Innovating Out In The Open - OSCON 2016

Innovating Out In The Open - OSCON 2016

• 1.
  Innovating Out inthe Open Phil Estes, IBM <[email protected]> Twitter/IRC: @estesp
• 2.
  Phil Estes Senior TechnicalStaff Member IBM Open Cloud Technologies @estesp > Docker core engine maintainer > Member of “Docker Captains” program > 10+ years involved in Linux/OSS > Interests: cloud/containers/Linux Intro Key upstream accomplishments > Brought user namespace support to the Docker engine > Helped design v2.2 image specification with multi-platform support > Implemented first tool to create multi-platform images in Docker v2.3 registry
• 3.
  Open Container Initiative(OCI) • A Linux Foundation Collaborative Project • Free from control by any particular vendor’s specific cloud stack or ecosystem • Includes a specification, reference runtime* and now, a specified image format An open governance structure for creating open industry standards: a common container runtime and image format. *seeded with runc + libcontainer by Docker
• 4.
  OCI: Specs andStatus > Runtime specification: Release 0.5.0 / April 2016 https://github.com/opencontainers/runtime-spec/releases/tag/v0.5.0 Goal is to reach a 1.0 release by mid-June Includes required core for containerization on Linux & Windows > Image format specification: Release 0.1.0 / May 2016 https://github.com/opencontainers/image-spec/releases/tag/v0.1.0 Seeded with Docker registry v2.2 specification Work just beginning in the repository; 0.1 is a “stake in the ground” ▪ Announced June 20th, 2015 ▪ Charter signed on December 8th, 2015 ▪ 46 current member companies ▪ Target of a 1.0 specification (runtime) by June https://opencontainers.org https://github.com/opencontainers
• 5.
  Introduction to > isa client wrapper around libcontainer > Libcontainer is the OS level interface for containers Other platforms and architectures can implement the libcontainer API via their own primitives/system-level container concepts
• 6.
  Runc In TheWild ▪ CloudFoundry Garden OCI implementation - https://github.com/cloudfoundry-incubator/guardian - Uses runc as a backend for container execution ▪ Docker 1.11 (and above) - Switched from direct libcontainer API linkage to calling runc as container executor - Uses containerd as a gRPC daemon to disconnect Docker daemon (API/mgmt) from container execution (allows daemon restart in future without container runtime impact)
• 7.
  runC: An openinnovation platform for containers Implement low-level container features ▪ Operating system level features should be defined in the OCI runtime specification ▪ New capabilities (PID cgroup controls, checkpoint/restore, seccomp) implemented in runC OCI compliance/pluggable execution engine ▪ Implement a OS/environment for containers via an OCI spec compliant binary ▪ Examples: runz (Solaris zones), runv (hypervisor-based), Intel Clear Containers Iterative container configuration test/debug ▪ Simple variant of “Docker-like” containers with less friction for quick modifications ▪ Low bar for dependencies: single binary + physical rootfs bundle + JSON config
• 8.
  Let’s Demo What I’mgoing to show you: →
• 9.
  OCI Futures - Imageformat specification - Just getting underway - More users and contributed implementations - runC innovations moving into higher level implementations - Checkpoint+restore under consideration for exposure via Docker API - Seccomp, user namespaces, and PID limits are prior examples - What do you plan to do with OCI and/or runC?
• 10.
  Questions? @estesp github.com/estesp [email protected] https://integratedcode.us IRC: estesp CONTACTINFO