ok so i have all these containers what now
play

OK, so I have all these Containers What now? Image by Connie Zhou - PowerPoint PPT Presentation

Mar 31, 2023 •218 likes •755 views

OK, so I have all these Containers What now? Image by Connie Zhou Developer View job hello_world = { runtime = { cell = 'ic' } // Cell (cluster) to run in binary = '.../hello_world_webserver' // Program to run args = { port =

  1. OK, so I have all these Containers What now?

  2. Image by Connie Zhou

  3. Developer View job hello_world = { runtime = { cell = 'ic' } // Cell (cluster) to run in binary = '.../hello_world_webserver' // Program to run args = { port = '%port%' } // Command line parameters requirements = { // Resource requirements ram = 100M disk = 100M cpu = 0.1 } 10000 replicas = 5 // Number of tasks } #kubernetes @tekgrrl

  4. Developer View #kubernetes @tekgrrl

  5. Binary Config Developer View file web browsers borgcfg web browsers BorgMaster What just BorgMaster UI shard BorgMaster UI shard BorgMaster UI shard BorgMaster UI shard UI shard happened? persistent store Scheduler scheduler (Paxos) link shard link shard link shard link shard link shard Borglet Borglet Borglet Borglet #kubernetes @tekgrrl

  6. Hello world! Hello Hello Hello Hello world! world! Hello Hello Hello Hello Hello Hello world! world! Hello Hello world! world! Hello Hello Hello Hello world! world! world! world! Hello Hello Hello Hello Hello world! world! world! world! Hello Hello Hello world! Hello world! Hello Hello Hello Hello world! world! Hello Hello world! world! Hello world! Hello Hello world! world! world! world! Hello Hello world! Hello world! world! world! world! world! Hello Hello world! world! world! Hello world! world! Hello Hello world! Hello Hello world! Hello world! Hello world! Hello Hello world! world! Hello world! world! world! world! Hello world! world! world! world! Image by Connie Zhou

  7. Guestbook App MySQL php Client php php PHP memcached #kubernetes @tekgrrl

  8. Containers

  9. Old Way: Shared Machines No isolation No namespacing app app Common libs app app Highly coupled apps and OS libs kernel #kubernetes @tekgrrl

  10. Old Way: Virtual Machines Some isolation Inefficient app app libs libs Still highly coupled to the guest OS kernel kernel Hard to manage app app libs libs kernel kernel #kubernetes @tekgrrl

  11. New Way: Containers app app libs libs app app libs libs kernel #kubernetes @tekgrrl

  12. Container Images An image is a stack of Read-Only file ● system layers. App Usual process: ● PHP & Apache build ○ push to repository ○ Libs pull to execution host ○ Debian start container from image ○ #kubernetes @tekgrrl

  13. Image Layers Read / Write Read / Write Read / Write A container is a process ● started with kernel restrictions ○ a stack of shared Read-Only ○ App file system layers PHP & Apache plus a process specific Read- ○ Libs Write layer Debian Every new container gets a new ● Read-Write later. All containers from the same image start from exactly the same state! #kubernetes @tekgrrl

  14. Mounting Host Directories It's possible to mount host ● directories into a container's filesystem. host Read / dir Write These are mutable and do outlive ● App the container. PHP & Apache They're only available on that host. ● Libs Debian #kubernetes @tekgrrl

  15. Docker Example App Docker Memcached MySQL PHP & Apache Engine libs libs libs libs Debian Server #kubernetes @tekgrrl

  16. Why containers? • Performance • Repeatability • Quality of service • Accounting • Portability A fundamentally different way of managing applications Images by Connie Zhou

  17. containers are awesome let's use lots of them! #kubernetes @tekgrrl

  18. Demo

  19. Kubernetes

  20. Kubernetes Greek for “Helmsman” ; also the root of the word “Governor” • Orchestrator for Docker containers • Supports multi-cloud environments • Inspired and informed by Google’s experiences and internal systems • Open source , written in Go Manage applications, not machines

