SlideShare a Scribd company logo

Docker + App Container = ocp

Apcera
Apcera

The document discusses Docker and app containers, and introduces the new Open Container Project (OCP). It provides background on Docker and appc/CoreOS, and summarizes Apcera's use of container technologies. The creation of OCP is seen as positive, aiming to define common standards while different implementations remain. Key open questions for OCP include the image specification and future of projects like rkt and libcontainer.

Related slideshows

Docker
DockerDocker
Docker
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko
 
Modern Container Orchestration (Without Breaking the Bank)
Modern Container Orchestration (Without Breaking the Bank)Modern Container Orchestration (Without Breaking the Bank)
Modern Container Orchestration (Without Breaking the Bank)
 
1 of 27
Download to read offline
Docker + App Container -> OCP 23 June 2015 Alex Toombs Software Engineer, Apcera
Who am I? @ Apcera > 2 years Platform Lead Deployment, packaging, auditability Not only microservice-based apps: legacy stacks, too (...but not the focus today)
About Apcera Develop a platform for enterprises to manage applications & services Golang users! (>90% Go code in our main repo, since ~ August 2012) Wrote our own container implementation (using common techs like cgroups, namespaces) Digest Docker/ACI/whatever images to run (polyglot stacks welcome)
Docker + App Container = ocp
Hosted Slides http://present.croissant.buffalo.im/apceraMeetup/apceraMeetup.slide#1 (on Continuum)
Docker vs CoreOS
Docker vs CoreOS By Evrik and Mets501 [Public domain], via Wikimedia Commons
Docker vs CoreOS Just kidding! We're all friends now
Original title: killed by shykes! Awesome announcement yesterday: OCP! Open Container Project (under the Linux Foundation) First reference implementation: runC Apcera's down with OCP! Lots of big backers (Docker, Amazon, Google, Microsoft, CoreOS, etc.)
Docker
Docker: past History: dotCloud's Docker project started in ~ early 2013 dotCloud has been around ~8 years; struck a chord with Docker Docker: quickly became synonymous with containers
Docker: past docker/dockerrepo, v0.1.0: https://github.com/docker/docker/releases/tag/v0.1.0 March 23, 2013 527 commits dotCloud -> Docker LXC (Linux Containers)
Docker: past docker/dockerrepo, v0.9.0: https://github.com/docker/docker/releases/tag/v0.9.0 March 10, 2014 6739 commits "Add the pure Go libcontainer library to make it possible to run containers..." "Add native exec driver which uses libcontainer and make it the default exec driver." LXC -> libcontainer
Docker: present 500,000,000 containers downloaded (according to Dockercon) 16,339 commits (post-lunch, today) Many products: Engine, Compose, Swarm, Machine, Notary, etc. Plugins are powerful OCP! (more later)
Docker: future Microkernels (just kidding) Heavy focus on trust around containers (big criticism; tarsums, signatures, etc) Support more platforms (e.g. Microsoft, for Windows Server) libcontainer -> runC?
appc
appc: origins CoreOS started appc project to define a spec for containers Trust at the core; use common tools like pgp/tar/shasum for image verification/portability Independent from CoreOS, maintained by 6 people (up until recently!) rkt: reference implementation
appc: tenets Composable Secure Decentralized (!) Open
appc: pieces App Container Image: what image is run App Container Image Discovery: how to find images App Container Pod: what a deployable, executable unit is App Container Executor: how pods are executed
appc + Apcera: Kurma Apcera question: what to do with container runtimes? libcontainer vs rkt vs our own tech vs something else... Spec was attractive; well-defined interface DNS discovery protocol: awesome! Decentralized distribution vs centralized registry
Future: Open Container Project (OCP)
OCP (http://opencontainers.org/)
OCP Reference implementation: https://github.com/opencontainers/runc Heavily libcontainer flavored No image spec yet (adopting from appc?) Highly in flux! (just over a day old, publicly) Spec: emphasis on "working code" for moving spec forward
OCP: open questions Image spec: what will that look like? (ACI, we hope) Registry v2: pertains to above Future of rkt Future of libcontainer Security scanning of images (mentioned briefly yesterday)
OCP + Apcera: ? Committed to improving the spec Provide feedback/PRs Very interested in image verification (notary is cool, but independent) Policy for allowed sets of keys, maybe? Doesn't replace Docker; Docker has the distribution down
Thank you 23 June 2015 Alex Toombs Software Engineer, Apcera alex@apcera.com(mailto:alex@apcera.com) @alextoombs(http://twitter.com/alextoombs) See you at Gophercon!
Docker + App Container = ocp

