SlideShare une entreprise Scribd logo

Containerization is more than the new Virtualization: enabling separation of operational concerns

Jérôme Petazzoni
Jérôme Petazzoni

Docker offers a new, lightweight approach to application portability. Applications are shipped using a common container format, and managed with a high-level API. Their processes run within isolated namespaces which abstract the operating environment, independently of the distribution, versions, network setup, and other details of this environment. This "containerization" has often been nicknamed "the new virtualization". But containers are more than lightweight virtual machines. Beyond their smaller footprint, shorter boot times, and higher consolidation factors, they also bring a lot of new features and use cases which were not possible with classical virtual machines. We will focus on one of those features: separation of operational concerns. Specifically, we will demonstrate how some fundamental tasks like logging, remote access, backups, and troubleshooting can be entirely decoupled from the deployment of applications and services. This decoupling results in independent, smaller, simpler moving parts; just like microservice architectures break down large monolithic apps in more manageable components.

Technologie
1  sur  61
Télécharger pour lire hors ligne
containerization: more than the new virtualization
Jérôme Petazzoni (@jpetazzo) Grumpy French DevOps - Go away or I will replace you with a very small shell script Runs everything in containers - Docker-in-Docker - VPN-in-Docker - KVM-in-Docker - Xorg-in-Docker - ...
outline
Outline Containers as lightweight VMs Containers vs VMs Separation of operational concerns Benefits Conclusions
containers as lightweight VMs
It looks like a VM Private process space Can run stuff as root Private network interface and IP address Custom routes, iptables rules, etc. Can mount filesystems and more
Process tree in a “machine container” PID TTY STAT TIME COMMAND 1 ? Ss+ 0:00 /usr/bin/python3 -u /sbin/my_init --enable-insecure-key 104 ? S+ 0:00 /usr/bin/runsvdir -P /etc/service 105 ? Ss 0:00 _ runsv syslog-ng 108 ? S 0:00 | _ syslog-ng -F -p /var/run/syslog-ng.pid --no-caps 106 ? Ss 0:00 _ runsv sshd 109 ? S 0:00 | _ /usr/sbin/sshd -D 117 ? Ss 0:00 | _ sshd: root@pts/0 119 pts/0 Ss 0:00 | _ -bash 135 pts/0 R+ 0:00 | _ ps fx 107 ? Ss 0:00 _ runsv cron 110 ? S 0:00 _ /usr/sbin/cron -f
Faster to boot, less overhead than a VM $ time docker run ubuntu echo hello world hello world real 0m0.258s Disk usage: less than 100 kB Memory usage: less than 1.5 MB
Benchmark: infiniband
Benchmark: boot OpenStack instances
Benchmark: memory speed
impossibru!
containers vs virtual machines
Virtual Machines Emulate CPU instructions (painfully slow) Emulate hardware (storage, network...) (painfully slow) Run as a userland process on top of a kernel (painfully slow)
Virtual Machines Use native CPU (fast!) Paravirtualized storage, network... (fast, but higher resource usage) Run on top of a hypervisor (faster, but still some overhead)
Containers Processes isolated from each other Very little extra code path (in many cases, it's comparable to UID checking)
Virtual Machines vs Containers Native CPU Paravirtualized devices Hypervisor Native CPU Native syscalls Native kernel
Inter-VM communication Strong isolation, enforced by hypervisor + hardware - no fast-path data transfer between virtual machines - yes, there are PCI pass-throughs and things like xenbus, but that's not easy to use, very specific, not portable Most convenient method: network protocols (L2/L3) But: huge advantage from a security POV
Inter-container communication Tunable isolation - each namespace can be isolated or shared Allows normal Unix communication mechanisms - network protocols on loopback interface - UNIX sockets - shared memory - IPC... Reuse techniques that we know and love (?)
inter-container communication
Shared localhost Multiple containers can share the same “localhost” (by reusing the same network namespace) Communication over localhost is very very fast Also: localhost is a well-known address
Shared filesystem A directory can be shared by multiple containers (by using a bind-mount) That directory can contain: - named pipes (FIFOs) - UNIX sockets - memory-mapped files Bind-mount = zero overhead
Shared IPC Multiple containers can share IPC resources (using the special IPC namespace) Semaphores, Shared Memory, Message Queues... Is anybody still using this?
Host networking Containers can share the host's network stack (by reusing its network namespace) They can use the host's interfaces without penalty (high speed, low latency, no overhead!) Native performance to talk with external containers
