Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle and
Faris Al-BadriOracle Sales Consulting Switzerland
Bern, September 2017
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Agenda
Docker Grundlagen
Oracle Docker Images
Oracle Container Strategie
Kubernetes Grundlagen
Oracle Container Management
Q&A
1
2
3
4
5
3
6
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Multi-Dimensional Evolution of Computing
4
Development Process Application Architecture Deployment and Packaging Application Infrastructure
Waterfall Monolithic Physical Server Datacenter
Agile N-Tier Virtual Servers Hosted
DevOps Microservices Containers Cloud
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
The history of Unix containers
5
While Docker has been playing a key role in adoption of the Linux container technology, they did not invent the concept of containers
UNIX V7 added chroot 1979
FreeBSD Jails 2000
Linux vserver 2001
Oracle Solaris Zones 2004
openvz 2005
Process Containers 2006
cgroups in Linux Kernel (2.6.24) 2007
AIX (6.1)WPARS 2007
LCX 2008
Warden 2011
LMCTFY 2013
Docker 2013
rkt 2014
OCI 2015
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Virtual Machines vs. Containers
Virtual Machines● Each virtual machine (VM)
includes the app, the necessary binaries and libraries and an entire guest operating system
Containers● Containers include the app & all of its dependencies,
but share the kernel with other containers. ● Run as an isolated process in userspace on the host OS● Not tied to any specific infrastructure – containers run
on any computer, infrastructure and cloud.
VMs
Containers
6
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Linux Containers (LXC)
Oracle Confidential – Internal 7
• OS-level virtualization method for running multiple Linux systems (i.e. containers) on a single control host
• Does not provide a virtual machine, provides a virtual environment that has its own CPU, memory, block I/O, network, etc. space and the resource control mechanism
• Leverages namespaces and cgroups from Linux kernel
• Better isolation than chroot (not just file-level isolation)
Docker is based on LXC but focus is on easier usability for application packaging, portability and administration
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Docker Architecture
8
• Client – Command line interface (CLI) for communicating with the host
• Daemon – server process that manages Docker objects
• Image – hierarchy of files build by docker
• Container- runnable instance of an image
• Registry – external storage for Images
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Docker on Non-Linux?
Oracle Confidential – Internal 9
Mac OS X• Alpine Linux• Hyperkit
Windows• Hyper-V• Windows Server Containers
Linux• all native
Upcoming: LinuxKit for building portable Linux subsystems
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Docker Engine
Oracle Confidential – Restricted 10
• Container execution and admin
• Uses Linux Kernel namespaces and control groups
• Namespaces provide for isolated workspace
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Docker Images
• An image is a collection of files and some meta data
• Images are comprised of multiple layers, multiple layers referencing/based on another image
• Each image contains software you want to run
• Every image contains a base layer
• Docker uses a copy on write file system
• Layers are read only
11 Oracle Confidential – Restricted
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |12
Dockerfile – Text file used to create Docker images
Example Hello World Dockerfile
FROM nginx:1.10.1-alpine
Add index.html /usr/share/nginx/html/index.html
# Override the nginx start from the base container
COPY start.sh /start.sh
RUN chmod +x /start.sh
ENTRYPOINT ["/start.sh"]
Docker build image CLI example
$ docker build -t helloworld:1.0 .
NOTE: The “.” references Dockerfile in local directory
Source: https://github.com/scottsbaldwin/docker-hello-world/blob/master/Dockerfile
Copyright © 2017 Oracle and/or its affiliates. All rights reserved
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Docker Images
13 Oracle Confidential – Restricted
FROM ubuntu:15.04 COPY . /app RUN make /app CMD python /app/app.py
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Containers and Layers
14
• Container is a runnable instance of an Image
• Multiple containers can share the same (imutable) Image
• Container modifications can be used for building new image
• Container state is lost after stopping
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Data Persistence
15
Host-based persistence per container• container-specific directory is
created with each new container• Removing a container deletes its
directory on host• Docker engine crashing on host will
make the directory unavailable
Host-based persistence shared among container• Shared data volumes outside of
Docker engine’s context• Not deleted when container
removed• Changes made to volumes are not
included in image updates
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Best Practices for Builds
• Containers should be emphemeral (i.e. stateless)
• Use a .dockerignore file for excluding unnecessary file and dirs
• Avoid installing unnecessary packages
• Each container should have only on concern
• Minimize number of layers (sequencing multiple commands)
• Multi-stage builds (since Docker 17.05)
• Combining layers with “--squash” option (still experimental feature)
• Build cache
16
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Why Containers?
