what’s the deal with containers, anyway?
TRANSCRIPT
© Foskett Services
2
Stephen Foskettis the organizer of Tech Field Day,
proprietor of Gestalt IT,strangely interested in storage,
baseball believer,all-around nerd, car nut,
Microsoft MVP and VMware vExpert,former first-chair bass clarinet player and punk rock frontman,
obsessive about lightbulbs, lover of a good Manhattan,watch blogger, Apple blogger, vegetarian blogger,
dad to three kids with anagram names,grammar obsessive, avid reader,
King of the Andals and the First Men,humanist, frequent traveler,
and (apparently) lover of his own voice
© Foskett Services
3
Contain Yourself!•Containers are everywhere suddenly•What’s the deal?•Why now?
© Foskett Services
4
What is a Container, Anyway?•A container is an
operating system user space that:▫Is contained: Has
strict boundaries; limited libraries and tools
▫Contains an application: Custom-designed to run a specific application
•Operating System-level virtualization
© Foskett Services
5
The OS Stack•System Space
▫Kernel (device management, memory management)
▫Device Drivers (storage, networking, video)
•User Space▫Libraries and
resources▫Utilities▫Applications
© Foskett Services
6
Entering User Space•GNU/Linux: GNU is user-space, Linux is
system space•Citrix WinFrame/Microsoft Terminal
Services: Multiple user spaces•Linux control groups (cgroups) manages
multiple user spaces
© Foskett Services
7
Container History•UNIX v7 Chroot (1979)•Citrix WinFrame/Microsoft Terminal
Services (1995)•FreeBSD Jails (2000)•Linux-VServer (2001)•Solaris Containers/Zones (2004) (AIX/HP-
UX later)•OpenVZ/Virtuozzo (2005)•Linux Containers/LXC (2008)•Docker (2013)
© Foskett Services
8
What Docker Got Right•Developer focus
▫Modern tools, friendly configuration, API’s/integration
•Docker Hub▫“App store”
•Easy storage▫Layered storage▫AUFS/OverlayFS
•Openness and extensibility (eventually)▫Networking and storage
•Coopetition/Cooption▫Swarm
© Foskett Services
9
How Docker Works
© Foskett Services
10
Images and Containers•An image is a filesystem and runtime
parameters•You run an image and it becomes a
container
© Foskett Services
11
Best Practices•Simple images
▫Only the libraries and utilities you need▫Minimize the number of layers (usability
and performance)•Simple containers
▫One application per container (one process on Linux!)
▫Multi-container applications are cool!▫Active storage in external volumes
© Foskett Services
12
Dockerfiles•Dockerfile
▫Describes a docker instance in standard terms
▫Typically based on an existing image▫Usually includes specific application installs
(apt-get or yum)▫Run a command▫Create an image and store it in the Hub
•Docker Compose▫Describes a multi-container application
instance▫Ports, volumes, configuration variables
© Foskett Services
13
Layered Storage•Most Docker images have 3-5 layers of
storage•Like tracing paper – writes only hit the top
layer•Copy-on-write is a core Docker value•“Content-addressable” hash-based storage
since 1.10•Focused on capacity optimization and fast
startup
© Foskett Services
14
Docker Storage Options•Union Filesystems:
▫AUFS▫OverlayFS
•Snapshot-Based:▫Devicemapper (LVM block storage)▫Btrfs▫ZFS
•Pluggable storage drivers
© Foskett Services
15
Docker Data Volume Storage•Docker containers can use external(ish)
storage as a “Data Volume”▫Mounting a directory inside a container▫No copy-on-write or layers▫Can be external storage (SAN/NAS)
© Foskett Services
16
Docker Data Volume Containers
•Can also create “Data Volume Containers”▫A regular Docker container with data
volumes▫Shares data volumes with other containers▫Like a file server but in Docker
© Foskett Services
17
Persistence•Docker’s approach is for containers not to
be persistent▫“Cattle” approach - start up additional
containers based on the same image▫No mobility - kill containers and start new
ones elsewhere•But container data is persistent (until you
rm it)•Proper data persistence requires data
volumes or a data volume container
© Foskett Services
18
Internal Networking•Docker Engine networking is extremely
simple▫Bridge network to containers▫Built-in DNS server
•Overlay networks▫Key-value store▫802.1q VLANs▫VXLAN in Swarm
•Network plugins
© Foskett Services
19
External Networking•Network Port Mapping to local host•Routing: Ip_forward/iptables
© Foskett Services
20
Docker Swarm Mode• Integrated clustering
▫Automatic clustering and management▫Decentralized design▫Scaling (up and down)▫Overlay networking▫Rolling updates
•Docker is late to the party (Kubernetes, Mesos) but made scale-out applications incredibly easy
© Foskett Services
21
What Can We Do with Containers?
© Foskett Services
22
Consistent Application EnvironmentOne application per container;one container per application
•Probably the most-overlooked aspect of Docker
•Never again worry about OS level, patches, incompatible applications and utilities
•Never any "competition" from other applications
© Foskett Services
23
Security•Many security issues come from unused
utilities and application components•Escalation of privileges affects the entire
system
But…
•Containerized applications shouldn't have many unused utilities
•Nothing else running means nothing else to infect
© Foskett Services
24
Scalable Application Platforms•Scaling applications is incredibly difficult,
especially once you get past the single-server barrier
• It's still difficult with containers but containers make it so easy that developers might finally create segmented/containerized scalable applications!
• Imagine "worker" tasks in containers contributing to a decentralized, scalable whole
© Foskett Services
25
The Future is Containerized!•Containerized applications have many
benefits•Developers love containers (especially
Docker!)•Microsoft loves containers and cloud•Many benefits for Devs and Ops alike!