Containers

July 2015 ยท 7 minute read

These are some resources grouped together to make life easy for me to follow up with containers and orchestration technologies. So have fun ^_^.

Docker

Docker is the most popular engine that support linux container and let you manage linux conatiner easy.

Usefull commands:

Remove all stopped containers:

sudo docker rm $(sudo docker ps -a -q)

Remove all untagged images:

sudo docker rmi $(sudo docker images | grep "^<none>" | awk "{print $3}")

Docker Compose is for running and configuring multi-containers.

Docker stats API released on docker 1.5. It is a CLI command that will stream live resource usage information (such as CPU, memory, network IO and block IO) for your containers.

Docker Logentries Container provides out of the box dashboards, alerts and tags for your stats API data per container.

CoreOS

It is an operating system focused on containers and designed for clustering. It has autoupdate to the system.

This is why CoreOS seperated from Docker:

When Docker was first introduced to us in early 2013, the idea of a “standard container” was striking and immediately attractive: a simple component, a composable unit, that could be used in a variety of systems. The Docker repository included a manifesto of what a standard container should be. This was a rally cry to the industry, and we quickly followed. Brandon Philips, co-founder/CTO of CoreOS, became a top Docker contributor, and now serves on the Docker governance board. CoreOS is one of the most widely used platforms for Docker containers, and ships releases to the community hours after they happen upstream. We thought Docker would become a simple unit that we can all agree on.

Unfortunately, a simple re-usable component is not how things are playing out. Docker now is building tools for launching cloud servers, systems for clustering, and a wide range of functions: building images, running images, uploading, downloading, and eventually even overlay networking, all compiled into one monolithic binary running primarily as root on your server. The standard container manifesto was removed. We should stop talking about Docker containers, and start talking about the Docker Platform. It is not becoming the simple composable building block we had envisioned.

rkt is an alternative to the Docker runtime, designed for server environments with the most rigorous security and production requirements. rkt is oriented around the App Container specification, a new set of simple and open specifications for a portable container format.

etcd is a highly-available key value store for shared configuration and service discovery. Incorporated with Kubernetes.

Raft algorithm offers a generic way to distribute a state machine across a cluster of computing systems, ensuring that each node in the cluster agrees upon the same series of state transitions. It is used in etcd to distribute the state of clusters. Be sure to watch this. An Introduction to Raft (CoreOS Fest 2015)

flannel is an overlay network that gives a subnet to each machine for use with Kubernetes.

Clair is a tool to monitor the security of containers,

Orchestration of containers

  • Kubernetes is the container orchestration software originally developed by Google. Ater release number 1.0, Google gives Cloud Native Computing Foundation, runs by the Linux Foundation, full control over Kubernetes. Kubernetes Provide autoheal, Out of the box load balance and simple scaling.

Kubernetes work units:

  • A pod is containing 3 things:

    • Collections of one or more containers that work well together.
    • Set of volumes(lifespan of volume is independent of lifespan of the containers).
    • Namespaces that can all containers share.

    It will run on a single host. It can be deployed and scaled as a single application. The general design of pods usually consists of the main container that satisfies the general purpose of the pod, and optionally some helper containers that facilitate related tasks. These are applications that benefit from being run and managed in their own container, but are heavily tied to the main application.

  • replication controllers is a way to handle the lifecycle of containers and ensure there is a replication of a pod as you specified it.

  • service is a unit that acts as a basic load balancer for other containers. It provide a single access that you could expose to customers.

  • Tectonic is a commercial Kubernetes platform. It provides the combined power of the CoreOS portfolio and the Kubernetes project to any cloud or on-premise environment.

  • Magnum providing a container service on openstack. It is an OpenStack API service developed by the OpenStack Containers Team making container orchestration engines such as Docker and Kubernetes available as first class resources in OpenStack. Magnum uses Heat to orchestrate an OS image which contains Docker and Kubernetes and runs that image in either virtual machines or bare metal in a cluster configuration.

  • Fleet is a cluster manager that controls systemd at the cluster level. With fleet, you can treat your CoreOS cluster as if it shared a single init system. Get started with fleet. Incorporated with Magnum. It is no longer maintained

  • Apache Mesos is an open-source cluster manager. It provides efficient resource isolation and sharing across distributed applications, or frameworks. The software enables resource sharing in a fine-grained manner, improving cluster utilization.

  • DC/OS

  • Docker Swarm is native clustering for Docker.

Kubernetes vs Mesos vs Fleet vs Docker Swarm:

Mesos and Kubernetes are largely aimed at solving similar problems of running clustered applications, they have different histories and different approaches to solving the problem.

Mesos focuses its energy on very generic scheduling, and plugging in multiple different schedulers. This means that it enables systems like Hadoop and Marathon to co-exist in the same scheduling environment. Mesos is less focused on running containers. Mesos existed prior to widespread interest in containers and has been re-factored in parts to support containers.

In contrast, Kubernetes was designed from the ground up to be an environment for building distributed applications from containers. It includes primitives for replication and service discovery as core primitives, where-as such things are added via frameworks in Mesos. The primary goal of Kubernetes is a system for building, running and managing distributed systems.

Fleet is a lower-level task distributor. It is useful for bootstrapping a cluster system, for example CoreOS uses it to distribute the kubernetes agents and binaries out to the machines in a cluster in order to turn-up a kubernetes cluster. It is not really intended to solve the same distributed application development problems, think of it more like systemd/init.d/upstart for your cluster. It’s not required if you run kubernetes, you can use other tools (e.g. Salt, Puppet, Ansible, Chef, …) to accomplish the same binary distribution.

Swarm is an effort by Docker to extend the existing Docker API to make a cluster of machines look like a single Docker API. Fundamentally, our experience at Google and elsewhere indicates that the node API is insufficient for a cluster API

Other great articles:

  • 7 Things You Must Be Doing With Docker:

    1. Containers are not VMs.

    It will force you to become more disciplined around decoupling your application components and managing them as microservices.

    1. Containers are not cause enough to abandon your current infrastructure

    VMs excel at supporting traditional, vertically scaling applications that rely heavily on the OS. However, today’s web scale applications need to be able to scale horizontally to deal with web scale traffic, while working together as a single unit. Supporting this with a VM is hard because of the inherent configuration drift that could occur. Solution: Leverage the strong security isolation, performance management of VMs alongside the fast provisioning and high density deployments of containers.

  • A Closer Look at Docker

Open Container Project

OCP will be housed under the Linux Foundation. It is a nonprofit organization that is “chartered to establish common standards for software containers.” Docker is donating both the draft specifications and the code around its image format and runtime engine to get the project started. IT will hopefully solve the conflict of and different standard for linux container standards.

The goal is to not bound to higher level constructs such as a particular client or orchestration stack not tightly associated with any particular commercial vendor or project portable across a wide variety of operating systems, hardware, CPU architectures, public clouds, etc.

Container Specifications:

  • ocp

    • Linux Foundation
    • runC is the implementation of the spec by ocp itself and it is based on docker draft specification and it will evolve.
  • appc:

    • CoreOS
    • rkt is the popular implementations of the spec.
  • libcontainer

    • Docker
    • libcontainer moved to runC.

References: