Containers allow for applications to become more portable, organized more efficiently, and configured to make better use of system resources. This presentation will explain Docker's container technology, DevOps approach, partner ecosystem, popularity, performance, challenges, and roadmap. We'll review how containers are changing application and operating system designs.
Driving Behavioral Change for Information Management through Data-Driven Gree...
Docker Overview - Rise of the Containers
1. Docker
Overview
–
Rise
of
the
Containers
Ryan
Hodgin
@rhodgin
IBM
Cloud
–
Cloud
Innova?on
04/17/15
2. Agenda
§ Execu?ve
Summary
§ Where
does
Docker
fit
in
the
world
of
Servers
and
Hypervisors?
§ What’s
an
Applica?on
Container?
§ How
is
Docker
different?
– What
is
a
Docker
image?
– What
is
a
Docker
file?
– What
is
a
Docker
registry?
§ How
popular
is
Docker?
§ What
is
the
performance
like?
§ What’s
Docker
working
on
now?
§ How
does
Docker
change
designs?
§ What
are
some
of
Docker’s
challenges?
§ What’s
next
for
Docker?
§ What
is
IBM
doing
with
Docker?
4/17/15
2
3. Docker:
Execu?ve
Summary
§ Background
– Docker
provides
the
leading
applica?on
container
engine;
open
source
under
the
Apache
2.0
license
– Enables
an
applica?on
image
to
be
constructed
with
its
run?me
dependencies
and
deployed
iden?cally
on
mul?ple
environments
without
modifica?on.
– Version
1.0
announced
on
June
9th,
2014
– Makes
use
of
technology
available
in
all
mainstream
Linux
distribu?ons
– Referred
to
as
“Virtualiza?on
2.0”
due
to
its
removal
of
o^en
unnecessary
por?ons
of
hypervisors.
– Containers
can
be_er
u?lize
hardware
resources
and
perform
be_er
than
tradi?onal
virtualiza?on.
– Integrates
solu?ons
from
DevOps
community
to
improve
release
management
and
deployments.
– Rapidly
growing
in
interest
and
usage
by
both
developers
and
system
administrators.
–
Docker
is
being
aggressively
adopted
by
many
key
tech
companies
• Announcements
from
IBM,
Microso8,
Google,
Amazon,
VMWare,
Red
Hat,
etc..
– Docker
Inc.
now
valued
at
more
than
$1B
with
latest
rounding
of
VC
funding.
4/17/15
3
5. Docker
Engine:
A
“Hypervisor”
for
Containers
4/17/15
5
Hardware
Hypervisor
Virtual
Machine
OperaJng
System
Bins
/
libs
App
App
Virtual
Machine
OperaJng
System
Bins
/
libs
App
App
Hardware
OperaJng
System
Container
Bins
/
libs
App
App
Container
Bins
/
libs
App
App
Hardware
OperaJng
System
Container
Bins
/
libs
App
App
Container
Bins
/
libs
App
App
CLI
REST
API
Dockerfiles
Type
1
Hypervisor
Linux
Containers
Docker
Conceptual
Mapping
VM
à
Container
Hypervisor
à
Docker
Engine
6. Containers
Aren’t
A
New
Concept
§ Containers
have
existed
for
years
in
the
Unix
world:
4/17/15
6
IBM
AIX
WPARs
Oracle
Solaris
Zones
BSD
Jails
7. Technology
for
Containers
Added
to
Linux
4/17/15
7
User
Space
Kernel
Space
Kernel
System
Call
Interface
Architecture
Dependent
Kernel
Code
GLIBC
/
Pseudo
FS
/
User
Space
Tools
&
Libs
Linux
Container
Tooling
Linux
Container
Commodi?za?on
Orchestra?on
&
Management
Hardware
cgroups
namespaces
chroots
LSM
lxc
8. Deployments
have
shi^ed
to
VMs
and
images
§ VMs
and
images
commonly
used
in
the
Cloud
world:
– AWS
Xen
and
Amazon
Machine
Images
– So^Layer
Xen
and
Standard/Flex
Images
– Microso^
Azure
–
Customized
Hyper-‐V
and
VM
Images
– Google
Compute
Engine
–
KVM
– OpenStack
-‐
KVM
§ Similar
technologies
are
used
in
tradi?onal
data
centers:
– VMWare
vSphere
– Citrix
Xen
– KVM
– Microso^
Hyper-‐V
4/17/15
8
9. Docker
Containers
vs.
