DockerCon 2014: Thoughts on interoperable containers
1 like1,818 views
Docker is driving the popularization of Linux containers, but there are many different container managers out there, such as LXC and lmctfy. Not to mention different PaaS being built on top of these technologies. How great would it be if applications were portable to all (or most of) those different providers and container managers with little or no effort? This talk will discuss some ideas of what needs to be done for it to happen and what the community can do to help.
DockerCon 2014: Thoughts on interoperable containers
- 1. interoperable containers Fabio Kung fabio@heroku.com https://www.flickr.com/photos/usnavy/8612337045
- 2. Please don't continue. Go see this instead: http://fabiokung.com/2014/06/11/my-dockercon-2014-talk
- 3. Fabio, Runtime Systems at I run linux containers.
- 5. write once, run everywhere Sun Microsystems (?)
- 6. write once, debug everywhere (?)
- 10. Docker wants... docker logo usage follows guidelines published at http://www.docker.com/marks_and_logos/
- 14. trying to make Docker secure for multi-tenant scenarios is a can of worms darren0, at #docker-dev
- 17. apt-get install
- 18. vi /etc/
- 19. mount -t fancy
- 24. () the kernel grants all capabilities to the initial process in a user namespace, this does not mean that process then has superuser privileges within the wider system. (It may, however, mean that unprivileged users now have access to exploits in kernel code that was formerly accessible only to root, ...) Michael Kerrisk, Namespaces in operation, part 6: more on user namespaces", LWN.net
- 25. if (getuid() == 0) { // do root stuff }
- 26. just don't run as root?
- 27. also SUID
- 31. arch, OS, image size,
- 32. containers/container-rfc 揃 GitHub A vendor neutral format for Linux container images and runtime
- 39. Buildpacks app source + base image
- 40. FROM heroku/cedar ADD . /buildpack ONBUILD ADD . /app ONBUILD RUN /buildpack/bin/compile /app ONBUILD ENV PORT 5000 ONBUILD EXPOSE 5000
- 44. #!/usr/bin/env make -f buildpath := .build buildpackpath := $(buildpath)/pack buildpackcache := $(buildpath)/cache build: $(buildpackpath)/bin $(buildpackpath)/bin/compile . $(buildpackcache) $(buildpackcache): mkdir -p $(buildpath) mkdir -p $(buildpackcache) curl -O https://codon-buildpacks.s3.amazonaws.com/.../go.tgz mv go.tgz $(buildpath) $(buildpackpath)/bin: $(buildpackcache) mkdir -p $(buildpackpath) tar -C $(buildpackpath) -zxf $(buildpath)/go.tgz
- 45. ruby = "https://codon-buildpacks.s3.amazonaws.com/.../ruby.tgz" app_container "myapp" do buildpack ruby git_url "git@mycompany.com:myapp.git" end define :app_container, name: nil, buildpack: nil, git_url: nil do # ... execute "#{name} buildpack compile" do command "#{dir}/.build/pack/bin/compile #{dir} .build/cache" end end
- 46. container centric: whole image app centric: builds as a mapping layer recap: the container revolution
- 47. Thank you! fabio@heroku.com All images used in this presentation are under a Creative Commons License, unless otherwise noted https://www.flickr.com/photos/compacflt/5948542359