Professional Documents
Culture Documents
Scott McCarty
Principal Product Manager, Containers
07/17/2018
BASIC INFO
Introduction - Linux Container Internals
● Wifi
○ SSID: HyattMR
○ Password: linux2019
● Labs
○ https://learn.openshift.com/training/lci-olf
Introduction
● We will use a completely hosted solution called Katacoda for this lab:
○ All you need is a web browser and Internet access
○ Instructions, code repositories, and terminal will be provided to a real, working virtual machine
○ All code is clickable, all you have to do is click on it and it will paste into the terminal
○ The environment can be reset at any time by refreshing (very nice)
○ Don’t be intimidated by bash examples, there is a lot of gymnastics to make sure the lab can
be run just by clicking. Feel free to ask me about bash stuff.
● At Red Hat we encourage networking and we'd like you to spend 2 to 3 minutes introducing
yourselves to the person(s) next to you. Say what company or organization you're from, and what
you're looking to learn from this tutorial.
Container Hosts
Container runtimes, engines, daemons
Container Registries
Sharing and collaboration
Container Orchestration
Distributed systems and containers
Intermediate Architecture
Production environments
Important corrections
● Containers do not run ON docker.
Containers are processes - they run
on the Linux kernel. Containers are
Linux processes (or Windows).
● The docker daemon is one of the
many user space tools/libraries that
talks to the kernel to set up
containers
VS.
In action:
● Number of daemons & programs
working together
○ dockerd
○ containerd
○ runc
In action:
● Takes user specified options
● Pulls image, expands, and parses
metadata
● Creates and prepares CNI json blob
● Hands CNI blob and environment
variables to one or more plugins
(bridge, portmapper, etc)
gVisor is:
● Written in golang
● Runs in userspace
● Reimplements syscalls
● Reimplements hardware
● Uses 9p for storage
Concerns
● Storage performance
● Limited syscall implementation
Scott McCarty Twitter: @fatherlinux Blog: bit.ly/fatherlinux
KubeVirt
Extension of Kubernetes for running VMs
KubeVirt is:
● Custom resource in Kubernetes
● Defined/actual state VMs
● Good for VM migrations
● Uses persistent volumes for VM disk
KubeVirt is not:
● Stronger isolation for containers
● Part of the Container Engine
● A replacement Container Runtime
● Based on container images
Intermediate Architecture
Production environments
2008: 2013:
LINUX DOTCLOUD
CONTAINER BECOMES
PROJECT (LXC) DOCKER
1979: 2000:
2003: 2013:
2005:
2001: FULL RELEASE 2007: 2013: 2014:
LINUX -VSERVER OF SOLARIS GPC RENAMED DOTCLOUD PYCON GOOGLE
PROJECT ZONES CGROUPS LIGHTNING TALK KUBERNETES
1979
2000
2005
2010
Where are we going?
2015:
2016
2017
2018
ARCHITECTURE
The Internet is WRONG :-)
Important corrections
● Containers do not run ON docker.
Containers are processes - they run
on the Linux kernel. Containers are
Linux.
● The docker daemon is one of the
many user space tools/libraries that
talks to the kernel to set up
containers
74
Containers Are Open
7
5
Standards Are Well Governed
7
6
OVERVIEW OF THE DIFFERENT STANDARDS
Vendor, Community, and Standards Body driven
Allows users to build container The container engine is OCI compliant runtimes can OCI compliant runtimes can be
images with any tool they responsible for creating the consume the config.json and built for multiple operating
choose. Different tools are good config.json file and unpacking root filesystem, and tell the systems including Linux,
for different use cases. images into a root file system. kernel to create a container. Windows, and Solaris
==
AND
● A standard way for the Kublet to communicate with the Container Engine
○ Container Runtime Interface (CRI) - the protocol between the Kubelet and Engine
● A daemon which communicates with CRI
○ gRPC Server - a daemon or shim which implements this server specification
● A standard way for humans to interface with the gRPC server to troubleshoot and debug
○ cri-ctl - a node based CLI tool that can list images, view running containers, etc
skopeo
Linux &
Multi Node OpenShift CRI-O
Kubernetes
3 years of updates
PHP 7.1
Stream
3 years of updates
PHP 7.2
Stream
Rolling Stream
rhel8
Fast Stream
2 years of updates
V1
Stable Stream
2 years of updates
V2
Stable Stream
OpenShift 4.X
Support updates
Kubernetes 1.13
CRI-O 1.13
Support updates
Kubernetes 1.14
CRI 1.14
Support updates
Kubernetes 1.15
CRI-O 1.15
1979: 2000:
2003: 2013:
2005:
2001: FULL RELEASE 2007: 2013: 2014:
LINUX -VSERVER OF SOLARIS GPC RENAMED DOTCLOUD PYCON GOOGLE
PROJECT ZONES CGROUPS LIGHTNING TALK KUBERNETES
1979
2000
2005
2010
CONTAINER INNOVATION IS NOT FINISHED
2015:
2016
2017
2018
THANK YOU
plus.google.com/+RedHat facebook.com/redhatinc
linkedin.com/company/red-hat twitter.com/RedHatNews
youtube.com/user/RedHatVideos
Code for Attendance + Session Survey
AMER -
UNIVERSAL
BASE 1. InAttendance
the mobile app, go to the My
page by clicking “More”
RHTE Attendee
SPZCZ
3. Tap Save to submit your PIN
116
Code for Attendance + Session Survey
AMER -
PODMAN
1. In the mobile app, go to the My RHTE Attendee
Attendance page by clicking “More”
at the bottom navigation bar
2. On the My Attendance page, please
enter the below PIN code in the
designated box
JYHFB
3. Tap Save to submit your PIN
117
Mounts
Copy on write vs. bind mounts
10:15AM—10:25AM 11:35AM—12:05PM
INTRODUCTION CONTAINER ORCHESTRATION
10:25AM—10:40AM 12:05PM—12:15PM
ARCHITECTURE CONCLUSION
10:40AM—11:05AM
CONTAINER IMAGES
11:05AM—11:35PM
CONTAINER HOSTS