SlideShare a Scribd company logo

Docker-v3.pdf

Bruno Cornec
Bruno Cornec

Slides Docker pour la présentation FLOSS au Campus Numérique

Software
1 of 28
Download to read offline
The Docker Ecosystem Definition,Architecture,Status March 2023 Bruno Cornec, HPE EG EMEA Open Source and Linux Strategist
Introducing myself ● Software engineering and Unices since 1988: – Mostly Configuration Management Systems (CMS), Build systems, quality tools, on multiple commercial Unix systems – Discovered Free, Libre, Open Source Software & Linux (FLOSS) & made first contributions in 1993 – Full time on OSL since 1995, first as HPE reseller then @HPE ● Currently: – WW FLOSS Technology Strategist in HPE, Grenoble, France – HPE FLOSS Advocate and Converged Infrastructure Ambassador – WW Linux Community Lead for the HPE Open Source Profession – AFUL and APRIL member. Mageia board member. FLOSSITA board chair. – Conferences at WW level at LinuxCon, Linux.conf.au, Fosdem, ... – MondoRescue, Project-Builder.org, python-redfish, UUWL and PUSK Project Lead – LinuxCOE, mrepo, tellico, rinse, fossology, collectl, Ironic contributor – FOSSBazaar/SPDX and FLOSS Governance enthusiast – Mageia (and Fedora) packager ● And also: – Amateur singer (Alto / Tenor), recorder player since 1976 and Choir director since 1987, CD collector (7000+), Concerts, Photography
Docker Architecture and Ecosystem
Container analogy Cargo transportation before the '60s: no standard way to transport goods – Multiplicity of goods and their security – Multiplicity of transportation methods The invention of the container allowed to – Support all type of goods – Can be loaded, unloaded, stacked – Support multiple transport mode – Sealed container – Standard transportation way leading to huge costs reduction
Container for software Computers before 2012 didn't had a standard way to transport IT workloads – Multiplicity of applications and their security – Multiplicity of transportation methods The invention of the container allowed to – Support all type of workload – Can be loaded, unloaded, stacked – Support multiple transport mode – Secure container – Standard transportation way leading to huge costs reduction
Bare-Metal vs VM vs Container Containerized application layer Bare metal application layer Virtualized application layer Container Network Storage Server Apps Host-OS Guest OS Apps Hypervisor Host-OS Infra structure Apps Apps Apps Apps Network Storage Server Network Storage Server
Docker In Brief • Vision: Build, Ship, and Run Any App Anywhere • Both: a company and an open source ecosystem (under the Apache license V2.0 since 2013) • Docker is a tool chain written in Go that simplifies the creation and management of containers. • Paradigm shift: “new” packaging model for deploying applications and services • Containers: A self-contained portable environment for packaging, deploying, and executing applications and services. Contains all execution dependencies for a service (one process == one container) • Better resource utilization: VMs virtualize the CPU, containers virtualize process(es) (lightweight) (launch in ms vs s, doesn't consume OS memory) • Application Lifecycle Management impact: – Build and configure once (integrated DevOps), and rebuild often ;-) – Deploy anywhere (laptop, server, cloud, …)
The Dev / Sec /Ops pipeline Agile development environment : Tested. Integrated. Portable. Optimized. Secured + + Ship Run Build From infrastructure to the cloud Composable Infrastructure Hybrid Cloud Cloud native & monolith Applications Developpers Communities enablement QA/Test Operations
What is Docker value-add ? Run applications in a neutral, lightweight and portable way Bundle: Everything packed together Layers: Images (ro) & containers (rw) using a union FS Registry: public/private registry of shared images Dockerfile: descriptive build of an image Volumes: loopback mounting host FS into container Ports: expose container services port to the host Portable: created once, run everywhere (on a given OS) Management: REST API/CLI Enterprise: Docker Enterprise (formerly DDC) Solomon Hykes, Docker Inc.
A layered approach Images Local or remote reference content to initiate a container Multiple images can be layered adding content at each time using Copy on Write FS Cache to speed up repeated operations Containers Last layer providing rw access to the cumulated set of images 1 application + its deps == 1 container
# List images $ docker images # Pull and run a container $ docker run -t -i repo:tag bash # List containers $ docker ps [-a] [-q] Demo 1: Managing images and containers
Basic Docker Workflow My computer Local Docker Engine Docker registry Images Containers Dockerfile FROM Ubuntu MAINTAINER pingouin@hpe.com RUN apt-get install apache2 ADD website /var/www/html/website EXPOSE 80 CMD /usr/bin/httpd }- Docker Hub
# Dockerfile $ cat Dockerfile FROM localhost:5000/pb:mageia-4-x86_64 RUN urpmi --force --auto apache ADD https://download.owncloud.org/community/owncloud- 7.0.3.tar.bz2 /var/www/html RUN urpmi --force --auto php php-dom php-mbstring php-pdo php-gd RUN chown -R apache:apache /var/www/html # Add persistent volume. VOLUME /data COPY run.sh /run.sh # Only 1 CMD! CMD /run.sh # Build image using the Dockerfile $ docker build . Demo 2: Dockerfile a receipe to build Docker images
Security • CTN Apps are more secured vs BM Apps • Docker has least priviledge principle • Different security isolation than VMs (Combine containers & VMs for improved security) • Uses cgroups, seccomp, namespaces, capabilities. Benefit from SELinux, apparmor, Grsecurity, PAX • Depends on choices and practices – Use of root privilege (only when necessary) – Disable SUID – Fine-grained privileges – Use advanced Docker configuration options • Trusted images / container secrets – Official images / Signed images – Vault –open source project to managing secrets • Container delivery pipeline can/should include security testing • Management of images and containers wrt security updates ● Container security continues to improve while its Understandably a hot topic