18
• Quickly create ready-to-run packaged applications, low cost deployment and replay
• Automate testing, integration, packaging
• Reduce / eliminate platform compatibility issues (“It works in dev!”)
• Support next gen applications (microservices)
• Improve speed and frequency of releases, reliability of deployments
• Makes app lifecycle efficient, consistent and repeatable – configure once, run many times
• Eliminate environment inconsistencies between development, test, production
• Improve production application resiliency and scale out / in on demand
A container is packaged as an entire runtime environment:the service/app plus all dependencies, libraries, & configuration files needed to run it
Portable across environments & lightweight (share the OS)
Developers care because: IT cares because:
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Key Container Use Cases
19
SOURCE: THE EVOLUTION OF THE MODERN SOFTWARE SUPPLY CHAIN, DOCKER SURVEY 2016
• Developer productivity a top use case today
• Building out CI/CD pipelines
– Consistent container image moves through pipeline
– Preventing “it worked in dev” syndrome
• Application modernization and portability are also key adoption drivers (Prem <-> cloud)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Plan
Code
Build
Test
Release
Deploy
Operate
Monitor
The Docker DevOps Cycle
Seen in the DevOps Sales Play –featuring:
• Oracle Developer Cloud Service
– Now Includes Docker Image Build Function
• Oracle Container Cloud Service
– Deploy, Operate, Monitor
Dev CSContainer CS
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 21
The New Docker Pipeline
Developer Local
App Code, Tests, Docker File
Certified Base Docker Images
Docker App ImageRegistry
Test Staging Production
Docker Management & Control
Dev CSContainer CS
Using Docker with Continuous Delivery in Oracle Cloud [CON4824]
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 22
Oracle Container Cloud ServiceManaging Containers Easily on Oracle Public Cloud
Cloud & Container Native
Enterprise Operations Ready
Built-In Collaboration
• Docker Compatible
• One-Click Application Stack Deployment
• Registry Integration
• Build CI/CD Pipelines
• Operations Dashboards
• Container Health Checks
• Service Scaling
• Orchestration & Scheduling Policies
• Resource Pools for Dev, Test, Prod
• Run, Deploy Oracle Certified Docker Images
• Quickstart, Best Practices Included
• Integration REST API
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Container Cloud Service Differentiation
1. Easy Onboarding and Use
2. Example Application Stacks
3. Part of Rich App Dev Portfolio
4. Planned Container Hybrid Cloud with Cloud @ Customer
23
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Support for Docker Running on Oracle Linux (Doc ID 1921163.1)• Oracle support is limited to the version of Docker built by and downloaded from Oracle.
Support is not provided for the upstream binary packages downloaded from the upstream Docker site.
• Oracle support for Docker is limited to customers with either Basic or Premier Oracle Linux Support Subscriptions.
• Oracle only provides Docker server binary packages for Oracle Linux 6 and Oracle Linux 7 (x86_64). Oracle only provides support for Docker with the Unbreakable Enterprise Kernel Release 4 (UEK4), identified by a kernel version of "4.1" or newer.
• Oracle support is limited to severity 2 service requests and lower. Severity 1 service requests will not be accepted for Docker.
• Support is limited to assistance with the initial installation of Docker and subsequent configuration of Docker to enable downloading, creation and running of Dockerizedapplications.
24
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle Docker User Guide
25
https://docs.oracle.com/en/operating-systems/linux.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Support for Oracle Database Running on Docker (Doc ID 2216342.1)
• Oracle plans to certify the latest versions of Oracle Database to run in Docker containers which are built and supported with Oracle Linux and UEK4 as the host.
• Additionally, Oracle will support customers running Oracle Database (single instance) in Docker containers running on Oracle Linux 7 or Red Hat Enterprise Linux 7. Docker binaries are available in the Addons channel for Oracle Linux. Details on Installation can be found in Chapter 2 of the Oracle Linux Docker Users Guide.
• Oracle Database running in a Real Application Clusters (RAC) configuration in Docker containers is NOT supported.
UPDATE (August ‘17): Oracle RAC for Docker early adaptors announced
26
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle Database Images from GitHub
https://github.com/oracle/docker-images/tree/master/OracleDatabase
27
• Oracle DB 12cR2 (12.2.0.1) EE /SE
• Oracle DB 12cR1 (12.1.0.2) EE / SE
• Oracle DB 11gR2 (11.2.0.2) XE
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle Database Images from Docker Store
https://store.docker.com/search?q=oracle&source=verified&type=image
28
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle Database Images from Oracle Registry
https://container-registry.oracle.com
29
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Licensing
Question:
Is Docker an approved hard partitioning technology?
