This document discusses containers and related technologies:
1. Containers provide isolated, portable environments for running applications and their dependencies. Docker is a popular container platform that packages applications into containers using Linux kernel features like namespaces and cgroups.
2. The Open Container Initiative (OCI) aims to develop standards around container formats and runtime. Technologies like Docker, rkt, and AppC implement the OCI specifications.
3. Container orchestration systems like Kubernetes and Mesos manage the deployment and lifecycles of containers at scale across clusters of hosts.
Unraveling Multimodality with Large Language Models.pdf
Containers & CaaS
1.
2. Who am I?
Yujie Du
About: https://about.me/Yujie.Du
Twitter: @ben_duyujie
Email: duyujie.dyj@gmail.com
Linkedin: https://www.linkedin.com/in/duyujie
Download: https://www.slideshare.net/ben_duyujie/containers-caas/
3.
4.
5. One company has certainly found growth by
injecting software into its industry.
source: http://thenewstack.io/uber-netflix-and-the-dreams-of-devops-and-microservices/
5
Uber's rumored net revenue
2013 2014 2015
2000
400
108
Since 2000, 52% of the Fortune
500 are no longer on the list.
The pace of change has increased.
6. Docker will play a central role for every player in that market.
Private Hybrid Public
IT Pros DeploymentPackaging Architects Developers
Docker is also the contract between Developers and Operations. Developers and Operations often have very different attitudes when it comes to choosing tools and environments.
8. Figure from M. Schwarzkopf, “Operating system support for warehouse-scale computing”, PhD thesis, University of Cambridge, 2015 (to appear).
Details & Bibliography: http://malteschwarzkopf.de/research/assets/google-stack.pdf
12. Physical Processor
Virtual Processor
Operating System
Libraries
User Code Private
Copy
Shared
Virtual Machines
Physical Processor
Virtual Processor
Operating System
Libraries
User Code
Containers
ISA
syscall
Containers: less overhead, enable more “magic”
Sandboxing(chroot jails)
Various projects... chroot (1979) jail
Linux-VServer OpenVZ ...
Linux container(chroot + OS isolation)
brought into the kernel... namespaces
cgroups SELinux AppArmor btrs/aufs/
device mapper/etc ...
Docker (LXC + packaging)
and packaged up. systemd-nspawn
LXC lmctfy libvirt-lxc Docker /
libcontainer rkt / appc ...
Containers are isolated, portable environments where you can run applications along with all the
libraries and dependencies they need.
14. A paradigm shift for the O/S :
Redefines “Kernel Space” & “User Space”
Better fit for distributed computing
15. Who built this image?
What’s its purpose?
Was it created to support a demo?
Is it safe to consume?
Who maintains it?
RED HAT CERTIFIED
Trusted source for the host and the
containers
Trusted content inside the
container with security Dxes
available as part of an enterprise
lifecycle
Portability across hosts
HW
HostOS
Containers
Certify
17. CGROUPS NAMESPACES IMAGES
DOCKER
CONTAINER
• Kernel Feature
• Groups of Processes
• Control Resource
Allocation
• CPU, CPU Sets
• Memory
• Disk
• Block I/O
• Not a File System
• Not a VHD
• Basically a tar file
• Has a Hierarchy
• Arbitrary Depth
• Fits into Docker Registry
• The real magic behind
containers
• It creates barriers between
processes
• Different Namespaces
• PID Namespace
• Net Namespace
• IPC Namespace
• MNT Namespace
• Linux Kernel Namespace
introduced between kernel
2.6.15 – 2.6.26
docker run lxc-start
21. ACS
ACS
ACI
ID
Signed Encrypted
Archive
Manifest Rootfs
veth ipvlan macvlan raw dev
FS Volume
Environment
Logging
Isolators
Capabilities
Linux
Isolators
Resource
Isolators
block network
cpu memory
Runtime Env
Pods
UUID Manifest
Executor
Image Discovery
Simple Discovery
Meta Discovery
Network
loopback
ip
overlay
DM
cgroup
Application Containers
“An application container is a way
of packaging and executing
processes on a computer system
that isolates the application from
the underlying host operating
system”
https://github.com/appc/spec,
2015.