Host filesystems Containers can share a directory with the host Example: use fast storage (SAN, SSD...) in container - mount it on the host - share it with the container - done! Native performance to use I/O subsystem
separation of operational concerns
...What? “Ops” functions (backups, logging...) can be performed in separate containers Application containers can run unchanged in various environments: dev, test, QA, prod...
logs
Old style ssh into container cd /var/log tail, grep, ack-grep, awk, sed, apachetop, perl, etc.
New style Create a “data container” to hold the logs docker run --name logs -v /var/log busybox true Start app container sharing that volume docker run --volumes-from logs myapp Inspect logs docker run -ti --volumes-from logs -w /var/log ubuntu bash Use fancy tools without polluting app container docker run -ti --volumes-from logs turbogrep ...
Bonus points Ship logs to something else (logstash, syslog...) docker run --volumes-from logs pipestash Change logging system independently: - without rebuilding app container - without restarting app container - run multiple logging systems at the same time (e.g. for migration)
backups
Old style Prepare the tools - install things like rsync, s3cmd, boto, mysqldump... - get backup script Perform one-shot manual backup - SSH and run the backup script Set up routine backups - edit crontab
New style: setup Create a “data container” to hold the files to back up docker run --name mysqldata -v /var/lib/mysql busybox true Start app container sharing that volume docker run --volumes-from mysqldata mysql Create a separate image with backup tools - Dockerfile with “apt-get install rsync s3cmd...”
New style: one-shot manual backup Use the special backup image docker run --rm --volumes-from mysqldata mysqlbackup tar -cJf- /var/lib/mysql | stream-it-to-the-cloud.py Of course, you can use something fancier than tar (e.g. rsync, tarsnap...)
New style: routine backups Option 1 - run “crond” in backup image - start backup image and keep it running Option 2 - start backup script from a crontab entry on the Docker host Option 3 - have a special “cron” container - give it access to the Docker API - let it start the backup container at regular intervals
network debugging
Old style ssh into container Install tcpdump, ngrep, … Run them
New style Make a container image with tcpdump, ngrep... (let's call it “netdebug”) Run it in the namespace of the application container docker run -ti --net container:<app_cid> netdebug bash Now run tcpdump, ngrep, etc. Want to copy a dump to see it with wireshark? docker run -ti --net container:... -v /tmp:/tmp netdebug tcpdump -s0 -peni eth0 -w/tmp/myapp.pcap
configuration tweaking
Old style ssh into container vi /etc/tomcat/something.xml (maybe) /etc/init.d/tomcat restart
New style Option 1 - set up /etc/tomcat to be a “data container” - start another container sharing this volume; install vi/emacs here Option 2 - set up /etc/tomcat to be on the host: docker run -v /etc/containers/myapp:/etc/tomcat … If needed: restart the container - docker stop; docker start - docker kill -s HUP
epiphany
composition
Virtual Machine deployment Linux base system Libraries Application Logging Backups Metrics ...
With configuration management node www { include common include web include logstash include backup include graphite }
Problems Conflicts between two components - example: logging and metrics systems use different Java versions Software certified for different distro - example: one component requires RHEL 6.4 but you run Ubuntu Migration from one component to another - example: from syslog to splunk
Container deployment Linux base system Docker Application container Logging container Backups container Metrics container ...
benefits
Immutable infrastructure What's an immutable infrastructure? - re-create images each time you change a line of code - prevent (or track) modifications of running images Why is it useful? - no more rebellious servers after manual upgrades - no more “oops, how do we roll back?” after catastrophic upgrade - easier security audit (inspect images at rest) How can containers help? - container images are easier to create and manage than VM images
Micro-service architecture What's a micro-service architecture? - break your big application down into many small services Why is it useful? - it's easier to upgrade/refactor/replace a small service - encourages to have many small teams*, each owning a service (*small teams are supposedly better; see Jeff Bezos' “two-pizza rule”) How can containers help? - problem: 10 micro-services instead of 1 big application = 10x more work to deploy everything - solution: need extremely easy deployment; hello containers!
thank you! questions?

