A hands-on workshop will go over the foundations of the containers platform, including an overview of the platform system components: images, containers, repositories, clustering, and orchestration. The strategy is to demonstrate through "live demo, and hands-on exercises." The reuse case of containers in building a portable distributed application cluster running a variety of workloads including HPC workload.
2. Docker Bday #5 Celebrations Worldwide!
100+
customer
and user
events
worldwide!
3. Thank you CH9 and WebTech meetup
Your generosity is much appreciated!
4. $id Christian
● Over ten-year journey rooted in the industrial, automotive HPC in Germany, Christian started his career in Bull R&D supporting CAE
applications and VR installations, then later Dyna.
● Co-founded the container and cloud workshop in ISC HPC conference when told at a meeting that HPC can not learn anything from
the emerging Cloud and BigData companies.
● Since then, he is curious and leading DevOps and containerization effort wherever he goes.
● Just before Docker, he worked on the cloud-stack team at Sony PlayStation.
● Christian joined Docker Inc in 2017 to help push the adoption forward and be part of the innovation instead of an external bystander.
● During the day he helps Docker customers in the EMEA region to fully utilise the power of containers; at night he likes to explore new
emerging trends by containerising them first and seek application in the nebulous world of DevOps.
@kniepbert
christian.kniep@docker.com
https://www.linkedin.com/in/christian-kniep-3004b053/
5. $id walid
● Passionate about Openness, Open Source, DevOps, Infosec
● Red Hat Certified Architect RHCA V
● Certified Kubernetes Administrator CKA
● SANS GIAC Incident handler, Forensics and Web security certified.
● Dhahran Docker & Ansible meetup organizer “Community Leader”
@walidshaari
walid.shaari@linux.com
https://www.linkedin.com/in/walidshaari/
https://github.com/walidshaari
6. Let's get to know each other
▪ Assuming everyone knows a bit of
▪ Linux
▪ Unix
▪ Mac OSX CLI ?
▪ Development, Operations, Security, Research, Business, Others?
▪ DevOps
▪ Containers
▪ Schedulers
▪ Containers ecosystem
▪ Clusters, Load balancers, Orchestration
7. Docker Momentum
Thank You for 5 Amazing Years!
Docker EE
commercial
customers
450+
Job listings on
LinkedIn
15K
Container
downloads
37B 3.5M 200+
Active Docker
user groups
Dockerized
apps
8. The Docker Journey to Containerization
Getting Started
1st Project
Scaling Out
New Innovation
Where are you? And where do you want to go?
10. Containers are the “Fastest Growing Cloud Enabling Technology”
By 2020, more than 50% of global
organizations will be running
containers in production.
-Gartner
Title source: 451 Research
2017
24B
PULLS
11. Static Website ? ? ? ? ? ? ? ?
Web Frontend ? ? ? ? ? ? ? ?
Background
Workers
? ? ? ? ? ? ? ?
User DB ? ? ? ? ? ? ? ?
Analytics DB ? ? ? ? ? ? ? ?
Queue ? ? ? ? ? ? ? ?
Desktop Test/QA
Cluster
Production
Cluster
Public
Cloud
Data
Center
Mainframe Windows
Server
Edge
Device
The “Matrix from Hell” Breeds Complexity
12. It IS time to Think Differently
“We cannot solve our problems with the same
thinking we used when we created them”
- Albert Einstein-
13. The “Matrix from Hell” Breeds Complexity
Static Website ? ? ? ? ? ? ?
Web Frontend ? ? ? ? ? ? ?
Background
Workers
? ? ? ? ? ? ?
User DB ? ? ? ? ? ? ?
Analytics DB ? ? ? ? ? ? ?
Queue ? ? ? ? ? ? ?