Tradi?onal
VMs
§ Tradi?onal
VMs
include
wasted
resources
to
support
the
Guest
OS
while
Docker
makes
use
of
layering
to
share
common
OS
/
lib
por?ons
of
images.
4/17/15
9
10. What
is
a
container?
§ Modeled
on
the
success
of
shipping
containers,
an
applica?on
container
is
designed
to
contain
a
complete
deployment
unit
for
an
applica?on
to
allow
for
automa?on,
version
tracking,
and
rapid
deployment.
4/17/15
10
11. What
is
in
a
container?
§ Applica?on
deployments
have
focused
on
the
applica?on
binaries
and
relied
on
opera?ons
for
the
applica?on’s
dependencies
(Java
JRE,
Ruby
Gems,
Python,
App
Server,
etc.)
§ Docker
images
include
these
applica?on
dependencies
in
the
container
along
with
the
applica?on.
4/17/15
11
WAR
file
construcJon:
Docker
image
construcJon:
12. Docker:
Dockerfiles
§ Dockerfiles
document
how
to
construct
the
container
and
what
to
execute
when
it
is
running.
§ Normally
a
container
should
contain
a
single
process.
§ Dockerfiles
are
readable
and
maintainable
along
with
applica?on
source
code.
4/17/15
12
13. Docker:
Images,
Layers
&
Registries
4/17/15
13
The
layers
build
on
one
another
and
only
the
differences
are
stored
in
each
layer.
15. DockerHub
4/17/15
15
Build
Ship
Run
Dev
QA
Source
Staging
Physical
Virtual
Cloud
Infrastructure
Management
Infrastructure
Management
DockerFile
Source
Code
Repository
TEST
TEST
TEST
TEST
TEST
GCE
RAX
IBM
Mac/Win
Dev
Machine
Boot2Docker
Docker
Analytics
DB
Prod
Machine
Linux
OS
Docker
Docker
++
Users
Collab
Provenance
Policy
Docker
Hub
Registries
Public
Curated
Private
Docker
Hub
API
Third
Party
Tools
Prod
Machine
Linux
OS
Docker
Docker
Prod
Machine
Linux
OS
Docker
Docker
VM
Docker
Docker
VM
Docker
Docker
VM
Docker
Docker
QA
Machine
Linux
OS
Docker
Docker
§ Public
and
private
repositories
are
used
to
host
images.
16. Docker:
Open
Planorm
4/17/15
16
Any
App
Any
infrastructure
• Physical
• Virtual
cloud
+
65K
apps
+
50K
projects
API
Engine
Hub
cloud-‐based
plagorm
services
for
distributed
applicaJons
API
open
source
so8ware
at
the
heart
of
the
Docker
plagorm
17. Docker:
Ecosystem
4/17/15
17
Official
Repos
&
65K+
Dockerized
Apps
Community
700+
Contributors
175+
Meetups
in
40
countries
2.75M
Downloads
50K
Projects
on
GitHub
Support
Enterprise
Support
Robust
DocumentaJon
ImplementaJon,
IntegraJon,
Training
Network
of
Partners
The
Docker
Planorm
Docker
Engine
Docker
Hub
Build,
Ship,
and
Run
Partners
Content
Users
18. Docker:
Adop?on
4/17/15
18
Docker
has
the
highest
buying
intenJon
score
of
any
enterprise
company
or
open-‐source
project
in
six
years
of
tracking
by
research
firm
Enterprise
Technology
Research.
19. Docker:
Performance
§ Performance
comparison
with
KVM
by
IBM
Research
shows
near
bare
metal
performance
that
“equals
or
exceeds
KVM
performance
in
every
case
we
tested.”
