oscon 2017: build your own container-based system with the moby project
TRANSCRIPT
![Page 1: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/1.jpg)
Patrick Chanezon, @chanezon
David Chung, @dchungsf
Mindy Preston, @mindypreston
Build your own container-based system
with the Moby project
May 2017
![Page 2: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/2.jpg)
French
Polyglot
Platforms
Software Plumber
San Francisco
Developer Relations
@chanezon
![Page 3: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/3.jpg)
Docker
![Page 4: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/4.jpg)
The world needs
tools of mass innovation
![Page 5: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/5.jpg)
A programmable Internet would be the ultimate
tool of mass innovation
![Page 6: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/6.jpg)
A commercial product,
built on
a development platform,
built on
infrastructure,
built on
standards.
Docker is building a stack to program the Internet
![Page 7: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/7.jpg)
Docker is building a stack to program the Internet
CE
EE
![Page 8: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/8.jpg)
enterprise edition
Ubuntu
Fedora
Mac
Azure
CentOS
Windows 10
AWS
Debian
community edition
Ubuntu
Windows Server
Azure
CentOS
Suse
Red Hat
AWS
Oracle Linux
![Page 9: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/9.jpg)
Orchestration
Container Runtime
OS
Infrastructure Management
Container Platform Layers
Application Services
![Page 10: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/10.jpg)
Docker is a platform made of components
Raft StoreNode
IdentitySecrets
Routing
Mesh
Overlay
Networking
Swarm Orchestration
Engine
Application Services
![Page 11: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/11.jpg)
12,000,000,000
11,000,000,000
10,000,000,000
9,000,000,000
8,000,000,000
7,000,000,000
6,000,000,000
5,000,000,000
4,000,000,000
3,000,000,000
2,000,000,000
1,000,000,000
Notary
runC
containerd
HyperKit , VPNKit, DataKit
SwarmKit
libcontainer
libnetwork
InfraKit
2013 2014 2015 2016 2017
1M2014
PULLS
1B2015
PULLS
6B2016
PULLS
12B2017
PULLS
linuxKit
![Page 12: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/12.jpg)
LinuxKitA toolkit for building secure, portable and lean operating systems for containers
![Page 13: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/13.jpg)
Taking Dockermulti-platform
“I want Docker for X”
![Page 14: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/14.jpg)
Desktop Server Cloud
I want Docker for…
![Page 15: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/15.jpg)
Not every platform provides a Linux subsystem
![Page 16: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/16.jpg)
Not every platform provides a Linux subsystem
Orchestration
Container Runtime
Linux Subsystem
Infrastructure Management
Application Services
![Page 17: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/17.jpg)
The container movement needs asecure, lean, portable subsystem
![Page 18: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/18.jpg)
The container movement needs
a secure, lean, portable Linux subsystem.
introducing
![Page 19: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/19.jpg)
Only works with
containers
- Smaller attack
surface
- Immutable
infrastructure
- Sandboxed system
services
- Specialized patches
and configuration
Incubator for
security innovations
- Wireguard,
Landlock, KSPP
- MirageOS type
safe system
daemons
Community-first
security process
- Linux is too big
for any one
company to
secure it
- Participate in
existing Linux
security efforts
1. LinuxKit: a SECURE Linux subsystem
![Page 20: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/20.jpg)
- Minimal size, minimal boot time
- All system services are containers
- Everything can be removed or
replaced
2. LinuxKit: a LEAN Linux subsystem
![Page 21: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/21.jpg)
- Desktop, server, IoT, mainframe
- Intel & ARM
- Bare metal & virtualized
3. LinuxKit: a PORTABLE Linux subsystem
![Page 22: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/22.jpg)
Docker and Microsoft collaborate to bringLinux containers to Windows
+ +
![Page 23: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/23.jpg)
https://github.com/linuxkit/linuxkit
Get Started with LinuxKit
![Page 24: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/24.jpg)
MobyAn open framework to assemble specialized container systems without reinventing the wheel.
![Page 25: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/25.jpg)
Pioneers 2013 - 2014
![Page 26: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/26.jpg)
Production Model: open-source!