Desktop Test/QA
Cluster
Production
Cluster
Public
Cloud
Data
Center
Mainframe Windows
Server
Edge
Device
— Containers Cut Complexity
14. Stacked View
Hardware
Host Kernel
Userland
Services Hypervisor
Kernel
Userland
Services1 Services2
Userland
Kernel
Hardware
Host Kernel
Userland
Services
Userland
appB appC
Userland
Cnt1 Cnt2
VM1 VM2
Traditional Virtualization os-virtualization
VM and OS Licenses
Server Count
Power, Space, Cooling
Admin
Reducing
15. Brief History of Container Technology
Jails Zones Namespaces Docker
VServer cgroups LXC
Container Runtime and Image Format Standards, Jeff Borek, Stephen Walli, KubeCon Dec/2017
FreeBSD Jails
expand on
Unix chroot to
isolate files
Linux-VServer
ports kernel
isolation, but
requires
recompilation
Solaris Zones
bring the
concept of
snapshots
Google introduces
Process
Containers,
merged as cgroups
RedHat adds user
namespaces,
limiting root access
in containers
IBM creates LXC
providing user tools
for cgroups and
namespaces
Docker provides
simple user tools
and images.
Containers go
mainstream
2000
2001
2004
2006
2008
2008
2013
16. Maintenance and Complexity Drains the Budget, So Innovation Suffers
* Average number infrastructures in the enterprise (on-prem and cloud)
** Forrester, CIO and the emerging Digital Crisis, 2018
*** CloudPhysics, Global IT Data Lake Report, Q4, ‘16
Sources: IDC “The Cost of Retaining Aging IT Infrastructure”, RightScale 2017 State of the Cloud Report
Stalled Initiatives
• Modernizing legacy apps
• Cloud migration
• Server consolidation
• Faster s/w time to market
8+
IT Silos*
1000’s
of apps
<20% server
utilization***
IT demands
increasing!
!
60% of CIOs say
“We’re behind in digital
transformation”**
INNOVATION
20%
MAINTENANCE
80%
19. 400+ Build Their Containerization Strategy with Docker Enterprise Edition
Financial
Services
Healthcare
& Science
Tech
Oil & Gas /
Energy
Insurance
Public
Sector
20. Docker allows GSK to support a multitude of tools, technologies and interfaces.
Ranjith Raghunath, GlaxoSmithKline
Docker helped us achieve a much better security position.
Jan Hedstrom, Assa Abloy
…Everyone wants to work with Docker and it’s a change of mindset in the company.
Thomas Boussardon, Societe Generale
Only Docker Delivers All Three Core Enterprise Requirements
• Your app in any cloud,
including Hybrid
• No lock-in
• Risk mitigation
• Use Docker native tools …
or almost any you prefer
Choice Security Agility
• Governance
• Chain of custody
• Role-based access control
• Threat scanning
• Standardized and unified
operations
• Dev to Ops consistency
• Rapid Delivery and response
• Cost efficiency
Docker EE Ensures Choice, Security and Agility
21. To Enable Your Key IT Initiatives
Modernize Software Supply Chain
Modernize Existing or “Traditional”
Applications (“MTA”)
Cloud Strategies
Avoiding lock-in
Reduce Data Center Expenses
Faster Application Development
and Delivery
22. With an Enterprise-Ready Container Platform
Support and
Certification
AutomationGovernanceSecurity
• Threat Scanning
• Controlled Code
Deployment
• Encryption
• Secrets Mgmt
• Image Mgmt
• Support for 3rd
party security
• Role-based access
control (RBAC)
• Policy Mgmt
• App Config Mgmt
• Forensic Image
History
• Controlled Code
Deployment
• Orchestration
• Built-in app
reliability/High Avail.
