SlideShare a Scribd company logo

Containers: from development to production at DevNation 2015

Jérôme Petazzoni
Jérôme Petazzoni

In Docker, applications are shipped using a lightweight format, managed with a high-level API, and run within software containers which abstract the host environment. Operating details like distributions, versions, and network setup no longer matter to the application developer. Thanks to this abstraction level, we can use the same container across all steps of the life cycle of an application, from development to production. This eliminates problems stemming from discrepancies between those environments. Even so, these environments will always have different requirements. If our quality assurance (QA) and production systems use different logging systems, how can we still ship the same container to both? How can we satisfy the backup and security requirements of our production stack without bloating our development stack? In this sess, you will learn about the unique features in containers that allow you to cleanly decouple system administrator tasks from the core of your application. We’ll show you how this decoupling results in smaller, simpler containers, and gives you more flexibility when building, managing, and evolving your application stacks.

1 of 47
Downloaded 69 times
Containers: from development to production at DevNation 2015
Containers from development to production Jérôme Petazzoni @jpetazzo Docker Inc. @docker
Who am I? ● Jérôme Petazzoni (@jpetazzo) ● Joined Docker (dotCloud) more than 4 years ago (I was at Docker before it was cool!) ● I have built and scaled the dotCloud PaaS ● I learned a few things about running containers (in production)
Outline ● Intro / pop quizz about Docker and containers ● VMs and containers: technical differences ● VMs and containers: functional differences ● Our goal: lean containers ● Composing stacks of containers
Recap about Docker and containers
Build, ship and run any app, anywhere
Take any Linux program, and put it in a container ● Web apps and services, workers (Go, Java, Node, PHP, Python, Ruby…) ● Data stores: SQL, NoSQL, big data (Cassandra, ElasticSearch, Hadoop, Mongo, MySQL, PostgreSQL, Redis...) ● Other server-y things (Consul, Etcd, Mesos, RabbitMQ, Zookeeper...) ● Command-line tools (AWS CLI, Ffmpeg...) ● Desktop apps (Chrome, LibreOffice, Skype, Steam…)
What about non-Linux programs? ● Desktop apps with Wine – e.g.: Spotify client ● Coming soon: Docker for Windows – run Windows app on Windows machines ● Coming soon: Docker for FreeBSD – port in progress ● Coming eventually: Docker for OS X – technically possible; but is this useful?
Ship that container easily and efficiently ● Docker comes with an image distribution protocol ● Distribution server can be hosted by Docker Inc. – free for public images ● Distribution protocol is public ● Open source reference implementation – used by Docker Inc. for the public registry ● Container images are broken down into layers ● When updating and distributing an image, only ship relevant layers
Run those containers anywhere ● Containers can run in VMs or in physical machines ● Docker is available on all modern Linux variants ● Many IAAS providers have server images with Docker ● On OS X and Windows dev machines: boot2docker ● There are distros dedicated to run Docker containers – Atomic, CoreOS, RancherOS, Snappy Core... ● Other Docker implementations exist (e.g. Joyent Triton) ● Docker-as-a-Service providers are blooming
VMs and containers: technical differences
Portability ● Containers can run on top of public cloud – run the same container image everywhere ● Nested hypervisors (VMs in VMs) exist, but still rare ● Containers are easy to move – thanks to layers, distribution protocol, registry... ● VM images have to be converted and transferred – both are slow operations
Format & environment ● VM – executes machine code – environment = something that looks like a computer ● JVM – executes JVM bytecode – environment = Java APIs ● Container – executes machine code – environment = Linux kernel system calls interface
Containers have low overhead ● Normal* process(es) running on top of normal kernel ● No device emulation (no extra code path involved in I/O) ● Context switch between containers = context switch between processes ● Benchmarks show no difference at all between containers and bare metal (after adequate tuning and options have been selected) ● Containers have higher density *There are extra "labels" denoting membership to given namespaces and control groups. Similar to regular UID.
VMs have stronger isolation ● Inter-VM communication must happen over the network – Some hypervisors have custom paths, but non-standard ● VMs can run as non-privileged processes on the host – Breaking out of a VM will have ~zero security impact ● Containers run on top of a single kernel – Kernel vulnerability can lead to full scale compromise ● Containers can share files, sockets, FIFOs, memory areas… – They can communicate with standard UNIX mechanisms
Analogy: brick walls vs. room dividers ● Brick walls – sturdy – slow to build – messy to move ● Room dividers – fragile – deployed in seconds – moved easily
Blurring lines ● Intel Clear Containers; Clever Cloud – stripped down VMs, boot super fast, tiny footprint ● Joyent Triton – Solaris "branded zones," running Linux binaries securely, exposing the Docker API ● Ongoing efforts to harden containers – GRSEC, SELinux, AppArmor
VMs and containers: functional differences
Inside ● VMs need a full OS and associated tools (Backups, logging, periodic job execution, remote access...) ● Containers can go both ways: – machine container (runs init, cron, ssh, syslog ... and the app) – application container (runs the app and nothing else; relies on external mechanisms)
VM lifecycle ● Option 1: long lifecycle (provisioning→update→update→…→update→disposal) – easily leads to configuration drift (subtle differences that add up over time) – requires tight configuration management ● Option 2: golden images (phoenix servers, immutable infrastructure ...) – create new image for each modification – deploy by replacing old servers with new servers – nice and clean, but heavy and complex to setup