More Related Content

Docker + App Container = ocp

  • 1. Docker + App Container -> OCP 23 June 2015 Alex Toombs Software Engineer, Apcera
  • 2. Who am I? @ Apcera > 2 years Platform Lead Deployment, packaging, auditability Not only microservice-based apps: legacy stacks, too (...but not the focus today)
  • 3. About Apcera Develop a platform for enterprises to manage applications & services Golang users! (>90% Go code in our main repo, since ~ August 2012) Wrote our own container implementation (using common techs like cgroups, namespaces) Digest Docker/ACI/whatever images to run (polyglot stacks welcome)
  • 7. Docker vs CoreOS By Evrik and Mets501 [Public domain], via Wikimedia Commons
  • 8. Docker vs CoreOS Just kidding! We're all friends now
  • 9. Original title: killed by shykes! Awesome announcement yesterday: OCP! Open Container Project (under the Linux Foundation) First reference implementation: runC Apcera's down with OCP! Lots of big backers (Docker, Amazon, Google, Microsoft, CoreOS, etc.)
  • 11. Docker: past History: dotCloud's Docker project started in ~ early 2013 dotCloud has been around ~8 years; struck a chord with Docker Docker: quickly became synonymous with containers
  • 12. Docker: past docker/dockerrepo, v0.1.0: https://github.com/docker/docker/releases/tag/v0.1.0 March 23, 2013 527 commits dotCloud -> Docker LXC (Linux Containers)
  • 13. Docker: past docker/dockerrepo, v0.9.0: https://github.com/docker/docker/releases/tag/v0.9.0 March 10, 2014 6739 commits "Add the pure Go libcontainer library to make it possible to run containers..." "Add native exec driver which uses libcontainer and make it the default exec driver." LXC -> libcontainer
  • 14. Docker: present 500,000,000 containers downloaded (according to Dockercon) 16,339 commits (post-lunch, today) Many products: Engine, Compose, Swarm, Machine, Notary, etc. Plugins are powerful OCP! (more later)
  • 15. Docker: future Microkernels (just kidding) Heavy focus on trust around containers (big criticism; tarsums, signatures, etc) Support more platforms (e.g. Microsoft, for Windows Server) libcontainer -> runC?
  • 16. appc
  • 17. appc: origins CoreOS started appc project to define a spec for containers Trust at the core; use common tools like pgp/tar/shasum for image verification/portability Independent from CoreOS, maintained by 6 people (up until recently!) rkt: reference implementation
  • 19. appc: pieces App Container Image: what image is run App Container Image Discovery: how to find images App Container Pod: what a deployable, executable unit is App Container Executor: how pods are executed
  • 20. appc + Apcera: Kurma Apcera question: what to do with container runtimes? libcontainer vs rkt vs our own tech vs something else... Spec was attractive; well-defined interface DNS discovery protocol: awesome! Decentralized distribution vs centralized registry
  • 21. Future: Open Container Project (OCP)
  • 23. OCP Reference implementation: https://github.com/opencontainers/runc Heavily libcontainer flavored No image spec yet (adopting from appc?) Highly in flux! (just over a day old, publicly) Spec: emphasis on "working code" for moving spec forward
  • 24. OCP: open questions Image spec: what will that look like? (ACI, we hope) Registry v2: pertains to above Future of rkt Future of libcontainer Security scanning of images (mentioned briefly yesterday)
  • 25. OCP + Apcera: ? Committed to improving the spec Provide feedback/PRs Very interested in image verification (notary is cool, but independent) Policy for allowed sets of keys, maybe? Doesn't replace Docker; Docker has the distribution down
  • 26. Thank you 23 June 2015 Alex Toombs Software Engineer, Apcera alex@apcera.com(mailto:alex@apcera.com) @alextoombs(http://twitter.com/alextoombs) See you at Gophercon!