§ See
full
report
at:
h_p://domino.research.ibm.com/library/cyberdig.nsf/papers/
0929052195DD819C85257D2300681E7B/%24File/rc25482.pdf
4/17/15
19
20. DockerCon14
Europe
Announcements
§ At
its
event
on
12/4-‐12/5,
Docker
announced:
– Docker
Orchestra?on
Services
• Adds
ability
to
assemble
mulJ-‐container
applicaJons
• Supports
any
infrastructure
(laptop,
private,
public
clouds,
etc.)
• Manages
all
containers
of
an
applicaJon
as
a
single
group
• Cluster
an
applicaJon’s
containers
for
HA
and
resource
opJmizaJon
• Includes
three
new
services:
– Docker
Machine
–
a
host
running
the
Docker
Engine
– Docker
Swarm
–
a
Docker-‐naJve
clustering
service
that
works
with
Docker
Engines
and
pools
their
resources
across
them
– Docker
Compose
–
allows
for
applicaJon
assembly
– Docker
Hub
Enterprise
• Allows
for
Developers
to
create
mulJ-‐container
distributed
applicaJons
behind-‐the-‐firewall.
• Integrates
private
and
public
Docker
repositories.
• Brought
to
market
by
IBM,
Amazon,
and
Microso8
as
part
of
broader
set
of
product
and
service
offerings.
• Architected
for
high-‐availability
and
horizontal
scalability
• Planned
availability
in
2Q
2015
4/17/15
20
21. Docker
Machine
§ Machine
makes
it
really
easy
to
create
Docker
hosts
on
your
computer,
on
cloud
providers
and
inside
your
own
data
center.
It
creates
servers,
installs
Docker
on
them,
then
configures
the
Docker
client
to
talk
to
them.
4/17/15
21
§ Drivers
exist
for:
– So^Layer
– AWS
– DigitalOcean
– Azure
– Google
Compute
Engine
– Rackspace
– OpenStack
– Virtualbox
– VMWare
Fusion
– VMWare
vSphere
– Hyperv
22. Docker
Swarm
§ Docker
Swarm
is
na?ve
clustering
for
Docker.
It
turns
a
pool
of
Docker
hosts
into
a
single,
virtual
host.
§ Has
support
for
etcd,
consul,
and
zookeeper
host
discovery
systems.
§ Integra?ons
planned
with
Bluemix,
Mesos,
Kubernetes,
AWS,
Azure
4/17/15
22
23. Docker
Compose
§ Compose
is
a
tool
for
defining
and
running
complex
applica?ons
with
Docker.
With
Compose,
you
define
a
mul?-‐container
applica?on
in
a
single
file,
then
spin
your
applica?on
up
in
a
single
command
which
does
everything
that
needs
to
be
done
to
get
it
running.
4/17/15
23
Defined
in
yaml:
24. Designing
for
Docker
–
Applica?on
Design
§ Because
of
Docker’s
design,
refactoring
may
be
needed
to
run
on
Docker
well.
Cloud-‐friendly
designs
principles
like
The
Twelve
Factor
App
and
Microservices
can
enable
applica?ons
to
run
well
in
Docker
containers.
4/17/15
24
hop://marJnfowler.com/arJcles/microservices.html
hop://12factor.net/
hop://www.slideshare.net/adrianco
25. Designing
for
Docker
–
Opera?on
System
Design
§ Opera?ng
systems
are
being
redesigned
to
focus
on
running
containers.
Dubbed
“Minimalist
OS”,
these
opera?ng
systems
offer
some
key
poten?al
benefits:
– Improved
security
through
smaller
a_ack
surfaces
and
isola?on
techniques
– Small
image
sizes
and
fast
start
up
?mes
– Transac?onal
upgrade
and
rollback
op?ons
§ Some
examples
of
these
minimalist
OSes
include:
– CoreOS
– Red
Hat’s
Project
Atomic
– Ubuntu’s
Snappy
Ubuntu
Core
– RancherOS
– Microso^’s
Nano
Server
4/17/15
25
Architecture
of
RancherOS
26. Docker
Challenges:
Networking
§ Connec?ng
containers
within
the
same
host
isn’t
too
difficult
but
the
complexity
grows
when
containers
need
to
communicate
across
hosts.