  21. Concepts Intro Container Pod Service Volume Replication Controller Label Node #kubernetes @tekgrrl

  22. Developer View (Kubernetes) web browsers web browsers Kube-UI Kubernetes Master kubectl Replication Scheduler Controller Proxy API Server <Your App> Container Registry Kubelet Kubelet Kubelet Kubelet y @tekgrrl #kubernetes #gotoldn

  23. Cluster Options From Laptop to high-availability multi-node cluster Hosted or self managed On-Premise or Cloud Bare Metal or Virtual Machines Many options, See Matrix for details Kubernetes Cluster Matrix: http://bit.ly/1MmhpMW

  24. So what do we run on the nodes? Containers?

  25. Demo

  26. Pods Consumers The atom of scheduling for containers Application specific “logical host” Ephemeral • can die and be replaced Web Server Single container pods can be created directly from a container image Volume Pod #kubernetes @tekgrrl

  27. Pods Github Consumers Can be used to group containers & shared volumes Containers are tightly coupled Git Node.js App Shared namespace Synchronizer Container • Shared network IP and port namespace Ephemeral • Containers in pods live and die together Volume Pod Think in terms of services that you usually run on the same machine

  28. Volume Bound to the Pod that encloses it Look like Directories to Containers What and where they are determined by Volume Type Many Volume options Pod EmptyDir ● Lives with the pod ○

  29. Volume Bound to the Pod that encloses it Look like Directories to Containers What and where they are determined by Volume Type Many Volume options Pod EmptyDir ● HostPath ● /<rootdir> Maps to directory on host ○ | |__/etc Use with caution ○ |--/usr |--/var | |--/log

  30. Volume Bound to the Pod that encloses it Look like Directories to Containers What and where they are determined by Volume Type Many Volume options Pod EmptyDir ● HostPath ● nfs (and similar services) ● NFS

  31. Volume Bound to the Pod that encloses it Look like Directories to Containers What and where they are determined by Volume Type Many Volume options Pod EmptyDir ● HostPath ● nfs (and similar services) ● Cloud Provider Block Storage ●

  32. Labels ← These are important Dashboard Dashboard Pod Pod Pod Pod Pod frontend frontend show: type = FE show: version = v2 type = FE type = FE version = v2 version = v2 Behavior Benefits Metadata with semantic meaning Allow for intent of many users (e.g. dashboards) ● ➔ Membership identifier Build higher level systems … ● ➔ The only Grouping Mechanism Queryable by Selectors ● ➔ #kubernetes @tekgrrl

  33. Developer View (Replication Controller) selector: name: frontend … spec: containers: - name: php-guestbook image: php-guestbook:europython resources: limits: memory: "128Mi" cpu: "500m" ports: - containerPort: 80 protocol: TCP 10000 replicas: 1 #kubernetes @tekgrrl

  34. Replication Controllers Replication Replication Replication Controller Controller Controller Pod Pod Pod Pod Pod #pods = 1 #pods = 2 frontend frontend version = v2 version = v1 version= v1 version = v1 version = v2 show: version = v2 show: version = v2 Behavior Benefits Keeps Pods running Recreates Pods, maintains desired state ● ➔ Gives direct control of Pod #s Fine-grained control for scaling ● ➔ Grouped by Label Selector Standard grouping semantics ● ➔ #kubernetes @tekgrrl

  35. Replication Controller Replication Controllers Canonical example of control loops Replication Controller Have one job: ensure N copies of a pod - Name = “nifty-rc” if too few, start new ones - Selector = {“App”: “Nifty”} ● - PodTemplate = { ... } if too many, kill some ● - NumReplicas = 4 group == selector ● Replicated pods are fungible How Start 1 How many? more many? No implied order or identity ● 4 3 OK API Server #kubernetes @tekgrrl

  36. Container Liveness Process Level: Kubelet checks with Docker that Container is running App Level: User defined health checks: HTTP Health checks (Kubelet calls ● a Web Hook) Container Exec (Kubelet runs ● command in container) TCP Socket (Kubelet attempts to ● open a socket to the container) #kubernetes @tekgrrl