The Docker & Containers Ecosystem
Docker’s world Docker solutions and plumbling tools Plugin Extensibility Docker Libnetwork Networking Notary Security Docker Engine Creates & Runs containers Docker Machine Automated Provisioning Docker Compose Service Composition Docker Hub/Registry Package & Distribution Docker UCP Deploy & Manage Docker Swarm Native Host Clustering
Docker Compose – yaml file example weba: build: . expose: - 80 webb: build: . expose: - 80 haproxy: image: hypriot/rpi-haproxy volumes: - haproxy:/haproxy-override links: - weba - webb ports: - "80:80" - "70:70" expose: - "80" - "70"
Container Ecosystem – fantastic takeup Docker – Leader – Engine, Cluster, Build, Remote execution, ... Google – Open sourced Kubernetes container orchestration tool RedHat – integrated Docker into their RHEL7 releases. RH Atomic CaaS solution Redesigned OpenShift PaaS product to be based on Docker. SUSE – integrated Docker into their SLES 12 releases CaaS offering based on Docker, Kubernetes, Portus. PaaS on top based on CF to come CoreOS – Aim to be the best distribution to run Docker Goodies such as etcd, fleectl, rocket Mesosphere – Docker executor for Mesos (Chronos & Marathon) OpenStack – Nova & Glance drivers, Magnum (piloting Kubernetes/Swarm), Kolla and Kuryr Portainer.io – Management solution for docker engines or swarms
Container Ecosystem – fantastic takeup continued... IBM - integrated Docker into SoftLayer PaaS. Published KVM/Docker benchmarks Microsoft - made available Linux images in their Azure IaaS with Docker functionality Ongoing native Docker functionality for Windows Server VMWare – to integrate Docker functionality into vSphere. Joined Kubernetes initiative. Pivotal (CloudFoundry) – Replacing Warden by Docker (and Shipyard, Rancher, Panamax, ...)
Open Container Project • Standard specifications for a runtime and an image, vendor/architecture independent • Brings Docker and CoreOS back together (runC, appc, …) • https://www.opencontainers.org
The history of resources containment on Linux
Linux Resources management Support Linux Support Matrix OS minimal NUMA cgroups LXC KVM Namespace Upstream Kernel Linux 2.6.24 (Mar. 2008) 3.15/16 (2013) Linux 2.6.29 (2010) Linux 2.6.20 (Feb. 2007) Linux 2.6.19/24 (2007) 3.8 (2013) RHEL Yes (5.x) Yes (6.x) Yes (6.3) Yes (5.4) Yes (7.x) SLES Yes (10) Yes (11) Yes (11SP1) Yes (11) Yes (12) Fedora Yes Yes (F11) Yes (F12) Yes (F7) Yes (F19) Ubuntu Yes Yes (10.04) Yes (10.04) Yes (9.10) Yes (14.04)
– Help to manage groups of processes – Dedicated subsystems to manage specific resources: – Resource management: CPU shares, memory, blkio – Resource pools: CPU sets, ns, freezer, checkpoint/restart – Implemented as a special cgroup file system – Cgroup commands: cgcreate, cgexec, cgclear, cgclassify, ... – Cgroup services : ● cgconfig (/etc/cgconfig.conf), defines cgroups and mount points ● cgred (/etc/cgrules.conf), defines rules between tasks and cgroups – These are provided by libcgroup on top of the kernel cgroup virtual file system to allow persistence across reboot and ease of use. – Docker associates a cgroup to each container Linux Control Groups Share Dedicate
Linux workload management Shared resources example: ‘cpu’ cgroup subsystem – 'cpu' CGroup subsystem • cpu.shares – Shares default to 1024 – Customization example : Example of /etc/cgconfig.conf file: mount { cpu = /cgroup/cpu; } group default { cpu { cpu.shares = 1024; } } group db1 { cpu { cpu.shares = 3072; } } group db2 { cpu { cpu.shares = 6144; } } Share
Linux resource pools Dedicated resources example: ‘cpuset’ cgroup subsystem – CGroup subsystems: • cpuset −sets of CPU −sets of MEMORY (NUMA) • memory −limits the amount of RAM, RAM + SWAP −gives the current usage • blkio −change the behavior of Linux CFQ (Completely Fair Queue) Example of /etc/cgconfig.conf file: mount { cpuset = /cgroup/cpuset; } group default { cpuset { cpuset.cpus=0-2 ; cpuset.mem=0-2 } } group db2 { cpuset { cpuset.cpus=4-6 ; cpuset.mem=4-6 } } Dedicate
OS Virtualization (‘LXC / Docker’ containers) – Applications in a zone are isolated from the others (chroot on steroïds) • Security (as secure as your kernel) • Namespaces (root, UID, GID, network, PID, IPC, mount points, hostname/uts) • Cgroup Granularity • Single OS image manages HW accesses • Performance & transparency neither emulation nor full virtualization • Netfilter for network isolation (NAT and port fwd) • AuFS overlays isolated file systems on top of a physical file system – Other technos available • V-Server • Virtuozzo • OpenVZ Linux Containers OS Virt https://blog.docker.com/wp-content/uploads/2014/03/docker-execdriver-diagram.png
30/03/2023 Private | Confidential | Internal Use Only Project Build + metadata Use case: Continuous Packaging with Docker Docker Containers Local build Project Repository Local Build Server Packagers Developers
30/03/2023 Private | Confidential | Internal Use Only ”Changes are never easy to make. There is comfort and safety in tradition, but change must come, no matter how painful or expensive it may be.” Bill Hewlett Bruno.Cornec@hpe.com (Open Source and Linux Technology Strategist at the HP/Intel Solution Center) http://downloads.linux.hpe.com/ Linus Torvalds, Richard Stallman, Eric Raymond, Nat Makarevitch, René Cougnenc, Eric Dumas, Rémy Card, Bdale Garbee, Bryan Gartner, Craig Lamparter, Lee Mayes, Gallig Renaud, Andree Leidenfrost, Phil Robb, Bob Gobeille, Martin Michlmayr among others, for their work and devotion to the Open Source Software cause... and my family for their patience :-) THANK YOU

Recommended

Building distribution packages with Docker
Building distribution packages with DockerBuilding distribution packages with Docker
Building distribution packages with DockerBruno Cornec
 
Develop with linux containers and docker
Develop with linux containers and dockerDevelop with linux containers and docker
Develop with linux containers and dockerFabio Fumarola
 
2 Linux Container and Docker
2 Linux Container and Docker2 Linux Container and Docker
2 Linux Container and DockerFabio Fumarola
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and dockerFabio Fumarola
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Arun prasath
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 applicationRoman Rodomansky
 
Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015Filipe Miranda
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on AzurePatrick Chanezon
 

Recommended

Building distribution packages with Docker
Building distribution packages with DockerBuilding distribution packages with Docker
Building distribution packages with DockerBruno Cornec
 
Develop with linux containers and docker
Develop with linux containers and dockerDevelop with linux containers and docker
Develop with linux containers and dockerFabio Fumarola
 
2 Linux Container and Docker
2 Linux Container and Docker2 Linux Container and Docker
2 Linux Container and DockerFabio Fumarola
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and dockerFabio Fumarola
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Arun prasath
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 applicationRoman Rodomansky
 
Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015Filipe Miranda
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on AzurePatrick Chanezon
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
 
Bhushan m dev_ops_engr_31june
Bhushan m dev_ops_engr_31juneBhushan m dev_ops_engr_31june
Bhushan m dev_ops_engr_31juneBhushan Mahajan
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014Carlo Bonamico
 
Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationC4Media
 
Docker for .NET Developers
Docker for .NET DevelopersDocker for .NET Developers
Docker for .NET DevelopersTaswar Bhatti
 
