Containers How to get started … and win Martin Sauvé Solutions Architect, msauve@redhat.com

This eliminated the N x M matrix problem Shipping industry had the same problem when transferring goods from A to B Solution: Definition of a standard size container Loaded with virtually any goods Can be loaded, stacked, transported efficiently ....

… and more :-) Use the right tool for the right Job.

This eliminated the N x M matrix problem DEV OPS

Why do I Care ? Each group cares for different reasons… Business Financial Capital Human Capital Change Budget Time to Market Development Quicker Deployments Better Deployments Scale Deployments Operations Better Rollbacks/Versions Simplified Infrastructure Governance and Control Risk Mitigation

The Basics What is a container ? A file A process A file server

Containers A File (1/2) - Abstraction Guest Container Image User Space User Space Layer of Abstraction Containerization Kernel Space Kernel Space Layer of Abstraction Virtualization Hypervisor Host/Hypervisor

Containers A File (2/2) - Layers Tomcat 8 Your Tomcat 8 Config Web Application 1 Tomcat 8 Tomcat 8 Your Tomcat 8 Config Web Application 2 Your Tomcat 8 Config Light Weight Portable Low Footprint Web Application 1 Web Application 2

Containers A “Special” Process Isolation Security Portability Kernel Space User Space RAM System Calls Regular Linux Process Process Disk Kernel Space User Space RAM Container System Calls Containerized Process Process Disk

Containers A File Server (1/2) Container Image User Space Registry Server Container Image User Space Host 1 Host 2 Container Image Container Image Container Image User Space User Space User Space Container Image Kernel Space Kernel Space User Space

Containers A File Server (1/2) Container Image User Space Registry Server Container Image User Space Container Image User Space Container Image User Space Host 1 Developer Laptop Container Image Server User Space DEV What is inside the container Container Image OPS What is outside the container User Space Kernel Space

Open source project conceived by DotCloud Red Hat, Google and IBM are the top contributors. Many other participants including Docker Fear of a single vendor lock-in has led to the creation of the Open Container Initiative (OCI) Red Hat is a major contributor to OCI and wants an industry standard Focus Portability Not Vendor Specific Backward Compatibility with Docker Format Not a full spec, relies on other projects to provide OS Kernel Container images Orchestration Management Security

Container Ecosystem (1/2) DOCKER Image Format, Registry and Runtime Docker Daemon Leverages Images Layered Images Focus on security, isolation and control Multi-OS Multiple contributors Highest Adoption De-facto standard GARDEN Layer of abstraction for containerization Leverages BuildPacks Whole Image Requires OS specific backend Used by Cloud Foundry Foundation RKT Relative newcomer – good for innovation No Daemon, relies on OS Introduced Application Container Supports AppC, OCI and Docker Format Introdices Spec (appc) Appc to define: how and image is downloaded, crypto and executed Red Hat involved in appc upstream. Appc focus is on container not Application

Container Ecosystem (2/2) runC Low level container runtime Reference Open Container Initiative Implementation User must understand how to download an image, how to encrypt Higher level tools are typically needed to prepare the container Docker 1.11.0+ and Garden uses runC has the underlying implementation

2 Minutes DEMO!

Docker Summary DOCKER Good! But we need more! A packaging format Resource Isolation Large ecosystem Good! But we need more!

The Problem….. Host .. Host .. Host .. Host 1 Host .. Host .. Host ..

Container Orchestration and Management

Container Orchestration A few approaches…. Red Hat Registry OS Layer … Third Party Registry Runtime Framework Layer Application Image Kernel Space Your Registry Custom Application 1 Focus on Standardization Large Ecosystem Wide Adoption Standard Tooling Provided by Platform Fixed OS Provided by Platform Application Image Runtime Buildpacks Kernel Space Custom Application 1

Introducing Kubernetes “helmsman” or “pilot” in Greek. Root of “governor” and “cybernetic” in English Google Open Source Project started in 2014 Google and Red Hat are top contributors Most Adopted Container Orchestration Platform Today Kubernetes projects to orchestrate Docker, RKT and Open Containers

Kubernetes Cluster Dev Node Node Node Master Node Node Node Ops api etcd scheduler Node Node Node Ops controllers Logger Kubernetes origins come from Borg & Omega. Google’s container/cluster management solutions. Google launches 2 billion containers per week. Red Hat is the largest contributor to Kubernetes outside of Google. We support Kubernetes for enterprise customers via Openshift Enterprise. developers.redhat.com

Replication Controller Kubernetes Concepts Replication Controller Service Label Pod Ensures that a specified number of pod replicas are running at any one time Grouping of pods, act as one, has stable virtual IP and DNS name Key/Value pairs associated with Kubernetes objects (e.g. env=production) One or More Containers Shared IP Shared Storage Volume Shared Resources Shared Lifecycle

Random Facts Pods A group of whales is commonly referred to as a pod and a pod usually consists a group of whales that have bonded together either because of biological reasons (i.e. a mother baring offspring and raising her child) or through friendships developed between two or more whales. In many cases a typical whale pod consists of anywhere from 2 to 30 whales or more. http://www.whalefacts.org/what-is-a-group-of-whales-called/

Key Kubernetes Capabilities Self-healing Horizontal Manual & Auto Scaling Automatic Restarting Scheduled across hosts Built-in load-balancer Rolling upgrades

5 Minutes DEMO!

Kubernetes What it is not Application framework: it does not limit or dictate a language runtime (Java, Python, PHP…) or an architecture style (12-factor applications, Cloud-Native, N-Tier…). Middleware : No message-buses, database, storage patterns, data processing framework…. No service catalog: No marketplace, application templates, service catalog Not a monitoring, alerting or logging system Non-opiniated about developer workflows and tooling

Routing Layer Registry Node Node Node Dev Persistent Storage Master API Server Kubernetes SDN Overlay Network SCM (Git/Svn) OpenShift - Deployments - Builds - ImageStreams Node Node Node CI/CD Automation Controllers - Scheduler - Replication - Services - Builds - Routes - Deployment Logger Ops Service Layer Openshift extras are highlighted in red Virtual Physical Private Public

OpenShift value for traditional and modern apps New app architectures (Microservices) Continuous Integration and Delivery (DevOps) Self-service for developers with IT Ops control Consistent mgmt of containers, virtualization and cloud Replatform existing apps on cloud infrastructure (Hybrid Cloud) SYSTEMS OF RECORD SYSTEMS OF DIFFERENTIATION SYSTEMS OF INNOVATION OpenShift Enterprise & Dedicated target enterprise customers who... Need to increase agility and embrace DevOps Threatened by smaller, more innovative upstarts Need faster and more efficient application delivery Struggling with DIY app deployment tools & VM sprawl Modernize their middleware and application platforms Move off of WebSphere, Weblogic and other legacy technologies Need to reduce IT spend Dealing with new & legacy applications, operational inefficiency & underutilized hardware Need hybrid cloud solutions Can’t move most of their apps to public cloud OpenShift Online targets... Startups & independent developers who want rapid, easy deployment & hosting Enterprise developers who want to evaluate OpenShift