Recommandé

Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...
Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...
Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...Simplilearn
 
Container orchestration overview
Container orchestration overviewContainer orchestration overview
Container orchestration overviewWyn B. Van Devanter
 
Virtualization, Containers, Docker and scalable container management services
Virtualization, Containers, Docker and scalable container management servicesVirtualization, Containers, Docker and scalable container management services
Virtualization, Containers, Docker and scalable container management servicesabhishek chawla
 
Virtual Machines and Docker
Virtual Machines and DockerVirtual Machines and Docker
Virtual Machines and DockerDanish Khakwani
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
Containerization and Docker
Containerization and DockerContainerization and Docker
Containerization and DockerMegha Bansal
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Herofazalraja
 
Docker introduction
Docker introductionDocker introduction
Docker introductiondotCloud
 

Recommandé

Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...
Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...
Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...Simplilearn
 
Container orchestration overview
Container orchestration overviewContainer orchestration overview
Container orchestration overviewWyn B. Van Devanter
 
Virtualization, Containers, Docker and scalable container management services
Virtualization, Containers, Docker and scalable container management servicesVirtualization, Containers, Docker and scalable container management services
Virtualization, Containers, Docker and scalable container management servicesabhishek chawla
 
Virtual Machines and Docker
Virtual Machines and DockerVirtual Machines and Docker
Virtual Machines and DockerDanish Khakwani
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
Containerization and Docker
Containerization and DockerContainerization and Docker
Containerization and DockerMegha Bansal
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Herofazalraja
 
Docker introduction
Docker introductionDocker introduction
Docker introductiondotCloud
 
Virtualisation basics
Virtualisation basicsVirtualisation basics
Virtualisation basicssagaroceanic11
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionSparkbit
 
Docker introduction (1)
Docker introduction (1)Docker introduction (1)
Docker introduction (1)Gourav Varma
 
What is Docker
What is DockerWhat is Docker
What is DockerPavel Klimiankou
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerAditya Konarde
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker, Inc.
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux KernelDocker, Inc.
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with dockerBangladesh Network Operators Group
 
Intro to docker
Intro to dockerIntro to docker
Intro to dockerAbderrahmane Mechri
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker, Inc.
 
Microservices with Docker
Microservices with Docker Microservices with Docker
Microservices with Docker Venkata Naga Ravi
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics CodeOps Technologies LLP
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101Winton Winton
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
 
Docker introduction for the beginners
Docker introduction for the beginnersDocker introduction for the beginners
Docker introduction for the beginnersJuneyoung Oh
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT CampusAjeet Singh Raina
 
Docker introduction &amp; benefits
Docker introduction &amp; benefitsDocker introduction &amp; benefits
Docker introduction &amp; benefitsAmit Manwade
 
OpenShift Enterprise 3.1 vs kubernetes
OpenShift Enterprise 3.1 vs kubernetesOpenShift Enterprise 3.1 vs kubernetes
OpenShift Enterprise 3.1 vs kubernetesSamuel Terburg
 
Virtualization Vs. Containers
Virtualization Vs. ContainersVirtualization Vs. Containers
Virtualization Vs. Containersactualtechmedia
 
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...Edureka!
 
Intro to containerization
Intro to containerizationIntro to containerization
Intro to containerizationBalint Pato
 
Software Containerization
Software ContainerizationSoftware Containerization
Software ContainerizationRoshan Deniyage
 

Contenu connexe

Tendances

Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionSparkbit
 
Docker introduction (1)
Docker introduction (1)Docker introduction (1)
Docker introduction (1)Gourav Varma
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerAditya Konarde
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker, Inc.
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux KernelDocker, Inc.
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker, Inc.
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
 
Docker introduction for the beginners
Docker introduction for the beginnersDocker introduction for the beginners
Docker introduction for the beginnersJuneyoung Oh
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT CampusAjeet Singh Raina
 
Docker introduction &amp; benefits
Docker introduction &amp; benefitsDocker introduction &amp; benefits
Docker introduction &amp; benefitsAmit Manwade
 
OpenShift Enterprise 3.1 vs kubernetes
OpenShift Enterprise 3.1 vs kubernetesOpenShift Enterprise 3.1 vs kubernetes
OpenShift Enterprise 3.1 vs kubernetesSamuel Terburg
 
Virtualization Vs. Containers
Virtualization Vs. ContainersVirtualization Vs. Containers
Virtualization Vs. Containersactualtechmedia
 
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...Edureka!
 

Tendances (20)

Virtualisation basics
Virtualisation basicsVirtualisation basics
Virtualisation basics
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Docker introduction (1)
Docker introduction (1)Docker introduction (1)
Docker introduction (1)
 
What is Docker
What is DockerWhat is Docker
What is Docker
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with docker
 
Intro to docker
Intro to dockerIntro to docker
Intro to docker
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016
 
Microservices with Docker
Microservices with Docker Microservices with Docker
Microservices with Docker
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
 
Docker introduction for the beginners
Docker introduction for the beginnersDocker introduction for the beginners
Docker introduction for the beginners
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT Campus
 
Docker introduction &amp; benefits
Docker introduction &amp; benefitsDocker introduction &amp; benefits
Docker introduction &amp; benefits
 
OpenShift Enterprise 3.1 vs kubernetes
OpenShift Enterprise 3.1 vs kubernetesOpenShift Enterprise 3.1 vs kubernetes
OpenShift Enterprise 3.1 vs kubernetes
 
Virtualization Vs. Containers
Virtualization Vs. ContainersVirtualization Vs. Containers
Virtualization Vs. Containers
 
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
 

En vedette

Intro to containerization
Intro to containerizationIntro to containerization
Intro to containerizationBalint Pato
 
Software Containerization
Software ContainerizationSoftware Containerization
Software ContainerizationRoshan Deniyage
 
Virtual machines and containers
Virtual machines and containersVirtual machines and containers
Virtual machines and containersPatrick Pierson
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0guest72e8c1
 
A Primer to Containerization & Microservices
A Primer to Containerization & MicroservicesA Primer to Containerization & Microservices
A Primer to Containerization & MicroservicesShiju Varghese
 
Hide your development environment and application in a container
Hide your development environment and application in a containerHide your development environment and application in a container
Hide your development environment and application in a containerJohan Janssen
 
Containerization using docker
Containerization using dockerContainerization using docker
Containerization using dockerVinod Doshi
 
Essence Of Containerizati on 230508
Essence Of Containerizati on 230508 Essence Of Containerizati on 230508
Essence Of Containerizati on 230508 jansowri
 
Discussing the difference between docker dontainers and virtual machines
Discussing the difference between docker dontainers and virtual machinesDiscussing the difference between docker dontainers and virtual machines
Discussing the difference between docker dontainers and virtual machinesSteven Grzbielok
 
NoOps != No Operations
NoOps != No OperationsNoOps != No Operations
NoOps != No OperationsDavid Tesar
 
Virtualization with Vagrant (ua.pycon 2011)
Virtualization with Vagrant (ua.pycon 2011)Virtualization with Vagrant (ua.pycon 2011)
Virtualization with Vagrant (ua.pycon 2011)Dmitry Guyvoronsky
 
bed-con 2015 - From Virtual Machines to Containers
bed-con 2015 - From Virtual Machines to Containersbed-con 2015 - From Virtual Machines to Containers
bed-con 2015 - From Virtual Machines to Containerscamunda services GmbH
 
Docker containerization cookbook
Docker containerization cookbookDocker containerization cookbook
Docker containerization cookbookPascal Louis
 
Continuous delivery with Gradle
Continuous delivery with GradleContinuous delivery with Gradle
Continuous delivery with GradleBob Paulin
 
Reactive Programming Models for IoT
Reactive Programming Models for IoTReactive Programming Models for IoT
Reactive Programming Models for IoTTodd Montgomery
 

En vedette (20)

Intro to containerization
Intro to containerizationIntro to containerization
Intro to containerization
 
Software Containerization
Software ContainerizationSoftware Containerization
Software Containerization
 
