ Jeff Bonwick (Sun - 2005)
▸ 128 bits filesystem
▸ Volume management
▸ Snapshots & clones
▸ Checksum
▸ Compression
▸ Deduplication
▸ Replication
DOCKER - A CONTAINER STANDARD
ZFS - NEXT GENERATION FILESYSTEM
DOCKER - A CONTAINER STANDARD
ZFS ON DOCKER
DOCKER - A CONTAINER STANDARD
ZFS AND COPY-ON-WRITE
QUESTIONS?DO YOU HAVE SOME
SIMPLE CASE
DOCKER NETWORKING
DOCKER NETWORKING
THE CONTAINER NETWORK MODEL
▸ Null
▸ Bridge (single-host)
▸ Overlay (multi-host)
DOCKER NETWORKING
THE CONTAINER NETWORK MODEL
DOCKER NETWORKING
BRIDGE NETWORKING WITH VETH
DOCKER NETWORKING
ISOLATED BRIDGED NETWORKS
QUESTIONS?DO YOU HAVE SOME
CLUSTERINGDOCKER NETWORKING
DOCKER NETWORKING
OVERLAY NETWORKING
DOCKER NETWORKING
OVERLAY DATA PLANE
DOCKER NETWORKING
OVERLAY CONTROL PLANE
DOCKER NETWORKING
OVERLAY DOCKER_GWBRIDGE NETWORK
QUESTIONS?DO YOU HAVE SOME
UNIKERNELWHAT'S NEXT IN DOCKER?
WHAT'S NEXT?
UNIKERNEL - THE FUTURE OF DOCKER?
QUESTIONS?DO YOU HAVE SOME