Container lifecycle ● Containers are created from an image ● Image creation is easy ● Image upgrade is fast ● Immutable infrastructure is easy to implement Why? Because container snapshots are extremely fast and cheap.
Development process (VMs) ● Best practice in production = 1 VM per component ● Not realistic to have 1 VM per component in dev ● Also: prod has additional/different components (e.g.: logging, monitoring, service discovery...) ● Result: very different environment for dev & prod
Development process (containers) ● Run tons of containers on dev machines ● Build the same container for dev & prod ● How do we provide container variants?
Bloated containers ● Containers have all the software required for production ● In dev mode, only essential processes are started ● In prod mode, additional processes run as well ● Problems: – bigger containers – behavior can differ (because of extra processes) – extra processes duplicated between containers – hard to test those extra processes in isolation
Lean containers
Principle ● "Do one thing, do it well" ● One container for the component itself ● One container for logging ● One container for monitoring ● One container for backups ● One container for debugging (when needed) ● etc.
Implementation (general principles) ● Containers can share almost anything, selectively – files (logs, data at rest, audit) – network stack (traffic routing and analysis, monitoring) – process space, memory (process tracing and debugging)
Let's dive into the details
Logging (option 1: Docker logging drivers) ● Containers write to standard output ● Docker has different logging drivers: – writes to local JSON files by default – can send to syslog Imperfect solution for now, but will be improved. Preferred in the long run.
Logging (option 2: shared log directory) ● Containers write regular files to a directory ● That directory is shared with another container docker run -d --name myapp1 -v /var/log myapp:v1.0 ● In development setup: docker run --volumes-from myapp1 ubuntu sh -c 'tail -F /var/log/*' ● In production: docker run -d --volumes-from myapp1 logcollector
Logging takeaways ● Application can be "dumb" about logging ● Log collection and shipping happens in Docker, or in separate(s) container(s) ● Run custom log analyzer without changing app container (e.g. apachetop) ● Migrate logging system without changing app container
"Yes, but..." ● "What about performance overhead?" – no performance overhead – both containers access files directly (just like processes running on the same machine) ● "What about synchronization issues?" – same as previous answer!
Backups (file-based) ● Store mutable data on Docker volumes (same mechanism as for logs) ● Share volumes with special-purpose backup containers ● Put backup tools in the backup container (boto, rsync, s3cmd, unison...) docker run --volumes-from mydb1 ubuntu rsync -av /var/lib/ backup@remotehost:mydb1/ ● The whole setup doesn't touch the app (or DB) container
Backups (network-based) ● Run the backup job (`pg_dump`, `mysqldump`, etc.) from a separate container ● Advantages (vs. running in the same container): – nothing to install in the app (or DB) container – if the backup job runs amok, it remains contained (!) – another team can maintain backup jobs (and be responsible for them)
Network analysis ● Packet capture (`tcpdump`, `ngrep`, `ntop`, etc.) ● Low-level metrics (`netstat`, `ss`, etc.) ● Install required tools in a separate container image ● Run a container in the same *network namespace* docker run -d --name web1 nginx docker run -ti --net container:web1 tcpdump -pni eth0 docker run -ti --net container:web1 ubuntu ss -n --tcp
Service discovery ● Docker can do linking and generic DNS injection ● Your code connects to e.g. redis (pretending that redis resolves to something) ● Docker adds a DNS alias* so that redis resolves to the right container, or to some external service ● In dev, Docker Compose manages service dependencies ● In prod, you abstract service discovery from the container *Really, an entry in the container's /etc/hosts
Service discovery in practice ● When service A needs to talk to service B... 1. Start container B on a Docker host 2. Retrieve host+port allocated for B 3. Start ambassador (relaying to this host+port) 4. Start container A linked to ambassador 5. Profit!
General pattern ● Your code runs in the same container in dev and prod ● Add "sidekick*" containers for additional tasks ● Developers don't have to be bothered about ops ● Ops can do their job without messing with devs' code *Kubernetes sometimes calls them "sidecars."
Composing stacks of containers
Docker Compose
docker-compose.yml rng: build: rng redis: image: redis webui: build: webui links: - redis ports: - "80:80" hasher: build: hasher worker: build: worker links: - rng - hasher - redis
Docker Compose ● Start whole stack with `docker-compose up` ● Start individual containers (and their dependencies) with `docker-compose up xyz` ● Takes care of container lifecycle (creation, update, data persistence, scaling up/down...) ● Doesn't automatically solve networking and discovery (yet) ... However ...
docker-compose.yml, reloaded hasher: build: hasher worker: build: worker links: - rng - hasherproxy:hasher - redis hasherproxy: image: jpetazzo/hamba links: - hasher command: 80 hasher 80 (This was automatically generated by a tiny Python script.)
Heads up! ● Docker networking is evolving quickly ● Docker 1.7 (released last week) supports internally: – "networks" as first class objects – multiple networks – overlay driver allowing to span networks across multiple hosts – networking plugins from ecosystem partners ● Those features will gradually be exposed over API/CLI ● Check the DockerCon demos!
Conclusions
● Containers can share more context than VMs ● We can use this to decouple complexity (think "microservices" but for ops/devs separation) ● All tasks typically requiring VM access can be done in separate containers ● As a result, deployments are broken down in smaller, simpler pieces ● Complex stacks are expressed with simple YAML files ● Docker isn't a "silver bullet" to solve all problems, but it gives us tools that make our jobs easier
Thanks! Questions? @jpetazzo @docker
Ad