Containerization
ContainerizationContainerization
Containerization
 
Devops is all greek
Devops is all greekDevops is all greek
Devops is all greek
 
Virtual machines and containers
Virtual machines and containersVirtual machines and containers
Virtual machines and containers
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0
 
Virutal Box
Virutal BoxVirutal Box
Virutal Box
 
A Primer to Containerization & Microservices
A Primer to Containerization & MicroservicesA Primer to Containerization & Microservices
A Primer to Containerization & Microservices
 
Hide your development environment and application in a container
Hide your development environment and application in a containerHide your development environment and application in a container
Hide your development environment and application in a container
 
Containerization using docker
Containerization using dockerContainerization using docker
Containerization using docker
 
Essence Of Containerizati on 230508
Essence Of Containerizati on 230508 Essence Of Containerizati on 230508
Essence Of Containerizati on 230508
 
Discussing the difference between docker dontainers and virtual machines
Discussing the difference between docker dontainers and virtual machinesDiscussing the difference between docker dontainers and virtual machines
Discussing the difference between docker dontainers and virtual machines
 
NoOps != No Operations
NoOps != No OperationsNoOps != No Operations
NoOps != No Operations
 
Virtualization with Vagrant (ua.pycon 2011)
Virtualization with Vagrant (ua.pycon 2011)Virtualization with Vagrant (ua.pycon 2011)
Virtualization with Vagrant (ua.pycon 2011)
 
bed-con 2015 - From Virtual Machines to Containers
bed-con 2015 - From Virtual Machines to Containersbed-con 2015 - From Virtual Machines to Containers
bed-con 2015 - From Virtual Machines to Containers
 
Docker containerization cookbook
Docker containerization cookbookDocker containerization cookbook
Docker containerization cookbook
 
Continuous delivery with Gradle
Continuous delivery with GradleContinuous delivery with Gradle
Continuous delivery with Gradle
 
Docker Basics
Docker BasicsDocker Basics
Docker Basics
 
Reactive Programming Models for IoT
Reactive Programming Models for IoTReactive Programming Models for IoT
Reactive Programming Models for IoT
 

Similaire à Containerization is more than the new Virtualization: enabling separation of operational concerns

Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationC4Media
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Arun prasath
 
Docker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing MeetupDocker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing MeetupJérôme Petazzoni
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in LinuxSadegh Dorri N.
 
Docker Online Meetup #3: Docker in Production
Docker Online Meetup #3: Docker in ProductionDocker Online Meetup #3: Docker in Production
Docker Online Meetup #3: Docker in ProductionDocker, Inc.
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesJérôme Petazzoni
 
Containers and workload security an overview
Containers and workload security an overview Containers and workload security an overview
Containers and workload security an overview Krishna-Kumar
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 applicationRoman Rodomansky
 
Build High-Performance, Scalable, Distributed Applications with Stacks of Co...
Build High-Performance, Scalable, Distributed Applications with Stacks of Co... Build High-Performance, Scalable, Distributed Applications with Stacks of Co...
Build High-Performance, Scalable, Distributed Applications with Stacks of Co...Yandex
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityJérôme Petazzoni
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014Carlo Bonamico
 
Containers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific TrioContainers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific TrioJérôme Petazzoni
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Jérôme Petazzoni
 
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsElasTest Project
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and dockerFabio Fumarola
 
Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Jérôme Petazzoni
 
Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant Ricardo Amaro
 

Similaire à Containerization is more than the new Virtualization: enabling separation of operational concerns (20)

Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New Virtualization
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
Docker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing MeetupDocker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing Meetup
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in Linux
 
Docker-v3.pdf
Docker-v3.pdfDocker-v3.pdf
Docker-v3.pdf
 
Docker Online Meetup #3: Docker in Production
Docker Online Meetup #3: Docker in ProductionDocker Online Meetup #3: Docker in Production
Docker Online Meetup #3: Docker in Production
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
 
Containers and workload security an overview
Containers and workload security an overview Containers and workload security an overview
Containers and workload security an overview
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
 
Build High-Performance, Scalable, Distributed Applications with Stacks of Co...
Build High-Performance, Scalable, Distributed Applications with Stacks of Co... Build High-Performance, Scalable, Distributed Applications with Stacks of Co...
Build High-Performance, Scalable, Distributed Applications with Stacks of Co...
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
 