§ How
is
this
being
addressed:
– Service
Discovery:
• Docker
Swarm
• Etcd
• Consul
• Zookeeper
– So^ware
Defined
Networks
(SDN)
• Socketplane.io
(Docker
AcquisiJon)
• IBM’s
SDN-‐VE
• Weave
• CoreOS’
Flannel
4/17/15
26
27. Docker
Challenges:
Lack
of
Enterprise
Features
§ Enterprise
features
commonly
found
in
modern
virtualiza?on
planorms
not
yet
available
in
Docker.
Features
such
as:
– Fine
Grained
Administra?on
Access
Control
– Live
Migra?on
of
Containers
– Backup
and
Restore
Op?ons
– Administra?on
Tools
for
Large
Scale
Deployments
– Support
for
Audi?ng
and
Logging
– Regulatory
Compliance
§ Ac?ve
development
underway
to
address
these
gaps.
Major
enterprise
technology
vendors
are
construc?ng
solu?ons
for
many
of
these
areas.
4/17/15
27
28. Docker
Challenges:
Security
§ Container
security
receiving
much
more
scru?ny
now
and
poten?al
vulnerabili?es
are
receiving
a_en?on.
Areas
of
risk
include:
– Docker
Engine
daemon
runs
as
root
– Lack
of
encryp?on
op?ons
– Docker
API
endpoints
– Integrity
of
images
– Containers
may
be
able
to
execute
too
many
system
calls
– Containers
may
have
access
to
file
system
§ Coordinated
development
underway
to
address
these
issues.
§ Concerns
especially
high
concerns
for
mul?-‐tenant
deployments:
– “These
containers
aren't
secure.
They
don't
have
that
kind
of
isola?on.
They're
sharing
so
much
of
their
underlying
opera?ng
system
that
they
can't
be
effec?vely
secured,
at
least
not
to
the
kind
of
level
of
risk
that
we'd
be
comfortable
running
two
different
customers
in
containers
side
by
side”
–
Microso^
Azure
CTO
Mark
Russinovich
4/17/15
28
29. Docker
Compe??on
Announcements:
CoreOS
§ 12/1/14
–
Announces
new
container
run?me
Rocket:
– CoreOS
claims
Docker
has
lost
sight
of
original
“standard
container”
vision:
“Docker
now
is
building
tools
for
launching
cloud
servers,
systems
for
clustering,
and
a
wide
range
of
func?ons:
building
images,
running
images,
uploading,
downloading,
and
eventually
even
overlay
networking,
all
compiled
into
one
monolithic
binary
running
primarily
as
root
on
your
server”
– Requests
community
input
on
a
new
standard:
• App
Container
Image
• App
Container
RunJme
4/17/15
29
30. What’s
Next
for
Docker?
§ 04/14/2015
–
Docker
Raises
$95M
Series
D
Round
for
Its
Container
Planorm
§ Construc?ng
full
planorm
for
containers
§ Integra?ng
strategic
acquisi?ons
(Orchard,
Kitema?c,
SocketPlane)
§ Adding
enterprise
features
through
partnerships
(IBM,
Amazon,
Google,
Red
Hat,
VMWare,
Microso^,
etc.)
§ Adding
support
for
Windows
Containers
through
Microso^
partnership
§ Becoming
the
deployment
planorm
of
choice
for
microservices
§ Mone?zing
images
and
containers
4/17/15
30
31. What’s
IBM
Doing
with
Docker
§ Open
Source
Par?cipa?on:
– IBM
contributes
to
the
Docker
projects
(core
contributors)
– IBM
contributes
Docker
related
func?onality
to
other
projects
as
well
(OpenStack)
§ New
Products/Offerings:
– IBM
Container
Service
on
Bluemix
(currently
in
Beta,
GA
planned
for
2Q15)
– IBM
Docker
Hub
Enterprise
Registry
(to
be
released
in
2Q15)
§ Support
for
Docker
on
IBM
hardware:
– pSeries
Power
Systems
– zSeries
Mainframe
Systems
§ Support
for
Docker
on
IBM
So^ware:
– UrbanCode
– PureApp
– WebSphere
– DB2
4/17/15
31