Docker module 1
Docker module 1Docker module 1
Docker module 1Liang Bo
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Jérôme Petazzoni
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization WSO2
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationImesh Gunaratne
 
Docker+java
Docker+javaDocker+java
Docker+javaDPC Consulting Ltd
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetesDongwon Kim
 
Multi-OS Continuous Packaging with docker and Project-Builder.org
Multi-OS Continuous Packaging with docker and Project-Builder.orgMulti-OS Continuous Packaging with docker and Project-Builder.org
Multi-OS Continuous Packaging with docker and Project-Builder.orgBruno Cornec
 
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsElasTest Project
 
Michigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOFMichigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOFJeffrey Sica
 
Docker Multi-arch All The Things
Docker Multi-arch All The ThingsDocker Multi-arch All The Things
Docker Multi-arch All The ThingsDocker, Inc.
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developerPaul Czarkowski
 
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12dotCloud
 
Application Deployment on Openstack
Application Deployment on OpenstackApplication Deployment on Openstack
Application Deployment on OpenstackDocker, Inc.
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerJérôme Petazzoni
 
Diaporama-TMG.pdf
Diaporama-TMG.pdfDiaporama-TMG.pdf
Diaporama-TMG.pdfBruno Cornec
 
Diaporama-2023.pdf
Diaporama-2023.pdfDiaporama-2023.pdf
Diaporama-2023.pdfBruno Cornec
 

More Related Content

Similar to Docker-v3.pdf

Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
 
Bhushan m dev_ops_engr_31june
Bhushan m dev_ops_engr_31juneBhushan m dev_ops_engr_31june
Bhushan m dev_ops_engr_31juneBhushan Mahajan
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014Carlo Bonamico
 
Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationC4Media
 
Docker for .NET Developers
Docker for .NET DevelopersDocker for .NET Developers
Docker for .NET DevelopersTaswar Bhatti
 
Docker module 1
Docker module 1Docker module 1
Docker module 1Liang Bo
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Jérôme Petazzoni
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization WSO2
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationImesh Gunaratne
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetesDongwon Kim
 
Multi-OS Continuous Packaging with docker and Project-Builder.org
Multi-OS Continuous Packaging with docker and Project-Builder.orgMulti-OS Continuous Packaging with docker and Project-Builder.org
Multi-OS Continuous Packaging with docker and Project-Builder.orgBruno Cornec
 
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsElasTest Project
 
Michigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOFMichigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOFJeffrey Sica
 
Docker Multi-arch All The Things
Docker Multi-arch All The ThingsDocker Multi-arch All The Things
Docker Multi-arch All The ThingsDocker, Inc.
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developerPaul Czarkowski
 
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12dotCloud
 
Application Deployment on Openstack
Application Deployment on OpenstackApplication Deployment on Openstack
Application Deployment on OpenstackDocker, Inc.
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerJérôme Petazzoni
 

Similar to Docker-v3.pdf (20)

Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
 
Bhushan m dev_ops_engr_31june
Bhushan m dev_ops_engr_31juneBhushan m dev_ops_engr_31june
Bhushan m dev_ops_engr_31june
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
 
Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New Virtualization
 
Docker for .NET Developers
Docker for .NET DevelopersDocker for .NET Developers
Docker for .NET Developers
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
 
Docker+java
Docker+javaDocker+java
Docker+java
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
Multi-OS Continuous Packaging with docker and Project-Builder.org
Multi-OS Continuous Packaging with docker and Project-Builder.orgMulti-OS Continuous Packaging with docker and Project-Builder.org
Multi-OS Continuous Packaging with docker and Project-Builder.org
 
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
 
Michigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOFMichigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOF
 
Docker Multi-arch All The Things
Docker Multi-arch All The ThingsDocker Multi-arch All The Things
Docker Multi-arch All The Things
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developer
 
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
 
Application Deployment on Openstack
Application Deployment on OpenstackApplication Deployment on Openstack
Application Deployment on Openstack
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with Docker
 

More from Bruno Cornec

Diaporama-2023.pdf
Diaporama-2023.pdfDiaporama-2023.pdf
Diaporama-2023.pdfBruno Cornec
 
Concert Amicus Meus 2023
Concert Amicus Meus 2023Concert Amicus Meus 2023
Concert Amicus Meus 2023Bruno Cornec
 
intro-linux-v4.pdf
intro-linux-v4.pdfintro-linux-v4.pdf
intro-linux-v4.pdfBruno Cornec
 
Diaporama Exultate 2022
Diaporama Exultate 2022Diaporama Exultate 2022
Diaporama Exultate 2022Bruno Cornec
 