  37. Services A logical grouping of pods that perform the same function Client • group == selector Choice of pod is random but supports session affinity (ClientIP) Portal (VIP) Gets a stable virtual IP and port • also a DNS name Hide complexity - ideal for non-native apps Pod Pod Pod Container Container Container Container #kubernetes @tekgrrl

  38. Canary Example Replication Replication Replication Replication Controller Controller Pod Pod Controller Controller Pod Pod Pod version = v1 frontend frontend version = v2 #pods = 2 #pods = 1 version= v1 version = v1 version = v2 type = FE type = FE type = FE show: version = v2 show: version = v2 Service Service VIP Label selector: Label selectors: type = FE version = 1.0 type = Frontend #kubernetes @tekgrrl

  39. Mapping to Kubernetes MySQL php php python php Client memcache d #kubernetes @tekgrrl

  40. I still have questions about state! Database In a cluster of ephemeral containers Application state must exist outside of the container #kubernetes @tekgrrl

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are not going to be the answer to preventing your application from being compromised, but they can limit the damage from a compromise. How do

823 views • 25 slides
Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com Containers are great Containers are resource efficient Containers make deployment easy Containers can be monitored easily Containers are secure But are

508 views • 38 slides
Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega @jmortegac Agenda Introduction to containers security Linux Containers(LXC) Docker Security Security pipeline &amp;&amp; Container

807 views • 57 slides
SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54 What are Containers? A package/image that can be deployed anywhere (thats running a Linux Kernel) Developers create a layered image of their

996 views • 53 slides
Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at BlaBlaCar pgDay Paris, Mar 15, 2018 BlaBlaCar Overview Todays agenda PostgreSQL usage at BlaBlaCar Switching to a new implementation

844 views • 40 slides
Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have become popular replacing many Physical / Virtual Machine use cases But: The persistent storage problem for containers is still not fully solved

1.01k views • 17 slides
Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change An Approach Required Software Processes Cultural Changes Additional Concerns Lessons Learned Why This Talk? Containers are

678 views • 49 slides
Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs Google Wisdom: VMs and Containers are similar but different Try running containers in VMs for security Containers are best for scale-out

314 views • 17 slides
our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can make us way more efficient containers can save us money on hosting containers sound interesting company founded in 2013

848 views • 30 slides
The proposed containers are &quot;Flat-pack&quot; type. Disassembled and reduced as

The proposed containers are &quot;Flat-pack&quot; type. Disassembled and reduced as

CON-IMEX CONTAINERS 2009 AKAR Logistics 70 Beecham Court Owings Mills, MD 21117 USA Sophia Akar Tel: + 410-961-7232 / + 410-961-0327 Fax: + 410-356-8267 sophia@akarlogistics.com 1 / 20 GENERAL The proposed containers are

313 views • 20 slides
Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk

Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk

Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk Introductions David Porter Fairport Containers Director Steve Collinson Managing Director Fairport Containers Ltd Tam Unsworth Recycling Banks

552 views • 28 slides
Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt

Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt

Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt Innsbruck Innsbruck Nov 2018 Overview Preliminaries Why containers Understanding Containers vs. Virtual Machines Comparison of

482 views • 37 slides
Alm dos Containers na Nuvem QConSP - Containers &amp; Devops 26 April 2017 Guilherme Rezende

Alm dos Containers na Nuvem QConSP - Containers &amp; Devops 26 April 2017 Guilherme Rezende

Alm dos Containers na Nuvem QConSP - Containers &amp; Devops 26 April 2017 Guilherme Rezende Globo.com About me Software Engineer at Globo.com/Tsuru @guilhermebr (GitHub) in/guilhermebr (LinkedIn) @gbrezende (Twitter) Agenda Cloud Native

636 views • 45 slides
100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar -

100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar -

100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar - Facts &amp; Figures Infrastructure Ecosystem - 100% containers powered carpooling Todays agenda Stateful Services into containers - MariaDB as

463 views • 45 slides
Containers, VMs, and Clouds: Containers &amp; Clouds &amp; VMs: OH My Oh My! Mike Coleman,

