Containers and Nutanix - Acropolis Container Services
7 likes3,539 views
The document discusses the fundamentals of container technology, specifically focusing on Docker, its history, architecture, and benefits over traditional virtual machines. It highlights Docker's role in streamlining application development and deployment, emphasizing the importance of isolation, resource management, and operational efficiencies. Additionally, it addresses challenges related to container lifecycle management and emphasizes the need for integrated platforms to utilize containers effectively.
![sha256
address
Container is what
we call an image
when it is running
Image[s] is the
Filesystem
Snapshot
or tarball
Kernel Image – RO FS – /bin /mnt /var /proc
Base Image – RO FS – /usr/bin
Application Directory – RO FS – /usr/local/bin/node
Container – RW FS – /container/awesome
Union View
/container/awesome /usr/local/bin/node
/usr/bin /bin /mnt /var /proc
Layers [the secret sauce of Docker]
bins / libs are layered – Layers Are Reusable And Shared
Images
Container](https://image.slidesharecdn.com/containers-nuanix-161101203413/85/Containers-and-Nutanix-Acropolis-Container-Services-33-320.jpg)
Containers and Nutanix - Acropolis Container Services
- 1. Containers Denis Guyadeen, Product Manager Acropolis Container Services
- 2. Containers 101 “Containers are a lie we tell a process” Mark Shuttleworth
- 4. isolation ?
- 5. isolation shared resources processA processB processC processD processE processF kernel tenant 1 tenant 2 tenant 3
- 6. isolation shared resources kernel resource isolation namespace isolation processA processB processC processD processE processFtenant 1 tenant 2 tenant 3
- 7. CPU kernel resource isolation namespace isolation processA processB processC processD processE processFtenant 1 tenant 2 tenant 3 isolation
- 8. resource isolation namespace isolation CPU processA processB processC processD processE processF tenant 2 tenant 3 isolation tenant 1
- 9. resource isolation namespace isolation processA processB processC processD processE processF tenant 2 tenant 3 CPU isolation tenant 1
- 10. resource isolation namespace isolation processA processB processC processD processE processFtenant 1 tenant 2 tenant 3 CPU isolation
- 11. resource isolation namespace isolation processA processB processC processD processE processFtenant 1 tenant 2 tenant 3 cgroups CPU isolation
- 12. resource isolation namespace isolation processA processB processC processD processE processFtenant 1 tenant 2 tenant 3 cgroups processD processE processF CPU isolation
- 13. shared resources kernel resource isolation namespace isolation processA processB processC processD processE processF tenant 2 tenant 3 isolation tenant 1
- 14. kernel resource isolation namespace isolation processA processB processC processD processE processF tenant 2 tenant 3 ProcessID isolation tenant 1
- 15. resource isolation namespace isolation processA processB processC processD processE processF tenant 2 tenant 3 PID 2 3 4 5 6 7 isolation tenant 1
- 16. resource isolation namespace isolation processA processB processC processD processE processF tenant 2 tenant 3 PID 2 3 4 5 6 7 isolation tenant 1
- 17. resource isolation namespace isolation processA processB processC processD processE processF tenant 2 tenant 3 PID 2 3 4 5 6 7 isolation tenant 1
- 18. resource isolation namespace isolation processA processB processC processD processE processF tenant 2 tenant 3 PID 2 3 4 5 6 7 PID namespace isolation tenant 1
- 19. resource isolation namespace isolation processA processB processC processD processE processF tenant 2 tenant 3 PID 2 3 4 5 6 7 PID namespace isolation tenant 1
- 20. resource isolation namespace isolation processA processB processC processD processE processF tenant 2 tenant 3 PID 2 3 4 2 2 3 PID namespace isolation tenant 1
- 21. resource isolation namespace isolation processA processB processC processD processE processF tenant 2 tenant 3 PID shared resources kernel Network Mount User namespaces isolation tenant 1
- 22. ?
- 27. ? =
- 29. docker image
- 31. docker registry } docker metadata docker image (tarball)
- 33. sha256 address Container is what we call an image when it is running Image[s] is the Filesystem Snapshot or tarball Kernel Image – RO FS – /bin /mnt /var /proc Base Image – RO FS – /usr/bin Application Directory – RO FS – /usr/local/bin/node Container – RW FS – /container/awesome Union View /container/awesome /usr/local/bin/node /usr/bin /bin /mnt /var /proc Layers [the secret sauce of Docker] bins / libs are layered – Layers Are Reusable And Shared Images Container
- 34. Docker compared to Git Docker Git Image Saved State Commit Container Used for local execution Checkout Repository Collection of commits Repository Docker Hub Poplar remote server for code GitHub
- 35. Containers vs. Virtual Machines
- 36. No matter how simple the API endpoint, the OS kernel is always a huge dependency: • Debian 5.0 is 65 million lines • …but the Linux Kernel is over 25 million lines (⅓) of that! The OS is a large attack surface Tip of the Iceberg Code you want to run Code your OS insists you need!