Diaporama-2021.pdf
Diaporama-2021.pdfDiaporama-2021.pdf
Diaporama-2021.pdfBruno Cornec
 
Introduction à Linux et aux logiciels libres
Introduction à Linux et aux logiciels libresIntroduction à Linux et aux logiciels libres
Introduction à Linux et aux logiciels libresBruno Cornec
 
Diaporama Variations 2019
Diaporama Variations 2019Diaporama Variations 2019
Diaporama Variations 2019Bruno Cornec
 
IPMI is dead, Long live Redfish
IPMI is dead, Long live RedfishIPMI is dead, Long live Redfish
IPMI is dead, Long live RedfishBruno Cornec
 
Diaporama Exultate 2019
Diaporama Exultate 2019Diaporama Exultate 2019
Diaporama Exultate 2019Bruno Cornec
 
Diaporama Exultate 2018
Diaporama Exultate 2018Diaporama Exultate 2018
Diaporama Exultate 2018Bruno Cornec
 
Diaporama Exultate 2017
Diaporama Exultate 2017Diaporama Exultate 2017
Diaporama Exultate 2017Bruno Cornec
 
Diaporama 2018 Guerre de 100 ans
Diaporama 2018 Guerre de 100 ansDiaporama 2018 Guerre de 100 ans
Diaporama 2018 Guerre de 100 ansBruno Cornec
 
Introduction aux logiciels libres et à Linux
Introduction aux logiciels libres et à LinuxIntroduction aux logiciels libres et à Linux
Introduction aux logiciels libres et à LinuxBruno Cornec
 
Diaporama 2011 Musique pour la Vierge
Diaporama 2011 Musique pour la ViergeDiaporama 2011 Musique pour la Vierge
Diaporama 2011 Musique pour la ViergeBruno Cornec
 
Diaporama 2012 Musique polychorale
Diaporama 2012 Musique polychoraleDiaporama 2012 Musique polychorale
Diaporama 2012 Musique polychoraleBruno Cornec
 
Diaporama 2016 Musique Allemande
Diaporama 2016 Musique AllemandeDiaporama 2016 Musique Allemande
Diaporama 2016 Musique AllemandeBruno Cornec
 
Diaporama 2015 François Ier
Diaporama 2015 François IerDiaporama 2015 François Ier
Diaporama 2015 François IerBruno Cornec
 
Guide Open Source Syntec Numérique
Guide Open Source Syntec NumériqueGuide Open Source Syntec Numérique
Guide Open Source Syntec NumériqueBruno Cornec
 
Using containers and Continuous Packaging to Build native FOSSology packages
Using containers and Continuous Packaging to Build native FOSSology packagesUsing containers and Continuous Packaging to Build native FOSSology packages
Using containers and Continuous Packaging to Build native FOSSology packagesBruno Cornec
 

More from Bruno Cornec (20)

Diaporama-TMG.pdf
Diaporama-TMG.pdfDiaporama-TMG.pdf
Diaporama-TMG.pdf
 
Diaporama-2023.pdf
Diaporama-2023.pdfDiaporama-2023.pdf
Diaporama-2023.pdf
 
Concert Amicus Meus 2023
Concert Amicus Meus 2023Concert Amicus Meus 2023
Concert Amicus Meus 2023
 
intro-linux-v4.pdf
intro-linux-v4.pdfintro-linux-v4.pdf
intro-linux-v4.pdf
 
Diaporama Exultate 2022
Diaporama Exultate 2022Diaporama Exultate 2022
Diaporama Exultate 2022
 
Diaporama-2021.pdf
Diaporama-2021.pdfDiaporama-2021.pdf
Diaporama-2021.pdf
 
Introduction à Linux et aux logiciels libres
Introduction à Linux et aux logiciels libresIntroduction à Linux et aux logiciels libres
Introduction à Linux et aux logiciels libres
 
Diaporama Variations 2019
Diaporama Variations 2019Diaporama Variations 2019
Diaporama Variations 2019
 
IPMI is dead, Long live Redfish
IPMI is dead, Long live RedfishIPMI is dead, Long live Redfish
IPMI is dead, Long live Redfish
 
Diaporama Exultate 2019
Diaporama Exultate 2019Diaporama Exultate 2019
Diaporama Exultate 2019
 
Diaporama Exultate 2018
Diaporama Exultate 2018Diaporama Exultate 2018
Diaporama Exultate 2018
 
Diaporama Exultate 2017
Diaporama Exultate 2017Diaporama Exultate 2017
Diaporama Exultate 2017
 