Recommended

Microservices. Microservices everywhere! (At OSCON 2015)
Microservices. Microservices everywhere! (At OSCON 2015)Microservices. Microservices everywhere! (At OSCON 2015)
Microservices. Microservices everywhere! (At OSCON 2015)
Jérôme Petazzoni
 
Docker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing MeetupDocker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing Meetup
Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionIntroduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Jérôme Petazzoni
 
Immutable infrastructure with Docker and containers (GlueCon 2015)
Immutable infrastructure with Docker and containers (GlueCon 2015)Immutable infrastructure with Docker and containers (GlueCon 2015)
Immutable infrastructure with Docker and containers (GlueCon 2015)
Jérôme Petazzoni
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12X
Jérôme Petazzoni
 
JOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to ProductionJOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to Production
Jordan Open Source Association
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
dotCloud
 
Docker: automation for the rest of us
Docker: automation for the rest of usDocker: automation for the rest of us
Docker: automation for the rest of us
Jérôme Petazzoni
 
JOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to dockerJOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to docker
Jordan Open Source Association
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Layne Peng
 
Deploy microservices in containers with Docker and friends - KCDC2015
Deploy microservices in containers with Docker and friends - KCDC2015Deploy microservices in containers with Docker and friends - KCDC2015
Deploy microservices in containers with Docker and friends - KCDC2015
Jérôme Petazzoni
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with Docker
Jérôme Petazzoni
 
Introduction to Docker and deployment and Azure
Introduction to Docker and deployment and AzureIntroduction to Docker and deployment and Azure
Introduction to Docker and deployment and Azure
Jérôme Petazzoni
 
Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker
vishnu rao
 
Intro to containerization
Intro to containerizationIntro to containerization
Intro to containerization
Balint Pato
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCS
Frank Munz
 
From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
Jérôme Petazzoni
 
Orchestrating Docker containers at scale
Orchestrating Docker containers at scaleOrchestrating Docker containers at scale
Orchestrating Docker containers at scale
Maciej Lasyk
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Alan Forbes
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9
Jérôme Petazzoni
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
MANAOUIL Karim
 
Orchestration for the rest of us
Orchestration for the rest of usOrchestration for the rest of us
Orchestration for the rest of us
Jérôme Petazzoni
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux Container
Balaji Rajan
 
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
dotCloud
 
Docker - introduction
Docker - introductionDocker - introduction
Docker - introduction
Michał Kurzeja
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshop
Runcy Oommen
 
How to contribute to large open source projects like Docker (LinuxCon 2015)
How to contribute to large open source projects like Docker (LinuxCon 2015)How to contribute to large open source projects like Docker (LinuxCon 2015)
How to contribute to large open source projects like Docker (LinuxCon 2015)
Jérôme Petazzoni
 