- 37. we see the VM as the only truly safe isolation.. Until we see foolproof security for containers, we will always double-bag our customers' workloads ” “ Source: http://www.informationweek.com/cloud/infrastructure-as-a-service/google-docker-does-containers-right/d/d-id/1319146 Craig McLuckie Lead Product guy @ Google
- 38. 38 An Open Platform to Build, Ship, and Run Distributed Applications “Largest splash in computing since AWS” – The Agile Admin
- 39. New Application Architectures On-Demand Automated Infrastructures Culture Agile Development Why Docker? Why Now? While the underlying container technology has existed for quite some time, the combination of advancing technical concepts like these listed here and the developer centric implementation that Docker provided have created a “perfect storm” of demand and interest in container-based software stacks.
- 40. What is Docker? 40 • 2B+ Docker Image Downloads • 2000+ contributors • 40K+ GitHub stars • 200K+ Dockerized apps • 240 Meetups in 70 countries • 95K Meetup members Containers as a Service provider • Integrated platform for dev and IT • Commercial technical support Docker project sponsor • Primary sponsor of Docker project • Supports project maintainers The Docker Project Docker Inc
- 41. What is Docker? 41 Open Source • Docker Engine • Docker Registry • Docker Compose • Docker Swarm • Docker Machine • Docker Toolbox • Docker for Mac • Docker for Windows • Docker for AWS • Docker for Azure Commercial Product Line • Technical Support • Docker Hub (SaaS) • Docker CS Engine • Docker Trusted Registry • Docker Universal Control Plane • Docker Datacenter • Docker Cloud (SaaS) • Docker Store (SaaS) The Docker Project Docker Inc
- 42. Dev Tools Official Repositories Operating Systems Big Data Service Discovery Build / Continuous Integration Configuration Management Consulting &Training Management Storage Clustering & Scheduling Networking Infrastructure & Service Providers Security Monitoring & Logging The Docker Ecosystem
- 43. Docker Image The basis of a Docker container Docker Container The standard unit in which the application service resides Docker Engine Creates, ships and runs Docker containers deployable on physical or virtual host locally, in a datacenter or cloud service provider Docker Registry On-premises registry for image storing and collaboration Docker Basics
- 44. Loosely Coupled Services Many Small Servers ~2000 Today Monolithic Big Servers Slow changing Rapidly updated Applications are changing
- 45. Virtual machines Server Public Cloud Disaster Recovery Developer Laptop Server Cluster Data Center Static Website Web Front EndBackground Workers User DB Analytics DB Queue API Endpoint Development Test & QA Production Scale Out The challenge: new matrix from hell
- 46. Where do developers spend their time? Electric Cloud surveyed 443 software engineers on how much time they spent on each activity.
- 47. Solution: Docker containers • Packages up software binaries and dependencies • Isolates software from each other • Container is a standard format • Easily portable across environment (on-prem and across clouds) • Allows ecosystem to develop around its standard Container
- 48. Static Website Web Front End Background Workers User DB Analytics DB Queue API Endpoint Any App Anywhere Composable Dynamic Portable Solution: Docker containers
- 49. Source: Docker: Up & Running – Shipping Reliable Containers in Production A traditional Deployment Workflow (without Docker)
- 50. A Docker Deployment Workflow Source: Docker: Up & Running – Shipping Reliable Containers in Production
- 53. Nutanix Docker Machine Driver Provision Dockerized VM’s on Nutanix AHV Acropolis Hypervisor Nutanix Portal
- 54. 3 out of 10 Docker images are databases Many require persistence 54
- 56. Container Persistence Models Local Storage DAS Local Host Persistence No Durability Distributed Storage SDS SDS (Local Host Persistence) Durable Storage Data Stores Database State is in a VM or on Bare Metal Remote Storage SAN/NAS 3-Tier
- 57. STORAGE Virtualization Storage Services Container (Sidekick) ContainerContainerContainer Containe r Containe r Docker Engine Dockerized VM Volume Plugin DeviceMount ADSF – iSCSI VG Docker Daemon Nutanix Docker Volume Driver
- 58. https://twitter.com/mfdii/status/6975323872409968 64 Containers in Production is Hard ¤ Scheduling: Where should my containers run? ¤ Lifecycle and health: Keep my containers running despite failures ¤ Discovery: Where are my containers now? ¤ Monitoring: What’s happening with my containers? ¤ Auth{n,z}: Control who can do things to my containers ¤ Aggregates: Compose sets of containers into jobs ¤ Scaling: Making jobs bigger or smaller ¤ Secrets: How do I protect passwords, certs, ssh keys, etc? ¤ Networking: How do I automate networking on my containers? I need cluster store for networking? ¤ Logging: how do I store the logs for N
- 59. Engineering Sales Finance Manufacturing Nutanix Self Service Portal
- 60. Engineering Sales Finance Manufacturing Quota Quota Quota Quota Enterprise Cloud Nutanix Self Service Portal
- 61. Engineering Sales Finance Manufacturing Quota Quota Quota Quota Enterprise Cloud Integrated Self Service Provisioning Granular Access Controls & Quotas Frictionless Service Delivery Nutanix Self Service Portal
- 62. Acropolis Container Service Provision Containers on Demand Multi-Tenant Agility for developers Control through quotas Flexible granular RBAC Developer Admin
- 63. Resources Acropolis Container Services Docker Container Best Practices Guide Blog: Containers enters Acropolis Tech TopX: Introduction to Docker on Nutanix Nutanix Bible - Container Services Nutanix Acropolis 4.7 - Container Support Demo
- 64. Thank You