Diaporama 2018 Guerre de 100 ans
Diaporama 2018 Guerre de 100 ansDiaporama 2018 Guerre de 100 ans
Diaporama 2018 Guerre de 100 ans
 
Introduction aux logiciels libres et à Linux
Introduction aux logiciels libres et à LinuxIntroduction aux logiciels libres et à Linux
Introduction aux logiciels libres et à Linux
 
Diaporama 2011 Musique pour la Vierge
Diaporama 2011 Musique pour la ViergeDiaporama 2011 Musique pour la Vierge
Diaporama 2011 Musique pour la Vierge
 
Diaporama 2012 Musique polychorale
Diaporama 2012 Musique polychoraleDiaporama 2012 Musique polychorale
Diaporama 2012 Musique polychorale
 
Diaporama 2016 Musique Allemande
Diaporama 2016 Musique AllemandeDiaporama 2016 Musique Allemande
Diaporama 2016 Musique Allemande
 
Diaporama 2015 François Ier
Diaporama 2015 François IerDiaporama 2015 François Ier
Diaporama 2015 François Ier
 
Guide Open Source Syntec Numérique
Guide Open Source Syntec NumériqueGuide Open Source Syntec Numérique
Guide Open Source Syntec Numérique
 
Using containers and Continuous Packaging to Build native FOSSology packages
Using containers and Continuous Packaging to Build native FOSSology packagesUsing containers and Continuous Packaging to Build native FOSSology packages
Using containers and Continuous Packaging to Build native FOSSology packages
 

Recently uploaded

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 

Recently uploaded (20)

