Containers and Cloud: From LXC to Docker to Kubernetes

Containers and Cloud: From LXC to Docker to Kubernetes

Shreyas MMwww.shreyasmm.com

Cloud Systems with Hypervisor

Apps – Django, Rails, Structs, Hybernate

Guest OS – RedHat ,Ubuntu, CentOS

Many payloads

● Backend services (API)● Databases● Distributed stores● Webapps

● Go● Java● Node.js● PHP● Python● Ruby● CherryPy● Django● Flask● Plone

+ Your Code

Many Targets

Your local development environment Your coworkers' development environment Your Q&A team's test environment Some random demo/test server The staging server(s) The production server(s) Bare metal Virtual machines Shared hosting

What the Problem ? The Matrix from Hell

What the Problem ? The Matrix from Hell

Real World Cargo Transport Pre-1960

Another Matrix from Hell

Solution - Containers

Solution: Intermodal Shipping Container

Solution - Containers

Linux Containers (LXC)

• Units of software delivery (ship it!)• Run everywhere

– Regardless of kernel version– Regardless of host distro– (but container and host architecture must match*)

• Run anything– If it can run on the host, it can run in the container– i.e., if it can run on a Linux kernel, it can run

What are Linux Containers exactly?

High level approach: it's a lightweight VM• Own process space• Own network interface• Can run stuff as root• Can have its own /sbin/init

(different from the host)

What are Linux Containers exactly?

Low level approach: it's chroot on steroids• Can also not have its own /sbin/init• Container = isolated process(es)• Share kernel with host

Containers Implementation History

Different OS Implement Differently• Unix – chroot (1979)• FreeBSD – jails• Solaris 11 – zones• HP-UX containers• IBM AIX workload partitions.• Linux - LXC

Docker

• Docker is an open source project• Systematic way to automate the faster deployment of Linux

applications inside portable containers• Docker extends LXC with a kernel-and application-level API that

together run processes in isolation: CPU, memory, I/O, network• Docker containers are created using base images

Docker is a Container System for Code

Docker Eliminates the Matrix from Hell

Docker Eliminates the Matrix from Hell

Containers are Isolated , butShare OS & Where appropriate Bins/Libs

Containers before Docker

Containers After Docker

How Docker Works

• You can build Docker images that hold your applications

• You can create Docker containers from those Docker images to run your applications.

• You can share those Docker images via Docker Hub or your own registry

Docker File

• Like a Makefile (shell script with keywords) • Extends from a Base Image • Results in a new Docker Image • A Docker file lists the steps needed to build an images• docker build is used to run a Docker file• Can define default command for docker run, ports to expose, etc

Docker File

Some Docker Cmds

docker run => Create a new containerdocker stop => Stop a running containerdocker start => Start an existing containerdocker restart => Restart an existing containerdocker ps => List existing containersdocker inspect => Get low-level container/image informationdocker rm => Delete an existing containerdocker exec => Run a command in a running container

Docker Benefits

Packaging and distribution Sandboxing Networking

Docker Benefits

Orchestration Identity Authorization

Kubernetes

Kubernetes is an open sourceorchestration system for containers

Kubernetes

POD = Group of tightly coupled containers ▸ Various services composing an application ▸ All containers always scheduled on same node ▸ Unique IP address per POD ▸ Do not reschedule themselves

CONTROLLER = Implements the control loop ▸ Ensures desired # of pods are running

Kubernetes

Kubernetes is an open sourceorchestration system for containers

POD & CONTROLLER DEFINITION SAMPLE

Kubernetes Services

▸ Logical abstraction for a set of pods ▸ Label selector express which pods implement a given service ▸ Defines a public endpoint similar to a Virtual IP ▸ exposes 1 or more TCP/UDP ports ▸ Forwards requests to pods through DNAT (Destination NAT)

SERVICE DEFINITION SAMPLE

Kubernetes LABELS AND SELECTORS

▸ Labels: metadata (key/value pairs) applied to resources ▸ Examples:

environment = { dev | qa | staging | prod}network_qos = { standard | premium | guaranteed }

Containers, docker, and Kubernetes seem to haveSparked the hope of a universal Cloud application and

Deployment technology.

Conclusion

• Containers and Cloud: From LXC to Docker to Kubernetes –DAVID BERNSTEIN• www.docker.com• www.kubernetes.com• P. Mell and T. Grance, The NIST Definition of Cloud Computing: Recommendations

of the National Institute of Standards and Technology, NIST Special Publication 800-145, 2011.

References

Thank You

Shreyas MM@MMShreyas

www.shreyasmm.com