Docker Non Technical Presentation
Docker Non Technical PresentationDocker Non Technical Presentation
Docker Non Technical Presentation
Jérôme Petazzoni
 
Ad

More Related Content

What's hot (20)

Docker: automation for the rest of us
Docker: automation for the rest of usDocker: automation for the rest of us
Docker: automation for the rest of us
Jérôme Petazzoni
 
JOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to dockerJOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to docker
Jordan Open Source Association
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Layne Peng
 
Deploy microservices in containers with Docker and friends - KCDC2015
Deploy microservices in containers with Docker and friends - KCDC2015Deploy microservices in containers with Docker and friends - KCDC2015
Deploy microservices in containers with Docker and friends - KCDC2015
Jérôme Petazzoni
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with Docker
Jérôme Petazzoni
 
Introduction to Docker and deployment and Azure
Introduction to Docker and deployment and AzureIntroduction to Docker and deployment and Azure
Introduction to Docker and deployment and Azure
Jérôme Petazzoni
 
Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker
vishnu rao
 
Intro to containerization
Intro to containerizationIntro to containerization
Intro to containerization
Balint Pato
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCS
Frank Munz
 
From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
Jérôme Petazzoni
 
Orchestrating Docker containers at scale
Orchestrating Docker containers at scaleOrchestrating Docker containers at scale
Orchestrating Docker containers at scale
Maciej Lasyk
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Alan Forbes
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9
Jérôme Petazzoni
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
MANAOUIL Karim
 
Orchestration for the rest of us
Orchestration for the rest of usOrchestration for the rest of us
Orchestration for the rest of us
Jérôme Petazzoni
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux Container
Balaji Rajan
 
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
dotCloud
 
Docker - introduction
Docker - introductionDocker - introduction
Docker - introduction
Michał Kurzeja
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshop
Runcy Oommen
 
Docker: automation for the rest of us
Docker: automation for the rest of usDocker: automation for the rest of us
Docker: automation for the rest of us
Jérôme Petazzoni
 
JOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to dockerJOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to docker
Jordan Open Source Association
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Layne Peng
 
Deploy microservices in containers with Docker and friends - KCDC2015
Deploy microservices in containers with Docker and friends - KCDC2015Deploy microservices in containers with Docker and friends - KCDC2015
Deploy microservices in containers with Docker and friends - KCDC2015
Jérôme Petazzoni
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with Docker
Jérôme Petazzoni
 
Introduction to Docker and deployment and Azure
Introduction to Docker and deployment and AzureIntroduction to Docker and deployment and Azure
Introduction to Docker and deployment and Azure
Jérôme Petazzoni
 
Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker
vishnu rao
 
Intro to containerization
Intro to containerizationIntro to containerization
Intro to containerization
Balint Pato
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCS
Frank Munz
 
From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
Jérôme Petazzoni
 
Orchestrating Docker containers at scale
Orchestrating Docker containers at scaleOrchestrating Docker containers at scale
Orchestrating Docker containers at scale
Maciej Lasyk
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Alan Forbes
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9
Jérôme Petazzoni
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
MANAOUIL Karim
 
Orchestration for the rest of us
Orchestration for the rest of usOrchestration for the rest of us
Orchestration for the rest of us
Jérôme Petazzoni
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux Container
Balaji Rajan
 
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
dotCloud
 
Docker - introduction
Docker - introductionDocker - introduction
Docker - introduction
Michał Kurzeja
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshop
Runcy Oommen
 

Viewers also liked (17)

How to contribute to large open source projects like Docker (LinuxCon 2015)
How to contribute to large open source projects like Docker (LinuxCon 2015)How to contribute to large open source projects like Docker (LinuxCon 2015)
How to contribute to large open source projects like Docker (LinuxCon 2015)
Jérôme Petazzoni
 
Docker Non Technical Presentation
Docker Non Technical PresentationDocker Non Technical Presentation
Docker Non Technical Presentation
Jérôme Petazzoni
 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Jérôme Petazzoni
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Jérôme Petazzoni
 
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Jérôme Petazzoni
 
Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Jérôme Petazzoni
 
The Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deploymentThe Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deployment
Jérôme Petazzoni
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Jérôme Petazzoni
 
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Jérôme Petazzoni
 
A Picture Costs A Thousand Words
A Picture Costs A Thousand WordsA Picture Costs A Thousand Words
A Picture Costs A Thousand Words
Guy Podjarny
 
