App Container · App Container Spec noun A new, open specification for running applications in...

github.com/coreos/rocketrocket-dev@googlegroups.com

App Containergithub.com/appc

appc-dev@googlegroups.com

Jonathan Boullegithub.com/jonboulle@baronboulle

App Container (appc)github.com/appc

appc-dev@googlegroups.com

appc != Rocket

App Container Spec nounA new, open specification for running

applications in containers

Containers?!

KERNELSYSTEMDSSH

PYTHONJAVANGINXMYSQLOPENSSL

dist

ro d

istr

o di

stro

dis

tro

dist

ro d

istr

o di

stro

dis

tro

dist

ro d

istr

o di

stro

APP

KERNELSYSTEMDSSH

LXC/DOCKER/ROCKET

PYTHONJAVANGINXMYSQLOPENSSL

dist

ro d

istr

o di

stro

dis

tro

dist

ro d

istr

o di

stro

dis

tro

dist

ro d

istr

o di

stro

APP

Application Containersself-contained

portabledecoupled from operating system

appc principlesWhy are we doing this?

OpenIndependent GitHub organisation

Contributions from Cloud Foundry, Mesosphere, Google, Red Hat

(and many others!)

Simple but efficientSimple to understand and implement, but eye to optimisation (e.g. content-based

caching)

SecureCryptographic image addressing

Image signing and encryptionContainer identity

Standards-basedWell-known tools (tar, gzip, gpg, http), extensible with modern technologies

(bittorrent, xz)

ComposableIntegrate with existing systems

Non-prescriptive about build workflowsOS/architecture agnostic

appc components

Image FormatApplication Container Imagetarball of rootfs + manifest

uniquely identified by ImageID (hash)

Image DiscoveryApp name →artefact

HTTPS + HTML

Executorgrouped applicationsruntime environment

isolatorsnetworking

Metadata Servicehttp://$AC_METADATA_URL/acMetadata

container metadatacontainer identity (HMAC verification)

appc tooling

$ actool buildrootfs + manifest → ACI

$ actool validateis this ACI compliant with the spec?

$ actool discoverexample.com/app -> https://example.

com/releases/app.aci

ACE validatoris this executor compliant with the spec?

$EXECUTOR run ace_validator.aci

appc community

cdaylward/libappcC++ library for working with app containers

cdaylward/noseconeC++ executor for running app containers

(sidenote: mesos)https://issues.apache.org/jira/browse/MESOS-2162

3ofcoins/jetpackFreeBSD Jails/ZFS-based executor

(by @mpasternacki)

sgotti/acidoACI toolkit (build ACIs from ACIs)

appc/docker2acidocker2aci busybox/latest

docker2aci quay.io/coreos/etcd

appc/goacigoaci github.com/coreos/etcd

appc statusStabilisingv0.3.0+git

TODO: pods, isolators

github.com/coreos/rocketrocket-dev@googlegroups.com

implementation of appcdiscoveryexecutor

metadata service

golang + Linuxself-contained

init system agnostic

CLI onlyno daemon

apps run directly under spawning process

bash

rkt

application

runit

rkt

application

systemd

rkt

application

upstart

rkt

application

Rocket internalsmodular architecture

execution divided into stagesstage0 → stage1 → stage2

stage0rkt binary

discover, retrieve application imagesset up container filesystems

stage1execution environment for apps

container rootfs + init binaryapp process management, cgroups,

metadata service

stage2actual app execution

rocket v0.1.0first version (announcement)

somewhat limited..

rkt fetchrkt fetch https://example.com/my_app.aci

rkt fetch coreos.com/etcd:v2.0.0.rc1simple CAS on disk

rkt runrkt run coreos.com/etcd:v2.0.0-rc.1

rkt run ./my-app.acirkt run sha512-fcdf125873...

rocket v0.3.2+gitwhat's new?

new commands!rkt enterrkt list

rkt statusrkt gc

rkt trust

rkt enter, listenter the namespaces of an application

list containers on the system

rkt status, rkt gcfile-based locking (flock)

mark-and-sweep gc (time based)

rkt trusteasily manage public ACI signing keys

rkt trust --prefix coreos.com/etcdrkt trust --root https://foo.com/key.asc

stage1 as ACIno more go-bindata

swappable execution environmentsdistribution packaging friendly!

Docker image supportrkt run docker://redis:latest

Rocket Crash course!

rocket v0.4.0+what's coming?

networking"it's complicated"

networkingIP-per-pod

extensible plugin-based systemhttp://goo.gl/lQA9PB

host systemd integration$ machinectl list

$ machinectl terminate

developer environmentsinteractive containers

filesystem diffs → new ACI

Kubernetesgithub.com/GoogleCloudPlatform/kubernetes/issues/2725

http://goo.gl/kJTj96

App Container+

get involved!GitHub: "help wanted" label

Questions?

Credits

● SpaceX Falcon 9 Landing by Elon Musk ● Golang gopher by Renee French, licensed

under CC BY 3.0● Tux by Larry Ewing, Simon Budig and Anja

Gerwinski