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 

Docker-v3.pdf

  • 1. The Docker Ecosystem Definition,Architecture,Status March 2023 Bruno Cornec, HPE EG EMEA Open Source and Linux Strategist
  • 2. Introducing myself ● Software engineering and Unices since 1988: – Mostly Configuration Management Systems (CMS), Build systems, quality tools, on multiple commercial Unix systems – Discovered Free, Libre, Open Source Software & Linux (FLOSS) & made first contributions in 1993 – Full time on OSL since 1995, first as HPE reseller then @HPE ● Currently: – WW FLOSS Technology Strategist in HPE, Grenoble, France – HPE FLOSS Advocate and Converged Infrastructure Ambassador – WW Linux Community Lead for the HPE Open Source Profession – AFUL and APRIL member. Mageia board member. FLOSSITA board chair. – Conferences at WW level at LinuxCon, Linux.conf.au, Fosdem, ... – MondoRescue, Project-Builder.org, python-redfish, UUWL and PUSK Project Lead – LinuxCOE, mrepo, tellico, rinse, fossology, collectl, Ironic contributor – FOSSBazaar/SPDX and FLOSS Governance enthusiast – Mageia (and Fedora) packager ● And also: – Amateur singer (Alto / Tenor), recorder player since 1976 and Choir director since 1987, CD collector (7000+), Concerts, Photography
  • 4. Container analogy Cargo transportation before the '60s: no standard way to transport goods – Multiplicity of goods and their security – Multiplicity of transportation methods The invention of the container allowed to – Support all type of goods – Can be loaded, unloaded, stacked – Support multiple transport mode – Sealed container – Standard transportation way leading to huge costs reduction
  • 5. Container for software Computers before 2012 didn't had a standard way to transport IT workloads – Multiplicity of applications and their security – Multiplicity of transportation methods The invention of the container allowed to – Support all type of workload – Can be loaded, unloaded, stacked – Support multiple transport mode – Secure container – Standard transportation way leading to huge costs reduction
  • 6. Bare-Metal vs VM vs Container Containerized application layer Bare metal application layer Virtualized application layer Container Network Storage Server Apps Host-OS Guest OS Apps Hypervisor Host-OS Infra structure Apps Apps Apps Apps Network Storage Server Network Storage Server
  • 7. Docker In Brief • Vision: Build, Ship, and Run Any App Anywhere • Both: a company and an open source ecosystem (under the Apache license V2.0 since 2013) • Docker is a tool chain written in Go that simplifies the creation and management of containers. • Paradigm shift: “new” packaging model for deploying applications and services • Containers: A self-contained portable environment for packaging, deploying, and executing applications and services. Contains all execution dependencies for a service (one process == one container) • Better resource utilization: VMs virtualize the CPU, containers virtualize process(es) (lightweight) (launch in ms vs s, doesn't consume OS memory) • Application Lifecycle Management impact: – Build and configure once (integrated DevOps), and rebuild often ;-) – Deploy anywhere (laptop, server, cloud, …)
  • 8. The Dev / Sec /Ops pipeline Agile development environment : Tested. Integrated. Portable. Optimized. Secured + + Ship Run Build From infrastructure to the cloud Composable Infrastructure Hybrid Cloud Cloud native & monolith Applications Developpers Communities enablement QA/Test Operations
  • 9. What is Docker value-add ? Run applications in a neutral, lightweight and portable way Bundle: Everything packed together Layers: Images (ro) & containers (rw) using a union FS Registry: public/private registry of shared images Dockerfile: descriptive build of an image Volumes: loopback mounting host FS into container Ports: expose container services port to the host Portable: created once, run everywhere (on a given OS) Management: REST API/CLI Enterprise: Docker Enterprise (formerly DDC) Solomon Hykes, Docker Inc.
  • 10. A layered approach Images Local or remote reference content to initiate a container Multiple images can be layered adding content at each time using Copy on Write FS Cache to speed up repeated operations Containers Last layer providing rw access to the cumulated set of images 1 application + its deps == 1 container
  • 11. # List images $ docker images # Pull and run a container $ docker run -t -i repo:tag bash # List containers $ docker ps [-a] [-q] Demo 1: Managing images and containers
  • 12. Basic Docker Workflow My computer Local Docker Engine Docker registry Images Containers Dockerfile FROM Ubuntu MAINTAINER pingouin@hpe.com RUN apt-get install apache2 ADD website /var/www/html/website EXPOSE 80 CMD /usr/bin/httpd }- Docker Hub
  • 13. # Dockerfile $ cat Dockerfile FROM localhost:5000/pb:mageia-4-x86_64 RUN urpmi --force --auto apache ADD https://download.owncloud.org/community/owncloud- 7.0.3.tar.bz2 /var/www/html RUN urpmi --force --auto php php-dom php-mbstring php-pdo php-gd RUN chown -R apache:apache /var/www/html # Add persistent volume. VOLUME /data COPY run.sh /run.sh # Only 1 CMD! CMD /run.sh # Build image using the Dockerfile $ docker build . Demo 2: Dockerfile a receipe to build Docker images
  • 14. Security • CTN Apps are more secured vs BM Apps • Docker has least priviledge principle • Different security isolation than VMs (Combine containers & VMs for improved security) • Uses cgroups, seccomp, namespaces, capabilities. Benefit from SELinux, apparmor, Grsecurity, PAX • Depends on choices and practices – Use of root privilege (only when necessary) – Disable SUID – Fine-grained privileges – Use advanced Docker configuration options • Trusted images / container secrets – Official images / Signed images – Vault –open source project to managing secrets • Container delivery pipeline can/should include security testing • Management of images and containers wrt security updates ● Container security continues to improve while its Understandably a hot topic