Containers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific TrioContainers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific Trio
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
 
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
 
Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015
 
Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant Drupalcamp es 2013 drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant
 

Plus de Jérôme Petazzoni

Use the Source or Join the Dark Side: differences between Docker Community an...
Use the Source or Join the Dark Side: differences between Docker Community an...Use the Source or Join the Dark Side: differences between Docker Community an...
Use the Source or Join the Dark Side: differences between Docker Community an...Jérôme Petazzoni
 
Orchestration for the rest of us
Orchestration for the rest of usOrchestration for the rest of us
Orchestration for the rest of usJérôme Petazzoni
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
 
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...Jérôme Petazzoni
 
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Jérôme Petazzoni
 
Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...Jérôme Petazzoni
 
From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...Jérôme Petazzoni
 
How to contribute to large open source projects like Docker (LinuxCon 2015)
How to contribute to large open source projects like Docker (LinuxCon 2015)How to contribute to large open source projects like Docker (LinuxCon 2015)
How to contribute to large open source projects like Docker (LinuxCon 2015)Jérôme Petazzoni
 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Jérôme Petazzoni
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 
Microservices. Microservices everywhere! (At OSCON 2015)
Microservices. Microservices everywhere! (At OSCON 2015)Microservices. Microservices everywhere! (At OSCON 2015)
Microservices. Microservices everywhere! (At OSCON 2015)Jérôme Petazzoni
 
Deploy microservices in containers with Docker and friends - KCDC2015
Deploy microservices in containers with Docker and friends - KCDC2015Deploy microservices in containers with Docker and friends - KCDC2015
Deploy microservices in containers with Docker and friends - KCDC2015Jérôme Petazzoni
 
Immutable infrastructure with Docker and containers (GlueCon 2015)
Immutable infrastructure with Docker and containers (GlueCon 2015)Immutable infrastructure with Docker and containers (GlueCon 2015)
Immutable infrastructure with Docker and containers (GlueCon 2015)Jérôme Petazzoni
 
The Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deploymentThe Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deploymentJérôme Petazzoni
 
Docker: automation for the rest of us
Docker: automation for the rest of usDocker: automation for the rest of us
Docker: automation for the rest of usJérôme Petazzoni
 
Docker Non Technical Presentation
Docker Non Technical PresentationDocker Non Technical Presentation
Docker Non Technical PresentationJérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionIntroduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionJérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionJérôme Petazzoni
 
Pipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and DockerPipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and DockerJérôme Petazzoni
 
Introduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange CountyIntroduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange CountyJérôme Petazzoni
 

Plus de Jérôme Petazzoni (20)

Use the Source or Join the Dark Side: differences between Docker Community an...
Use the Source or Join the Dark Side: differences between Docker Community an...Use the Source or Join the Dark Side: differences between Docker Community an...
Use the Source or Join the Dark Side: differences between Docker Community an...
 
Orchestration for the rest of us
Orchestration for the rest of usOrchestration for the rest of us
Orchestration for the rest of us
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
 
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
 
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
 
Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...
 
From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
 
How to contribute to large open source projects like Docker (LinuxCon 2015)
How to contribute to large open source projects like Docker (LinuxCon 2015)How to contribute to large open source projects like Docker (LinuxCon 2015)
How to contribute to large open source projects like Docker (LinuxCon 2015)
 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
 
Microservices. Microservices everywhere! (At OSCON 2015)
Microservices. Microservices everywhere! (At OSCON 2015)Microservices. Microservices everywhere! (At OSCON 2015)
Microservices. Microservices everywhere! (At OSCON 2015)
 
Deploy microservices in containers with Docker and friends - KCDC2015
Deploy microservices in containers with Docker and friends - KCDC2015Deploy microservices in containers with Docker and friends - KCDC2015
Deploy microservices in containers with Docker and friends - KCDC2015
 
Immutable infrastructure with Docker and containers (GlueCon 2015)
Immutable infrastructure with Docker and containers (GlueCon 2015)Immutable infrastructure with Docker and containers (GlueCon 2015)
Immutable infrastructure with Docker and containers (GlueCon 2015)
 
The Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deploymentThe Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deployment
 
Docker: automation for the rest of us
Docker: automation for the rest of usDocker: automation for the rest of us
Docker: automation for the rest of us
 
Docker Non Technical Presentation
Docker Non Technical PresentationDocker Non Technical Presentation
Docker Non Technical Presentation
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionIntroduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
Pipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and DockerPipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and Docker
 
Introduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange CountyIntroduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange County
 

Dernier

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Dernier (20)

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Containerization is more than the new Virtualization: enabling separation of operational concerns

  • 1. containerization: more than the new virtualization
  • 2. Jérôme Petazzoni (@jpetazzo) Grumpy French DevOps - Go away or I will replace you with a very small shell script Runs everything in containers - Docker-in-Docker - VPN-in-Docker - KVM-in-Docker - Xorg-in-Docker - ...
  • 3.
  • 5. Outline Containers as lightweight VMs Containers vs VMs Separation of operational concerns Benefits Conclusions
  • 6.
  • 8. It looks like a VM Private process space Can run stuff as root Private network interface and IP address Custom routes, iptables rules, etc. Can mount filesystems and more
  • 9. Process tree in a “machine container” PID TTY STAT TIME COMMAND 1 ? Ss+ 0:00 /usr/bin/python3 -u /sbin/my_init --enable-insecure-key 104 ? S+ 0:00 /usr/bin/runsvdir -P /etc/service 105 ? Ss 0:00 _ runsv syslog-ng 108 ? S 0:00 | _ syslog-ng -F -p /var/run/syslog-ng.pid --no-caps 106 ? Ss 0:00 _ runsv sshd 109 ? S 0:00 | _ /usr/sbin/sshd -D 117 ? Ss 0:00 | _ sshd: root@pts/0 119 pts/0 Ss 0:00 | _ -bash 135 pts/0 R+ 0:00 | _ ps fx 107 ? Ss 0:00 _ runsv cron 110 ? S 0:00 _ /usr/sbin/cron -f
  • 10. Faster to boot, less overhead than a VM $ time docker run ubuntu echo hello world hello world real 0m0.258s Disk usage: less than 100 kB Memory usage: less than 1.5 MB
  • 15.
  • 17. Virtual Machines Emulate CPU instructions (painfully slow) Emulate hardware (storage, network...) (painfully slow) Run as a userland process on top of a kernel (painfully slow)
  • 18. Virtual Machines Use native CPU (fast!) Paravirtualized storage, network... (fast, but higher resource usage) Run on top of a hypervisor (faster, but still some overhead)
  • 19. Containers Processes isolated from each other Very little extra code path (in many cases, it's comparable to UID checking)
  • 20. Virtual Machines vs Containers Native CPU Paravirtualized devices Hypervisor Native CPU Native syscalls Native kernel
  • 21. Inter-VM communication Strong isolation, enforced by hypervisor + hardware - no fast-path data transfer between virtual machines - yes, there are PCI pass-throughs and things like xenbus, but that's not easy to use, very specific, not portable Most convenient method: network protocols (L2/L3) But: huge advantage from a security POV
  • 22. Inter-container communication Tunable isolation - each namespace can be isolated or shared Allows normal Unix communication mechanisms - network protocols on loopback interface - UNIX sockets - shared memory - IPC... Reuse techniques that we know and love (?)
  • 23.
  • 25. Shared localhost Multiple containers can share the same “localhost” (by reusing the same network namespace) Communication over localhost is very very fast Also: localhost is a well-known address
  • 26. Shared filesystem A directory can be shared by multiple containers (by using a bind-mount) That directory can contain: - named pipes (FIFOs) - UNIX sockets - memory-mapped files Bind-mount = zero overhead
  • 27. Shared IPC Multiple containers can share IPC resources (using the special IPC namespace) Semaphores, Shared Memory, Message Queues... Is anybody still using this?
  • 28. Host networking Containers can share the host's network stack (by reusing its network namespace) They can use the host's interfaces without penalty (high speed, low latency, no overhead!) Native performance to talk with external containers
  • 29. Host filesystems Containers can share a directory with the host Example: use fast storage (SAN, SSD...) in container - mount it on the host - share it with the container - done! Native performance to use I/O subsystem