Answer:
No, neither Docker nor Kubernetes nor Docker Swarm are approved hard partitioning technologies. If used to deploy Oracle software all nodes within the cluster will have to be licensed.
30
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle Cloud and Docker Containers
Container CSCompute CS Application Container CS
DIY Container Management
Oracle Managed Container Service
Docker-based Cloud Polyglot Platform
IaaS CaaS PaaS
31Copyright © 2017 Oracle and/or its affiliates. All rights reserved
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Example Stacks
32
OCCS Default Instance
Additional Stacks on Oracle Github
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle Container Cloud Service Architecture
33
OCCS Manager Node
OCCS Worker Node OCCS Worker Node OCCS Worker Node
Image Registry (Public/Private)SSH Access / Console UI / REST API
OCCS Instance
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Container CS Provides Out of the Box Functionality
● Create Instances as Needed
● Define Resource Pools
● Add Private Registries
● Edit Create New Services
● Compose Application Stacks
● Deploy Stacks with 1 Click
● Automated Deployment
● Multi-Host, Easy Scale Out
● Built in Service Discovery
● Integrated Health Checks
● Unified Dashboard
● Monitoring and Auditing
Configuration
Management
Application
Deployment
Container
Orchestration
Operations
Management
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Cloud Service Size / Price Examples
36
ContainerCloudServiceInstanceSizeExamples Small Medium Large ExtraLarge
WorkerNodes* 1 3 10 100
ManagerNode(1requiredforeverycloudinstance) 1 1 1 1
OCPUsperWorkerNode 1 2 2 4
TotalOCPUs 2 7 21 401
Metered-0.1344USDperOCPUperhour $0.27 $0.94 $2.82 $53.89
Non-Metered-75USDperOCPUpermonth $150.00 $525.00 $1,575.00 $30,075.00
*WorkerNodesaresynonymouswiththetermsalsousedtodescribeDockerHosts,CloudServersandComputeVMs
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 37
Demo
Customer Website: https://cloud.oracle.com/Container
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Kubernetes
• Open Source Container Deployment & Management platform started by Google, and part of the CNCF
• Significant community growth and adoption; 1000+ contributors on Github
• Heavy focus on production and operations• Rapid release cadence and feature
expansion• Powerful, language independent platform
for microservices deployment
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Kubernetes Architecture
podnollocated group of containers that share an IP, namespace, storage volume
kubeletnode agent, responsible for running state of containers in pods
kube-proxynetwork router running on each node
API Serverexposes the Kubernetes API, front-end for the Kubernetes control plane
etcdkey-value store for persistent storage of all cluster data
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Configuration
Extensive use of YAML files for configuring pods, services, replicas, …
Example:
40
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Scaling
• Deployments can be scaled via configuration, by command or by autoscaling
• Handled by replication-controller, ensures pods restarts when failing
41
Command:
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Deployments
• Defined via deployment declaration describing desired state of a deployment object
• Typical operations: create, update, rolling updates, roll backs, pause/resume
42
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Services
• Services act a logical bridge between (dynamic) pods and others service or end-users
43
Creating a service will create an endpoint for pods:
ClusterIPvirtual IP address, only reachable from with the cluster (default)
NodePortport that is external reachable
LoadBalancerexternal to Kubernetes cluster, typically set via cloud provider
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Kubernetes Networking
• Kubernetes imposes requirements to networking but does not implement these out of the box
• In Kubernetes expects pods to be able to communicate to each other regardless on which node they are running– The advantage of this model is that it removes the port mapping complexities that come from sharing
a single host IP
• Pods have their own IP address and use these addresses for communication
• Different implementation strategies depending on networking setup
44
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Kubernetes Networking
• Cloud providers offer Virtual Private Cloud allowing for Kubernetes subnet which is added to the VPS routing table
• Container Network Interface (CNI)– Software that provides plugin libraries for network interfaces within containers– Popular solutions: Weave, Calico
• Overlay network– Example: Flannel
45
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 47
Kubernetes in Oracle Linux 7
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 48
Oracle and Wercker
Docker-native CI/CD automation platform for Kubernetes and Microservices deployments
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle Expands Open Source Container Commitment
49