![Page 27: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/27.jpg)
Use case: cloud native apps on Linux server
Early Adopters 2015 - 2016
![Page 28: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/28.jpg)
Production Model: OPEN COMPONENTS
![Page 29: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/29.jpg)
Mainstream 2017 - 2018Containers are spreading to every category of computing:
server, datacenter, cloud, IoT, desktop, mobile…
![Page 30: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/30.jpg)
Case study:
Specializing Docker for the mainstream
Desktop Server Cloud
![Page 31: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/31.jpg)
The open component model shows its limits…
![Page 32: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/32.jpg)
The auto industry has solved this problem: COMMON ASSEMBLIES.
![Page 33: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/33.jpg)
Scaling the Docker production model: share components AND
ASSEMBLIES.
![Page 34: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/34.jpg)
It’s time to take our ecosystem to the next level…
By collaborating on components AND COMMON ASSEMBLIES.
![Page 35: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/35.jpg)
![Page 36: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/36.jpg)
– Library of 80+ components
– Package your own
components as containers
– Reference assemblies
deployed on millions of nodes
– Create your own assemblies
or start from an existing one
A framework to assemble
specialized container
systems without
reinventing the wheel.
![Page 37: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/37.jpg)
Docker uses Moby for its
open-source
– Thousands of contributors,
hundreds of patches/week
– Component development
– Specialized assembly
development
– Integration tests
– Architecture design
– Integration with other projects
– Experimentation and bleeding
edge features
![Page 38: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/38.jpg)
Docker uses Moby for its
open-source...
and so can you!
– Community-run
– Open governance inspired by
the Fedora project
– Plays well with existing
projects - no donation
necessary!
![Page 39: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/39.jpg)
Moby and Docker
![Page 40: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/40.jpg)
What it means for you
Moby helps you
innovate without tying
you to Docker
System BuildersDocker Users
Docker will better leverage
the ecosystem to innovate
faster for you
![Page 41: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/41.jpg)
Moby transforms multi-month R&D projects into weekend projects.
![Page 42: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/42.jpg)
locked-down Linux with remote attestation
Weekend project #1:
Notary
![Page 43: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/43.jpg)
custom CI/CD stack
Weekend project #2:
Notary Registry Docker Builder
+
![Page 44: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/44.jpg)
custom CI/CD stack + Debian+ Terraform
Weekend project #3:
Notary Docker Builder
+
Registry
![Page 45: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/45.jpg)
“RedisOS”
Weekend project #4:
![Page 46: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/46.jpg)
"RedisOS"for Windows
"RedisOS"for Mac
"RedisOS"for bare metal
HyperKit
bare metal
![Page 47: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/47.jpg)
Etcd clustering on Google Cloud
Weekend project #5:
![Page 48: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/48.jpg)
SSHD
Kubernetes on the Mac
Weekend project #6:
HyperKit
![Page 49: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/49.jpg)
Getting Started
- Blog https://mobyproject.org/blog
- Twitter @moby
- Github moby/moby
![Page 50: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/50.jpg)
Let’s take containers mainstream!
![Page 51: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/51.jpg)
![Page 52: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/52.jpg)
InfraKitA toolkit for building declarative, self-healing infrastructure.
![Page 53: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/53.jpg)
What is it?
53
• Launched at LinuxCon, Berlin in October, 2016.
• Toolkit for building declarative, self-managing
distributed applications
• Active management with active controllers
• scaling groups, rolling updates
• monitoring / health checks
• connecting nodes to L4 / ingress
• Declarative infrastructure
![Page 54: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/54.jpg)
Architecture
CLI
API
![Page 55: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/55.jpg)
container orchestration
Where does it fit?