• Policy-based
automation
• Auto healing
• Enterprise-grade
support
• Certified Plug-ins
and Infrastructure
• Certified ISV apps
• Certified
professionals
Server
OS
App
Docker Engine
23. Docker Enterprise Edition Enables All Application Types
Enable a uniform management and security model for any app across an infrastructure
Traditional Microservices ISV apps
Big Data
ML
AI
...moreEdge & IoT
Cloud VM Bare Metal Edge Device
Docker Platform
24. What’s New in Docker Enterprise Edition
Docker + Kubernetes
25. Docker adds Kubernetes support
Customers asked Docker:
• To have both Swarm and Kubernetes available for the pockets within their
organizations that are using it
• To make Kubernetes easier to manage
• For a Docker Dev to Ops experience with Kubernetes
• For advanced capabilities of Docker EE around the secure software supply chain,
high availability, and automation for Kubernetes
• To make Kubernetes management available across Windows, multiple Linux distros,
and clouds
Continuation of Docker’s strategy of extending the Docker EE platform for
maximum choice
PLUGINS
MainframeWindows
PLATFORMS ORCHESTRATORS
26. Seamless Integration of Kubernetes to Docker Enterprise Edition
Docker EE is designed to support multiple
orchestrators:
● EE Manager Nodes are both Swarm
managers and Kubernetes masters to
enable high availability
● Every worker node is both Kubernetes
API- and Swarm API-ready
● One management plane driving:
○ Secure software supply chain
○ Secure multi-tenancy
○ Secure and highly available node
management
Kubelet
Secure Cluster Management (Swarm-
Based)
App Scheduler
Swarm KubernetesOR
Kubelet
Docker Nodes
KubeletKubelet
Docker EE Orchestration
27. By supporting both Swarm and Kubernetes orchestration, Docker EE brings
all applications to the same platform
Enterprise
Applications
+ SOA
Web Apps/
12-factor
Microservices
SWARM KUBERNETES
DOCKER ENTERPRISE EDITION
28. Docker for Mac / Docker for Windows adds Kubernetes option
● Same Docker developer workflow used by millions
● Developers have freedom to build Swarm- or Kubernetes-based applications on a local
machine with the same tool
● Nothing new to install, no change for existing Docker developers
29. Docker Delivers a Consistent Experience from Dev to Ops
31
DEVELOPERS IT OPERATIONS
Managed by Docker EE
On-Prem Cloud
Docker for Mac
Docker for Windows
Any App, Any Format
● Separation of concerns - keeping
Dev and Ops aligned on
responsibilities
● Same operating model across
different app types and
infrastructure platforms
31. Take a #dockerselfie
Say cheese!
1. Stand in front of / around the bday banner
2. Take an awesome selfie
3. Post on twitter & instagram using:
#dockerbday @Docker @MiskKSA @MiskTech
32. Thank you Docker Mentors!
Mentors please stand up :)
Mentors are advanced
Docker users here to answer
your Qs and help guide you
through the labs!
Just raise your hand if you
need help.
33. Learn Docker: Bday #5 Hands-On-Labs
March 2018
● Docker 101 - Linux
● Docker 101 - Windows
Description: intro to Docker on Linux or
Windows that takes you through the
basics of the platform, building your
first containers, and deploying them in
an orchestration system.
Learning Outcome: You’ll come out
understanding the basics of Docker
and orchestration.
34. Learn Docker: Bday #5 Hands-On-Labs
● Kubernetes on Docker for Mac and Docker for Windows
Description: Covers the basics of using Kubernetes on Docker for Mac and
Docker for Windows.
Learning Outcome: Understanding of basic concepts of Kubernetes and how to
create your cluster on your desktop.
● Modernizing Traditional Java Apps
● Modernizing Traditional .NET / Windows Apps
Description: Take a traditional, Java EE or ASP.NET monolithic application and
containerize it. Then break out a few pieces to have a more modern, modular
deployment of the application built on Docker EE.
Learning Outcome: Understand of the basics of application
modernization and Docker EE.
35. Learn Docker: Bday #5 Hands-On-Labs
● Deploying Multi-OS applications with Docker EE
Description: Deploy and refactor a traditional Java application on Linux,
into a microservice application, some of the services in in Java on Linux,
some in .NET on Windows, and deploy the application on a hybrid
Docker Enterprise Edition cluster with Linux and Windows nodes.
Learning Outcome: People who take this lab will learn the basics of the
Docker EE platform including secure images and orchestration using
both Swarm and Kubernetes.
36. Get Started Now
Go to the play-with-docker bday site
https://training.play-with-docker.com/beginner-linux/
https://training.play-with-docker.com/node-sql-server-docker/
for Bday5 site ask mentor
Join the slack channel - #5th-bday - on the Docker Community Slack team!