Containers, VMs, and Clouds: Containers &amp; Clouds &amp; VMs: OH My Oh My! Mike Coleman,

Containers, VMs, and Clouds: Containers &amp; Clouds &amp; VMs: OH My Oh My! Mike Coleman, Technology Evangelist Docker @mikegcoleman Who Am I? Technology evangelist at Docker Former: Puppet, VMware, MSFT, Intel, and HP First

390 views • 25 slides
Unprivileged GPU containers on a LXD cluster GPU-enabled system containers at scale Stphane

Unprivileged GPU containers on a LXD cluster GPU-enabled system containers at scale Stphane

Unprivileged GPU containers on a LXD cluster GPU-enabled system containers at scale Stphane Graber Christian Brauner LXD project leader LXD maintainer @stgraber @brau_ner https://stgraber.org https://brauner.io

394 views • 12 slides
Speaker Profile Speaker Profile Information Technology Hesham Tamraz Technology

Speaker Profile Speaker Profile Information Technology Hesham Tamraz Technology

Speaker Profile Speaker Profile Information Technology Hesham Tamraz Technology consultant specializing in non-profits. for Non-Profits Former Information Technology (IT) Director at a national association for 8 years (1991 1999)

70 views • 4 slides
Sergeant at Arms Training Session www.toastmasters.org Sergeant at Arms TRAINING DISTRICT 37

Sergeant at Arms Training Session www.toastmasters.org Sergeant at Arms TRAINING DISTRICT 37

Sergeant at Arms Training Session www.toastmasters.org Sergeant at Arms TRAINING DISTRICT 37 TLI EAST RALEIGH, NC JANUARY 17, 2015 Sergeant at Arms (SAA) Sergeant at Arms Role Sergeant at Arms Responsibilities Sergeant at Arms

874 views • 21 slides
Welcome Web Application Security MIT Security Camp August 21, 2003. Boston, MA. Chris Lambert

Welcome Web Application Security MIT Security Camp August 21, 2003. Boston, MA. Chris Lambert

Next: Who am I? Welcome Web Application Security MIT Security Camp August 21, 2003. Boston, MA. Chris Lambert &lt;chris@ccs.neu.edu&gt; http://www.clambert.org/talks/ 1 Previous: Welcome Next: Why this talk? Who am I? A bit about me

747 views • 26 slides
CS 188: Artificial Intelligence Introduction Instructors: Anca Dragan, Sergey Levine University

CS 188: Artificial Intelligence Introduction Instructors: Anca Dragan, Sergey Levine University

CS 188: Artificial Intelligence Introduction Instructors: Anca Dragan, Sergey Levine University of California, Berkeley (slides adapted from Dan Klein, Pieter Abbeel) Today o What is artificial intelligence? o Where did it come from? o What can

829 views • 54 slides
Alliance for Childrens Rights Technical Details Call-in number is (562) 247-8321 and

Alliance for Childrens Rights Technical Details Call-in number is (562) 247-8321 and

Megan Stanton-Trehan Education Program Attorney Alliance for Childrens Rights Technical Details Call-in number is (562) 247-8321 and access code is 154-403-306. To submit questions, click on your Questions panel, type your question

766 views • 8 slides
CI with Cassandra, Portworx, Gitlab and DC/OS Background Background node1 node2 node3

CI with Cassandra, Portworx, Gitlab and DC/OS Background Background node1 node2 node3

CI with Cassandra, Portworx, Gitlab and DC/OS Background Background node1 node2 node3 Continuous Integration Run tests change CI (code) Data changes too Bidirectional CI Run tests change change CI (code) (data) Portworx

657 views • 14 slides
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security

Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security

Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger 1

489 views • 28 slides
Approximate matching Ben Langmead Department of Computer Science You are free to use these

Approximate matching Ben Langmead Department of Computer Science You are free to use these

Approximate matching Ben Langmead Department of Computer Science You are free to use these slides. If you do, please sign the guestbook (www.langmead-lab.org/teaching-materials), or email me (ben.langmead@gmail.com) and tell me brie fl y how

549 views • 16 slides

More recommend