  • 30.
  • 32. ...What? “Ops” functions (backups, logging...) can be performed in separate containers Application containers can run unchanged in various environments: dev, test, QA, prod...
  • 33. logs
  • 34. Old style ssh into container cd /var/log tail, grep, ack-grep, awk, sed, apachetop, perl, etc.
  • 35. New style Create a “data container” to hold the logs docker run --name logs -v /var/log busybox true Start app container sharing that volume docker run --volumes-from logs myapp Inspect logs docker run -ti --volumes-from logs -w /var/log ubuntu bash Use fancy tools without polluting app container docker run -ti --volumes-from logs turbogrep ...
  • 36. Bonus points Ship logs to something else (logstash, syslog...) docker run --volumes-from logs pipestash Change logging system independently: - without rebuilding app container - without restarting app container - run multiple logging systems at the same time (e.g. for migration)
  • 38. Old style Prepare the tools - install things like rsync, s3cmd, boto, mysqldump... - get backup script Perform one-shot manual backup - SSH and run the backup script Set up routine backups - edit crontab
  • 39. New style: setup Create a “data container” to hold the files to back up docker run --name mysqldata -v /var/lib/mysql busybox true Start app container sharing that volume docker run --volumes-from mysqldata mysql Create a separate image with backup tools - Dockerfile with “apt-get install rsync s3cmd...”
  • 40. New style: one-shot manual backup Use the special backup image docker run --rm --volumes-from mysqldata mysqlbackup tar -cJf- /var/lib/mysql | stream-it-to-the-cloud.py Of course, you can use something fancier than tar (e.g. rsync, tarsnap...)
  • 41. New style: routine backups Option 1 - run “crond” in backup image - start backup image and keep it running Option 2 - start backup script from a crontab entry on the Docker host Option 3 - have a special “cron” container - give it access to the Docker API - let it start the backup container at regular intervals
  • 43. Old style ssh into container Install tcpdump, ngrep, … Run them
  • 44. New style Make a container image with tcpdump, ngrep... (let's call it “netdebug”) Run it in the namespace of the application container docker run -ti --net container:<app_cid> netdebug bash Now run tcpdump, ngrep, etc. Want to copy a dump to see it with wireshark? docker run -ti --net container:... -v /tmp:/tmp netdebug tcpdump -s0 -peni eth0 -w/tmp/myapp.pcap
  • 46. Old style ssh into container vi /etc/tomcat/something.xml (maybe) /etc/init.d/tomcat restart
  • 47. New style Option 1 - set up /etc/tomcat to be a “data container” - start another container sharing this volume; install vi/emacs here Option 2 - set up /etc/tomcat to be on the host: docker run -v /etc/containers/myapp:/etc/tomcat … If needed: restart the container - docker stop; docker start - docker kill -s HUP
  • 48.
  • 50.
  • 52. Virtual Machine deployment Linux base system Libraries Application Logging Backups Metrics ...
  • 53. With configuration management node www { include common include web include logstash include backup include graphite }
  • 54. Problems Conflicts between two components - example: logging and metrics systems use different Java versions Software certified for different distro - example: one component requires RHEL 6.4 but you run Ubuntu Migration from one component to another - example: from syslog to splunk
  • 55. Container deployment Linux base system Docker Application container Logging container Backups container Metrics container ...
  • 56.
  • 58. Immutable infrastructure What's an immutable infrastructure? - re-create images each time you change a line of code - prevent (or track) modifications of running images Why is it useful? - no more rebellious servers after manual upgrades - no more “oops, how do we roll back?” after catastrophic upgrade - easier security audit (inspect images at rest) How can containers help? - container images are easier to create and manage than VM images
  • 59. Micro-service architecture What's a micro-service architecture? - break your big application down into many small services Why is it useful? - it's easier to upgrade/refactor/replace a small service - encourages to have many small teams*, each owning a service (*small teams are supposedly better; see Jeff Bezos' “two-pizza rule”) How can containers help? - problem: 10 micro-services instead of 1 big application = 10x more work to deploy everything - solution: need extremely easy deployment; hello containers!
  • 60.