Join the Docker Community - dockr.ly/community
Join the slack channel: #5th-bday `
41. Namespaces
Processes Isolation
● host sees all processes with real PID from the Kernels perspective
● first process within PID namespace gets PID=1
Host
cnt0
ps -ef
cnt1
start.sh
java -jar ..
cnt2
start.sh
java -jar ..
health.sh
42. Resource Isolation of Process Groups
7 as of Kernel 4.10
1. MNT: Controls mount points
2. PID: Individual process table
3. NET: Network resources (IPs, routing,...)
4. IPC: Prevents the use of shared memory between processes
5. UTS: Individual host- and domain name
6. USR: Maps container UID to a different UID of the host
7. CGRP: Hides system cgroup hierarchy from container
Other (incomplete list):
● RDMA
● Syslog
● Time
43. Container Namespaces
A starting container gets his own namespaces.
PIDMNT IPCNET USR
Host
UTS CGRP
cnt0 cnt1 cnt2
But can share namespaces with other containers or even the host
44. Host
All In
When using all host namespaces - we are on the host (almost like ssh).
PIDMNT IPCNET USRUTS CGRP
cnt0
$ docker run -ti --rm
--privileged
--security-opt=seccomp=unconfined
--pid=host
--uts=host
--ipc=host
--net=host
-v /:/host
ubuntu bash
root@linuxkit-025000000001:/# chroot /host
/ # ash
/ #
49. Architecture on Linux
Operating System
Control Groups
(cgroups)
Namespaces
(mnt,pid,ipc,...)
Layer Capabilities
AUFS,overlay,...
Other OS
Functionality
Docker Engine
REST interface
libcontainerd libnetwork storage plugins
containerd + runc
Docker Client Docker Compose Docker Registry Docker Swarm/K8s
50. Runtime
runc + containerd
●
● containerd
An industry-standard container runtime with an emphasis on simplicity, robustness and portability.
● runc
CLI tool for spawning and running containers according to the OCI specification
rootfs
config.json
runc executed container
51. libnetwork
Provide IP connectivity
The goal of libnetwork is to deliver a robust Container Network
Model that provides a consistent programming interface and the
required network abstractions for applications.
53. Plugins
Extend Functionality of the Engine
Framework to ‘intercept’ certain API calls and act on them.
Current supported drivers:
- VolumeDriver
- NetworkDriver
- IPAMDriver
- LogDriver
- MetricsCollector
- Authentication (authz)
// VolumeDriver
type Driver interface {
Create(Request) Response
List(Request) Response
Get(Request) Response
Path(Request) Response
Mount(Request) Response
Unmount(Request) Response
Capabilities(Request) Response
}
54. Architecture on Windows
Operating System
Other OS
Functionality
Docker Engine
REST interface
libcontainer libnetwork storage plugins
Docker Client Docker Compose Docker Registry Docker Swarm/K8s
Host Compute Service
Control Groups Namespaces Layer Capabilities
Object Namespace,
Process Table,
Networking
Job Objects Registry, Union like
filesystem extension
56. Docker is the only Containers-as-a-Service platform for IT that manages and secures
diverse applications across disparate infrastructure, both on-premises and in the cloud
Multi-Architecture
Operations
Infrastructure Independence
Secure Software
Supply Chain
COST SAVINGS
Linux Mainframe AWS Azure Other Public
Clouds
Windows
ENGINE FOR INNOVATION
DOCKER ENTERPRISE EDITION
57. Docker Enterprise Edition Capabilities
Enterprise Edition
Optimized Container Engine
Integrated App and Cluster
Management
Certification and Support
Policy Management
Image Scanning and
Monitoring
Secure Access and
User Management
Content Trust and
Verification
Application and
Cluster Management
Image Management
Security
Distributed State
Network
Container Runtime
Volumes
Orchestration
Application Composition, Deployment and Reliability
Certified Containers Certified Plugins
Certified Infrastructure
58. Don’t miss the container industry event of the year!
Register now: https://2018.dockercon.com/
Special 10% Discount Code: BIRTHDAY10
*good for full conference passes only
Check out the Docker blog for an early preview of the agenda:
https://blog.docker.com
59. Get Docker Certified!
Continue your learning journey and set yourself apart
Go to http://success.docker.com/certification