  • 15. The Docker & Containers Ecosystem
  • 16. Docker’s world Docker solutions and plumbling tools Plugin Extensibility Docker Libnetwork Networking Notary Security Docker Engine Creates & Runs containers Docker Machine Automated Provisioning Docker Compose Service Composition Docker Hub/Registry Package & Distribution Docker UCP Deploy & Manage Docker Swarm Native Host Clustering
  • 17. Docker Compose – yaml file example weba: build: . expose: - 80 webb: build: . expose: - 80 haproxy: image: hypriot/rpi-haproxy volumes: - haproxy:/haproxy-override links: - weba - webb ports: - "80:80" - "70:70" expose: - "80" - "70"
  • 18. Container Ecosystem – fantastic takeup Docker – Leader – Engine, Cluster, Build, Remote execution, ... Google – Open sourced Kubernetes container orchestration tool RedHat – integrated Docker into their RHEL7 releases. RH Atomic CaaS solution Redesigned OpenShift PaaS product to be based on Docker. SUSE – integrated Docker into their SLES 12 releases CaaS offering based on Docker, Kubernetes, Portus. PaaS on top based on CF to come CoreOS – Aim to be the best distribution to run Docker Goodies such as etcd, fleectl, rocket Mesosphere – Docker executor for Mesos (Chronos & Marathon) OpenStack – Nova & Glance drivers, Magnum (piloting Kubernetes/Swarm), Kolla and Kuryr Portainer.io – Management solution for docker engines or swarms
  • 19. Container Ecosystem – fantastic takeup continued... IBM - integrated Docker into SoftLayer PaaS. Published KVM/Docker benchmarks Microsoft - made available Linux images in their Azure IaaS with Docker functionality Ongoing native Docker functionality for Windows Server VMWare – to integrate Docker functionality into vSphere. Joined Kubernetes initiative. Pivotal (CloudFoundry) – Replacing Warden by Docker (and Shipyard, Rancher, Panamax, ...)
  • 20. Open Container Project • Standard specifications for a runtime and an image, vendor/architecture independent • Brings Docker and CoreOS back together (runC, appc, …) • https://www.opencontainers.org
  • 21. The history of resources containment on Linux
  • 22. Linux Resources management Support Linux Support Matrix OS minimal NUMA cgroups LXC KVM Namespace Upstream Kernel Linux 2.6.24 (Mar. 2008) 3.15/16 (2013) Linux 2.6.29 (2010) Linux 2.6.20 (Feb. 2007) Linux 2.6.19/24 (2007) 3.8 (2013) RHEL Yes (5.x) Yes (6.x) Yes (6.3) Yes (5.4) Yes (7.x) SLES Yes (10) Yes (11) Yes (11SP1) Yes (11) Yes (12) Fedora Yes Yes (F11) Yes (F12) Yes (F7) Yes (F19) Ubuntu Yes Yes (10.04) Yes (10.04) Yes (9.10) Yes (14.04)
  • 23. – Help to manage groups of processes – Dedicated subsystems to manage specific resources: – Resource management: CPU shares, memory, blkio – Resource pools: CPU sets, ns, freezer, checkpoint/restart – Implemented as a special cgroup file system – Cgroup commands: cgcreate, cgexec, cgclear, cgclassify, ... – Cgroup services : ● cgconfig (/etc/cgconfig.conf), defines cgroups and mount points ● cgred (/etc/cgrules.conf), defines rules between tasks and cgroups – These are provided by libcgroup on top of the kernel cgroup virtual file system to allow persistence across reboot and ease of use. – Docker associates a cgroup to each container Linux Control Groups Share Dedicate
  • 24. Linux workload management Shared resources example: ‘cpu’ cgroup subsystem – 'cpu' CGroup subsystem • cpu.shares – Shares default to 1024 – Customization example : Example of /etc/cgconfig.conf file: mount { cpu = /cgroup/cpu; } group default { cpu { cpu.shares = 1024; } } group db1 { cpu { cpu.shares = 3072; } } group db2 { cpu { cpu.shares = 6144; } } Share
  • 25. Linux resource pools Dedicated resources example: ‘cpuset’ cgroup subsystem – CGroup subsystems: • cpuset −sets of CPU −sets of MEMORY (NUMA) • memory −limits the amount of RAM, RAM + SWAP −gives the current usage • blkio −change the behavior of Linux CFQ (Completely Fair Queue) Example of /etc/cgconfig.conf file: mount { cpuset = /cgroup/cpuset; } group default { cpuset { cpuset.cpus=0-2 ; cpuset.mem=0-2 } } group db2 { cpuset { cpuset.cpus=4-6 ; cpuset.mem=4-6 } } Dedicate
  • 26. OS Virtualization (‘LXC / Docker’ containers) – Applications in a zone are isolated from the others (chroot on steroïds) • Security (as secure as your kernel) • Namespaces (root, UID, GID, network, PID, IPC, mount points, hostname/uts) • Cgroup Granularity • Single OS image manages HW accesses • Performance & transparency neither emulation nor full virtualization • Netfilter for network isolation (NAT and port fwd) • AuFS overlays isolated file systems on top of a physical file system – Other technos available • V-Server • Virtuozzo • OpenVZ Linux Containers OS Virt https://blog.docker.com/wp-content/uploads/2014/03/docker-execdriver-diagram.png
  • 27. 30/03/2023 Private | Confidential | Internal Use Only Project Build + metadata Use case: Continuous Packaging with Docker Docker Containers Local build Project Repository Local Build Server Packagers Developers
  • 28. 30/03/2023 Private | Confidential | Internal Use Only ”Changes are never easy to make. There is comfort and safety in tradition, but change must come, no matter how painful or expensive it may be.” Bill Hewlett Bruno.Cornec@hpe.com (Open Source and Linux Technology Strategist at the HP/Intel Solution Center) http://downloads.linux.hpe.com/ Linus Torvalds, Richard Stallman, Eric Raymond, Nat Makarevitch, René Cougnenc, Eric Dumas, Rémy Card, Bdale Garbee, Bryan Gartner, Craig Lamparter, Lee Mayes, Gallig Renaud, Andree Leidenfrost, Phil Robb, Bob Gobeille, Martin Michlmayr among others, for their work and devotion to the Open Source Software cause... and my family for their patience :-) THANK YOU