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/20146 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
Christian Beedgen
 
Containers - Transforming the data centre as we know it 2016
Containers - Transforming the data centre as we know it 2016Containers - Transforming the data centre as we know it 2016
Containers - Transforming the data centre as we know it 2016
Keith Lynch
 
Impact of big data on analytics
Impact of big data on analyticsImpact of big data on analytics
Impact of big data on analytics
Capgemini
 
Containers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific TrioContainers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific Trio
Jérôme Petazzoni
 
Apache Kylin: OLAP Engine on Hadoop - Tech Deep Dive
Apache Kylin: OLAP Engine on Hadoop - Tech Deep DiveApache Kylin: OLAP Engine on Hadoop - Tech Deep Dive
Apache Kylin: OLAP Engine on Hadoop - Tech Deep Dive
Xu Jiang
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EE
Docker, Inc.
 
3Com 07-0294-000
3Com 07-0294-0003Com 07-0294-000
3Com 07-0294-000
savomir
 
How to contribute to large open source projects like Docker (LinuxCon 2015)
How to contribute to large open source projects like Docker (LinuxCon 2015)How to contribute to large open source projects like Docker (LinuxCon 2015)
How to contribute to large open source projects like Docker (LinuxCon 2015)
Jérôme Petazzoni
 
Docker Non Technical Presentation
Docker Non Technical PresentationDocker Non Technical Presentation
Docker Non Technical Presentation
Jérôme Petazzoni
 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Jérôme Petazzoni
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Jérôme Petazzoni
 
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Jérôme Petazzoni
 
Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Jérôme Petazzoni
 
The Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deploymentThe Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deployment
Jérôme Petazzoni
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Jérôme Petazzoni
 
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Jérôme Petazzoni
 
A Picture Costs A Thousand Words
A Picture Costs A Thousand WordsA Picture Costs A Thousand Words
A Picture Costs A Thousand Words
Guy Podjarny
 
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/20146 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
Christian Beedgen
 
Containers - Transforming the data centre as we know it 2016
Containers - Transforming the data centre as we know it 2016Containers - Transforming the data centre as we know it 2016
Containers - Transforming the data centre as we know it 2016
Keith Lynch
 
Impact of big data on analytics
Impact of big data on analyticsImpact of big data on analytics
Impact of big data on analytics
Capgemini
 
Containers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific TrioContainers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific Trio
Jérôme Petazzoni
 
Apache Kylin: OLAP Engine on Hadoop - Tech Deep Dive
Apache Kylin: OLAP Engine on Hadoop - Tech Deep DiveApache Kylin: OLAP Engine on Hadoop - Tech Deep Dive
Apache Kylin: OLAP Engine on Hadoop - Tech Deep Dive
Xu Jiang
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EE
Docker, Inc.
 
3Com 07-0294-000
3Com 07-0294-0003Com 07-0294-000
3Com 07-0294-000
savomir
 
Ad

Similar to Containers: from development to production at DevNation 2015 (20)

LXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryLXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software Delivery
Docker, Inc.
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
TheFamily
 
Introduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange CountyIntroduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange County
Jérôme Petazzoni
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
Jérôme Petazzoni
 
Introduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkIntroduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New York
Jérôme Petazzoni
 
A Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and Containers
Docker, Inc.
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Marcelo Ochoa
 
JOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in ProductionJOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in Production
Jordan Open Source Association
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to production
muayyad alsadi
 
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Jérôme Petazzoni
 
Containing the world with Docker
Containing the world with DockerContaining the world with Docker
Containing the world with Docker
Giuseppe Piccolo
 
Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker Fundamentals
Anshul Patel
 
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ElasTest Project
 
Docker+java
Docker+javaDocker+java
Docker+java
DPC Consulting Ltd
 
Docker up and Running For Web Developers
Docker up and Running For Web DevelopersDocker up and Running For Web Developers
Docker up and Running For Web Developers
BADR
 
Docker Up and Running for Web Developers
Docker Up and Running for Web DevelopersDocker Up and Running for Web Developers
Docker Up and Running for Web Developers
Amr Fawzy
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
James fraser
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!
Jérôme Petazzoni
 
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Docker Intro at the Google Developer Group and Google Cloud Platform Meet UpDocker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Jérôme Petazzoni
 
Docker_AGH_v0.1.3
Docker_AGH_v0.1.3Docker_AGH_v0.1.3
Docker_AGH_v0.1.3
Witold 'Ficio' Kopel
 
LXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryLXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software Delivery
Docker, Inc.
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
TheFamily
 
Introduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange CountyIntroduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange County
Jérôme Petazzoni
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
Jérôme Petazzoni
 
Introduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkIntroduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New York
Jérôme Petazzoni
 
A Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and Containers
Docker, Inc.
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Marcelo Ochoa
 
JOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in ProductionJOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in Production
Jordan Open Source Association
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to production
muayyad alsadi
 
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Jérôme Petazzoni
 
Containing the world with Docker
Containing the world with DockerContaining the world with Docker
Containing the world with Docker
Giuseppe Piccolo
 
Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker Fundamentals
Anshul Patel
 
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
ElasTest Project
 
Docker+java
Docker+javaDocker+java
Docker+java
DPC Consulting Ltd
 
Docker up and Running For Web Developers
Docker up and Running For Web DevelopersDocker up and Running For Web Developers
Docker up and Running For Web Developers
BADR
 
Docker Up and Running for Web Developers
Docker Up and Running for Web DevelopersDocker Up and Running for Web Developers
Docker Up and Running for Web Developers
Amr Fawzy
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
James fraser
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!
Jérôme Petazzoni
 
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Docker Intro at the Google Developer Group and Google Cloud Platform Meet UpDocker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Jérôme Petazzoni
 
Docker_AGH_v0.1.3
Docker_AGH_v0.1.3Docker_AGH_v0.1.3
Docker_AGH_v0.1.3
Witold 'Ficio' Kopel
 
Ad

More from Jérôme Petazzoni (7)

Use the Source or Join the Dark Side: differences between Docker Community an...
Use the Source or Join the Dark Side: differences between Docker Community an...Use the Source or Join the Dark Side: differences between Docker Community an...
Use the Source or Join the Dark Side: differences between Docker Community an...
Jérôme Petazzoni
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
Jérôme Petazzoni
 
Pipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and DockerPipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and Docker
Jérôme Petazzoni
 
Docker en Production (Docker Paris)
Docker en Production (Docker Paris)Docker en Production (Docker Paris)
Docker en Production (Docker Paris)
Jérôme Petazzoni
 
Killer Bugs From Outer Space
Killer Bugs From Outer SpaceKiller Bugs From Outer Space
Killer Bugs From Outer Space
Jérôme Petazzoni
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
Jérôme Petazzoni
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
Jérôme Petazzoni
 
Use the Source or Join the Dark Side: differences between Docker Community an...
Use the Source or Join the Dark Side: differences between Docker Community an...Use the Source or Join the Dark Side: differences between Docker Community an...
Use the Source or Join the Dark Side: differences between Docker Community an...
Jérôme Petazzoni
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
Jérôme Petazzoni
 
Pipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and DockerPipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and Docker
Jérôme Petazzoni
 
Docker en Production (Docker Paris)
Docker en Production (Docker Paris)Docker en Production (Docker Paris)
Docker en Production (Docker Paris)
Jérôme Petazzoni
 
Killer Bugs From Outer Space
Killer Bugs From Outer SpaceKiller Bugs From Outer Space
Killer Bugs From Outer Space
Jérôme Petazzoni
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
Jérôme Petazzoni
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
Jérôme Petazzoni
 

Recently uploaded (20)

Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 

Containers: from development to production at DevNation 2015

  • 2. Containers from development to production Jérôme Petazzoni @jpetazzo Docker Inc. @docker
  • 3. Who am I? ● Jérôme Petazzoni (@jpetazzo) ● Joined Docker (dotCloud) more than 4 years ago (I was at Docker before it was cool!) ● I have built and scaled the dotCloud PaaS ● I learned a few things about running containers (in production)
  • 4. Outline ● Intro / pop quizz about Docker and containers ● VMs and containers: technical differences ● VMs and containers: functional differences ● Our goal: lean containers ● Composing stacks of containers
  • 6. Build, ship and run any app, anywhere
  • 7. Take any Linux program, and put it in a container ● Web apps and services, workers (Go, Java, Node, PHP, Python, Ruby…) ● Data stores: SQL, NoSQL, big data (Cassandra, ElasticSearch, Hadoop, Mongo, MySQL, PostgreSQL, Redis...) ● Other server-y things (Consul, Etcd, Mesos, RabbitMQ, Zookeeper...) ● Command-line tools (AWS CLI, Ffmpeg...) ● Desktop apps (Chrome, LibreOffice, Skype, Steam…)
  • 8. What about non-Linux programs? ● Desktop apps with Wine – e.g.: Spotify client ● Coming soon: Docker for Windows – run Windows app on Windows machines ● Coming soon: Docker for FreeBSD – port in progress ● Coming eventually: Docker for OS X – technically possible; but is this useful?
  • 9. Ship that container easily and efficiently ● Docker comes with an image distribution protocol ● Distribution server can be hosted by Docker Inc. – free for public images ● Distribution protocol is public ● Open source reference implementation – used by Docker Inc. for the public registry ● Container images are broken down into layers ● When updating and distributing an image, only ship relevant layers
  • 10. Run those containers anywhere ● Containers can run in VMs or in physical machines ● Docker is available on all modern Linux variants ● Many IAAS providers have server images with Docker ● On OS X and Windows dev machines: boot2docker ● There are distros dedicated to run Docker containers – Atomic, CoreOS, RancherOS, Snappy Core... ● Other Docker implementations exist (e.g. Joyent Triton) ● Docker-as-a-Service providers are blooming
  • 12. Portability ● Containers can run on top of public cloud – run the same container image everywhere ● Nested hypervisors (VMs in VMs) exist, but still rare ● Containers are easy to move – thanks to layers, distribution protocol, registry... ● VM images have to be converted and transferred – both are slow operations
  • 13. Format & environment ● VM – executes machine code – environment = something that looks like a computer ● JVM – executes JVM bytecode – environment = Java APIs ● Container – executes machine code – environment = Linux kernel system calls interface
  • 14. Containers have low overhead ● Normal* process(es) running on top of normal kernel ● No device emulation (no extra code path involved in I/O) ● Context switch between containers = context switch between processes ● Benchmarks show no difference at all between containers and bare metal (after adequate tuning and options have been selected) ● Containers have higher density *There are extra "labels" denoting membership to given namespaces and control groups. Similar to regular UID.
  • 15. VMs have stronger isolation ● Inter-VM communication must happen over the network – Some hypervisors have custom paths, but non-standard ● VMs can run as non-privileged processes on the host – Breaking out of a VM will have ~zero security impact ● Containers run on top of a single kernel – Kernel vulnerability can lead to full scale compromise ● Containers can share files, sockets, FIFOs, memory areas… – They can communicate with standard UNIX mechanisms
  • 16. Analogy: brick walls vs. room dividers ● Brick walls – sturdy – slow to build – messy to move ● Room dividers – fragile – deployed in seconds – moved easily
  • 17. Blurring lines ● Intel Clear Containers; Clever Cloud – stripped down VMs, boot super fast, tiny footprint ● Joyent Triton – Solaris "branded zones," running Linux binaries securely, exposing the Docker API ● Ongoing efforts to harden containers – GRSEC, SELinux, AppArmor
  • 19. Inside ● VMs need a full OS and associated tools (Backups, logging, periodic job execution, remote access...) ● Containers can go both ways: – machine container (runs init, cron, ssh, syslog ... and the app) – application container (runs the app and nothing else; relies on external mechanisms)
  • 20. VM lifecycle ● Option 1: long lifecycle (provisioning→update→update→…→update→disposal) – easily leads to configuration drift (subtle differences that add up over time) – requires tight configuration management ● Option 2: golden images (phoenix servers, immutable infrastructure ...) – create new image for each modification – deploy by replacing old servers with new servers – nice and clean, but heavy and complex to setup
  • 21. Container lifecycle ● Containers are created from an image ● Image creation is easy ● Image upgrade is fast ● Immutable infrastructure is easy to implement Why? Because container snapshots are extremely fast and cheap.
  • 22. Development process (VMs) ● Best practice in production = 1 VM per component ● Not realistic to have 1 VM per component in dev ● Also: prod has additional/different components (e.g.: logging, monitoring, service discovery...) ● Result: very different environment for dev & prod
  • 23. Development process (containers) ● Run tons of containers on dev machines ● Build the same container for dev & prod ● How do we provide container variants?
  • 24. Bloated containers ● Containers have all the software required for production ● In dev mode, only essential processes are started ● In prod mode, additional processes run as well ● Problems: – bigger containers – behavior can differ (because of extra processes) – extra processes duplicated between containers – hard to test those extra processes in isolation
  • 26. Principle ● "Do one thing, do it well" ● One container for the component itself ● One container for logging ● One container for monitoring ● One container for backups ● One container for debugging (when needed) ● etc.
  • 27. Implementation (general principles) ● Containers can share almost anything, selectively – files (logs, data at rest, audit) – network stack (traffic routing and analysis, monitoring) – process space, memory (process tracing and debugging)
  • 28. Let's dive into the details
  • 29. Logging (option 1: Docker logging drivers) ● Containers write to standard output ● Docker has different logging drivers: – writes to local JSON files by default – can send to syslog Imperfect solution for now, but will be improved. Preferred in the long run.
  • 30. Logging (option 2: shared log directory) ● Containers write regular files to a directory ● That directory is shared with another container docker run -d --name myapp1 -v /var/log myapp:v1.0 ● In development setup: docker run --volumes-from myapp1 ubuntu sh -c 'tail -F /var/log/*' ● In production: docker run -d --volumes-from myapp1 logcollector
  • 31. Logging takeaways ● Application can be "dumb" about logging ● Log collection and shipping happens in Docker, or in separate(s) container(s) ● Run custom log analyzer without changing app container (e.g. apachetop) ● Migrate logging system without changing app container
  • 32. "Yes, but..." ● "What about performance overhead?" – no performance overhead – both containers access files directly (just like processes running on the same machine) ● "What about synchronization issues?" – same as previous answer!
  • 33. Backups (file-based) ● Store mutable data on Docker volumes (same mechanism as for logs) ● Share volumes with special-purpose backup containers ● Put backup tools in the backup container (boto, rsync, s3cmd, unison...) docker run --volumes-from mydb1 ubuntu rsync -av /var/lib/ backup@remotehost:mydb1/ ● The whole setup doesn't touch the app (or DB) container
  • 34. Backups (network-based) ● Run the backup job (`pg_dump`, `mysqldump`, etc.) from a separate container ● Advantages (vs. running in the same container): – nothing to install in the app (or DB) container – if the backup job runs amok, it remains contained (!) – another team can maintain backup jobs (and be responsible for them)
  • 35. Network analysis ● Packet capture (`tcpdump`, `ngrep`, `ntop`, etc.) ● Low-level metrics (`netstat`, `ss`, etc.) ● Install required tools in a separate container image ● Run a container in the same *network namespace* docker run -d --name web1 nginx docker run -ti --net container:web1 tcpdump -pni eth0 docker run -ti --net container:web1 ubuntu ss -n --tcp
  • 36. Service discovery ● Docker can do linking and generic DNS injection ● Your code connects to e.g. redis (pretending that redis resolves to something) ● Docker adds a DNS alias* so that redis resolves to the right container, or to some external service ● In dev, Docker Compose manages service dependencies ● In prod, you abstract service discovery from the container *Really, an entry in the container's /etc/hosts
  • 37. Service discovery in practice ● When service A needs to talk to service B... 1. Start container B on a Docker host 2. Retrieve host+port allocated for B 3. Start ambassador (relaying to this host+port) 4. Start container A linked to ambassador 5. Profit!
  • 38. General pattern ● Your code runs in the same container in dev and prod ● Add "sidekick*" containers for additional tasks ● Developers don't have to be bothered about ops ● Ops can do their job without messing with devs' code *Kubernetes sometimes calls them "sidecars."
  • 39. Composing stacks of containers
  • 41. docker-compose.yml rng: build: rng redis: image: redis webui: build: webui links: - redis ports: - "80:80" hasher: build: hasher worker: build: worker links: - rng - hasher - redis
  • 42. Docker Compose ● Start whole stack with `docker-compose up` ● Start individual containers (and their dependencies) with `docker-compose up xyz` ● Takes care of container lifecycle (creation, update, data persistence, scaling up/down...) ● Doesn't automatically solve networking and discovery (yet) ... However ...
  • 43. docker-compose.yml, reloaded hasher: build: hasher worker: build: worker links: - rng - hasherproxy:hasher - redis hasherproxy: image: jpetazzo/hamba links: - hasher command: 80 hasher 80 (This was automatically generated by a tiny Python script.)
  • 44. Heads up! ● Docker networking is evolving quickly ● Docker 1.7 (released last week) supports internally: – "networks" as first class objects – multiple networks – overlay driver allowing to span networks across multiple hosts – networking plugins from ecosystem partners ● Those features will gradually be exposed over API/CLI ● Check the DockerCon demos!
  • 46. ● Containers can share more context than VMs ● We can use this to decouple complexity (think "microservices" but for ops/devs separation) ● All tasks typically requiring VM access can be done in separate containers ● As a result, deployments are broken down in smaller, simpler pieces ● Complex stacks are expressed with simple YAML files ● Docker isn't a "silver bullet" to solve all problems, but it gives us tools that make our jobs easier