Docker + App Container = ocp
- 1. Docker + App Container -> OCP
23 June 2015
Alex Toombs
Software Engineer, Apcera
- 2. Who am I?
@ Apcera > 2 years
Platform Lead
Deployment, packaging, auditability
Not only microservice-based apps: legacy stacks, too
(...but not the focus today)
- 3. About Apcera
Develop a platform for enterprises to manage applications & services
Golang users! (>90% Go code in our main repo, since ~ August 2012)
Wrote our own container implementation (using common techs like cgroups,
namespaces)
Digest Docker/ACI/whatever images to run (polyglot stacks welcome)
- 9. Original title: killed by shykes!
Awesome announcement yesterday: OCP!
Open Container Project (under the Linux Foundation)
First reference implementation: runC
Apcera's down with OCP!
Lots of big backers (Docker, Amazon, Google, Microsoft, CoreOS, etc.)
- 11. Docker: past
History: dotCloud's Docker project started in ~ early 2013
dotCloud has been around ~8 years; struck a chord with Docker
Docker: quickly became synonymous with containers
- 13. Docker: past
docker/dockerrepo, v0.9.0: https://github.com/docker/docker/releases/tag/v0.9.0
March 10, 2014
6739 commits
"Add the pure Go libcontainer library to make it possible to run containers..."
"Add native exec driver which uses libcontainer and make it the default exec
driver."
LXC -> libcontainer
- 14. Docker: present
500,000,000 containers downloaded (according to Dockercon)
16,339 commits (post-lunch, today)
Many products: Engine, Compose, Swarm, Machine, Notary, etc.
Plugins are powerful
OCP! (more later)
- 15. Docker: future
Microkernels (just kidding)
Heavy focus on trust around containers (big criticism; tarsums, signatures, etc)
Support more platforms (e.g. Microsoft, for Windows Server)
libcontainer -> runC?
- 17. appc: origins
CoreOS started appc project to define a spec for containers
Trust at the core; use common tools like pgp/tar/shasum for image
verification/portability
Independent from CoreOS, maintained by 6 people (up until recently!)
rkt: reference implementation
- 19. appc: pieces
App Container Image: what image is run
App Container Image Discovery: how to find images
App Container Pod: what a deployable, executable unit is
App Container Executor: how pods are executed
- 20. appc + Apcera: Kurma
Apcera question: what to do with container runtimes?
libcontainer vs rkt vs our own tech vs something else...
Spec was attractive; well-defined interface
DNS discovery protocol: awesome!
Decentralized distribution vs centralized registry
- 24. OCP: open questions
Image spec: what will that look like? (ACI, we hope)
Registry v2: pertains to above
Future of rkt
Future of libcontainer
Security scanning of images (mentioned briefly yesterday)
- 25. OCP + Apcera: ?
Committed to improving the spec
Provide feedback/PRs
Very interested in image verification (notary is cool, but independent)
Policy for allowed sets of keys, maybe?
Doesn't replace Docker; Docker has the distribution down
- 26. Thank you
23 June 2015
Alex Toombs
Software Engineer, Apcera
alex@apcera.com(mailto:alex@apcera.com)
@alextoombs(http://twitter.com/alextoombs)
See you at Gophercon!