the 7 characteristics of container-native infrastructure · “[W]e’ve really embraced chatops at...

SecurityManagement Networking IntrospectionPerformance Utilization

the 7 characteristics of container-native infrastructure

herehas…

who

container?built a

container?run a

containerrun a

in production?

yeah?

you run it?where’d

in a VMyou ran it

didn’t you?

https://twitter.com/philsturgeon/status/560974462091538432







































https://twitter.com/tjbyte/status/560984424037093377























container-native!that’s not

container-nativeinfrastructure

7 characteristics of

@misterbissontweet questions to

native?Container-

containerUnit of compute

containersProvision

VMs…not

bare metalContainers run on

VMs…not in

containersPay for

VMs…not

Our simple app

Nginx

Couchbase

Node

audiofprint

Deploy that app

Nginx

Couchbase

Node

audiofprint

Nginx

Couchbase

Node

audiofprint

VM-native Container-Native

VM: 2 vCPU / 7.5GB RAM

Now scale it

CouchbaseCouchbase

Nginx Node

audiofprint

Nginx Node

audiofprint

VM: 2 vCPU / 7.5GB RAMVM: 2 vCPU / 7.5GB RAM

VM-native Container-Native

Nginx

Couchbase

Node audiofprint

Nginx

Couchbase

Node audiofprint

VM: 2 vCPU / 7.5GB RAMVM: 2 vCPU / 7.5GB RAM

What’s that bill?

VM-native 4 VMs

8 containers

$0.560/hour $403.20/month

Container-native 0 VMs

8 containers

$0.315/hour $226.66/month

have to bewhy does it

that way?

mostinfrastructure

twoscenario

pick

two:• elasticity • security • performance

pick


pick

bare metal{


pick

hardware virtual

machine{

container-nativeinfrastructure

threescenario

pick

three:• elasticity • security • performance

pick

bare metal

containers{

but

the kernelsupports it

only if

only if

the kernelsupports it

only if

–Docker's Jérôme Petazzoni

http://www.slideshare.net/jpetazzo/is-it-safe-to-run-applications-in-linux-containers

http://stackoverflow.com/a/26304928

–Travis CI’s Sven Fuchs

http://stackoverflow.com/questions/26299552/travis-sudo-is-disabled/26304928#26304928

http://stackoverflow.com/a/26304928

not Docker’sfault

it’s

the kernel’sfault

it’s

breath for a moment

are wedoing this?

why

foundationcontainers are the

foundationnot the goal

containers are the

http://stackshare.io/500px/how-500px-serves-up-over-500tb-of-high-res-photos




it didn’torphotos

happen

it didn’torphotos

happen

it doesn’torrepo

work

it doesn’tor

work

public repo

withpublic repo

1. Dockerfile 2. docker-compose.yml 3. documentation, etc…

wait

stopwait

stopwait

the audience says…

how

proprietary codein a public repo?

can i put

proprietary codei argue back

but that’s not

“For our Go microservices, we use Travis CI to run tests and to create Debian packages as build artifacts. Travis uploads these packages to S3, and then another system pulls them down, signs them, and imports them into our private Apt repository. We use FPM to create packages, and Aptly to manage our repos.”

“[W]e’ve really embraced chatops at 500px, so we've scripted the use of those tools into our beloved and loyal Hubot friend, BMO. Anyone at 500px can easily deploy the site or a microservice with a simple chat message like bmo deploy <this thing>.”

that’s1. public APIs & open source tools 2. glue code / infrastructure as code 3. secrets & configuration details

so, either1. the glue code really is proprietary 2. they didn’t have time 3. it doesn’t work 4. the secrets are baked into the code 5. it runs on pets and can’t be

deployed repeatably

http://www.slideshare.net/bcantrill/leaping-the-chasm-from-proprietary-to-open-a-survivors-guide

http://www.slideshare.net/bcantrill/leaping-the-chasm-from-proprietary-to-open-a-survivors-guide

so, either1. the glue code really is proprietary 2. they didn’t have time 3. it doesn’t work 4. the secrets are baked into the code 5. it runs on pets and can’t be

deployed repeatably

fix thatplease

we need1. immutable infrastructure 2. repeatable installs 3. separate config from code

container-nativemakes it possible

container-nativemakes it real

developing for

breath for a moment

promised youa list

i

the unit of computeis a container

1:

you provisioncontainers

2:

the containers runon bare metal

3:

the kernel offersreal security4:

no escapeno incursion

that means

porouscontainers

non-

the containers are protectedfrom noisy neighbors

5:

48 cores of bare metalif a single container can

dominate them all?

what’s the point of

every container getsa VNIC

6:


6:

(or two)


6:

(or three)


6:

(or more)

well-connected containeris a happy container

because a

You pay forcontainers

7:

You pay forcontainers

7:

(not VMs)

science fictionthis is not

state of the artthis is

availablenow

this is

actuallynot new at all

this is

http://us-east.manta.joyent.com/jmc/public/opensolaris/ARChive/PSARC/2002/174/zones-design.spec.opensolaris.pdf
























































































































































































































































































container spectrum

bare metal alternatives to hardware VMs

container spectrum

infrastructure containers

container spectrum

application containers

bare metal alternatives to hardware VMs

container spectrum

Docker


container spectrum

Docker


multi-process Docker containers

container spectrum

Docker

infrastructure containersslimmed-down


container spectrum

Docker



slimmed-down infrastructure containers

container spectrum

Docker



slimmed-down infrastructure containers

they’re all

good

breath for a moment

container-nativemakes it possible

container-nativemakes it real

developing for

and

container-nativemakes it fastand

hostsno more

petsno more

lifecycleno more

management

pay foronly

what you use

breath for a moment

The best place to run containers. Making Ops simple and scalable.



Public Cloud Triton Elastic Container Service. We run our customer’s mission critical applications on container native infrastructure

Private Cloud Triton Elastic Container Infrastructure is an on-premise, container run-time environment used by some of the world’s most recognizable brands


Public Cloud Triton Elastic Container Service. We run our customer’s mission critical applications on container native infrastructure

Private DataCenter Triton Elastic Container Infrastructure is an on-premise, container run-time environment used by some of the world’s most recognizable brands

it’s open source!fork me, pull me: https://github.com/joyent/sdc

https://github.com/joyent/sdc

how do yousecure it for

So…

bare metal?

Container anatomy

Applicationpackage

Runtimeenvironment

Container anatomy

Applicationpackage

Executiondriver

Container anatomy

Applicationpackage

LXC }Dock

er

Container anatomy

Applicationpackage

libcontainer }Dock

er

Container anatomy

Applicationpackage

appc }Rock

et

Container anatomy

Applicationpackage

runC }O

pen

Cont

ainer

Fou

ndat

ion

Container anatomy

Applicationpackage

SmartOSZone

}Dock

er o

n Tri

ton

can i run myLinux images

So…

on Triton?

yes!

https://insights.ubuntu.com/2015/06/18/certified-ubuntu-images-now-optimized-for-joyent-triton-containers/


























































































































































Demotime


thank you

the 7 characteristics of container-native infrastructure1. the unit of compute is a container 2. you provision containers 3. the containers run on bare metal 4. the containers are multi-tenant bare metal secure 5. every container gets its share 6. every container gets one or more VNICs 7. you pay for containers

Date post:	22-May-2020
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times

the 7 characteristics of container-native infrastructure · “[W]e’ve really embraced chatops at...

Documents