55
kubectl run nginx --image=nginx
gcloud container node-pools list --zone us-
central1-f --cluster MyWorkers
aws autoscaling update-auto-scaling-group
--auto-scaling-group-name MyWorkers
docker create service nginx …
infrakit group describe workers
az vmss create --resource-group vmss-
test-1 --name MyWorkers
container orchestration
infrastructure orchestrationinfrastructure orchestration
list, err :=
group.Controller.Describe(“workers”)
![Page 56: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/56.jpg)
App Opscontainer orchestrationApp Ops
One console across environments
56
kubectl run nginx --image=nginx docker create service nginx …
infrakit group describe workers
container orchestration
infrastructure orchestration
list, err :=
group.Controller.Describe(“workers”)
AWS RackHDAZ GCP OneVIEWMAASKVM VMW
Cloud Ops Hardware OpsCluster Ops
![Page 57: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/57.jpg)
Configuration
Example config file (zk.conf): Group configuration = Instance + Flavor
{"Properties": {
/* raw configuration */
}}
{"groups" : {
"my_zookeeper_nodes" : {"Properties" : {
"Instance" : {"Plugin": "instance-vagrant","Properties": {
"Box": "bento/ubuntu-16.04"}
},"Flavor" : {
"Plugin": "flavor-zookeeper","Properties": {
"type": "member","IPs": ["192.168.1.200", "192.168.1.201", "192.168.1.202"]
}}
}}
}}
![Page 58: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/58.jpg)
Current Status
![Page 59: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/59.jpg)
Support more platforms
59
• Compute:
• Bare-metal: HP OneView, MAAS, RackHD
• Public cloud: AWS, GCP
• MacOS X (HyperKit); Docker containers
• Coming soon: Azure, IBM, Digital Ocean,
Packet, libvirt
• Other resource types
• AWS - vpc, subnets, gateways, etc.
![Page 60: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/60.jpg)
Improve usability
60
• Templates
• Complex scripts and configuration in any format;
no more escape quotes in JSON
• Fetch templates from remote repositories
• Playbooks
• CLI - flags, prompts — config driven and
dynamic
• Share “playbooks” from remote repositories
![Page 61: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/61.jpg)
Improve core system
61
• High Availability — Swarm Mode or etcd
• New Plugin types — Metadata and Events
• Metadata: cluster-wide sysfs and reflection
• Events - publish / subscribe
• Remote client access: infrakit -H host:port to remote cluster
![Page 62: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/62.jpg)
Road Map
![Page 63: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/63.jpg)
Use Cases
63
• Support container orchestration
• bootstrapping + day N management
• API for cluster autoscaling
• k8s, Docker Swarm Mode
• Bare-metal + GPU provisioning
• IoT — LinuxKit integration / custom kernel
deployment
![Page 64: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/64.jpg)
Improve usability
64
• Finalize API / Schema for 1.0
• Make it easy to consume
• Simplify setup - fewer daemons and binaries
• Embeddable / vendor API
• Sensible CLI for stable / experimental features
• Make it easy to extend / contribute
• metadata / instance plugins
• playbooks / reusable templates
• community CI / compatibility testing
• Documentation
![Page 65: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/65.jpg)
Improve core system
65
• Provisioning of diverse resource types
• networks / proxies / load balancers
• GPU
• Stability / performance of core controllers
• Asynchronous messaging - mqtt, natsd, amqp
• Monitoring + Health check SPI
![Page 66: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/66.jpg)
Support more platforms
66
• Direct libvirt / KVM / CUDA
• Better bare-metal / hardware ops integration
• Kernel image build pipeline — LinuxKit
Build, test, and deploy clusters from infrastructure
definitions to kernel images
![Page 67: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/67.jpg)
Get involved
https://github.com/docker/infrakit
dockercommunity.slack.com: #infrakit
![Page 68: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/68.jpg)
![Page 69: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/69.jpg)
Learn More at OSCON
- Mindy Preston, Amir Chaudhry’s
“MirageOS 3: Smaller, lighter, and more transparent”
Wednesday 4:15 pm
- David Chung, Bill Farner
“InfraKit: A toolkit for infrastructure orchestration”
Thursday 11 am
![Page 70: Oscon 2017: Build your own container-based system with the Moby project](https://reader034.vdocument.in/reader034/viewer/2022050613/5a6477727f8b9afc4d8b47a1/html5/thumbnails/70.jpg)
THANK YOU