Moby is an open source project providing a "LEGO set" of dozens of components, the framework to assemble them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
One of these assemblies is Docker CE, an open source product that lets you build, ship, and run containers.
This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios.
We will cover Moby itself, the framework, and tooling around the project, as well as many of it’s components: LinuxKit, InfraKit, containerd, SwarmKit, Notary.
Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.
Video at https://www.youtube.com/watch?v=kDp22YkD6WY
7. Image Registry
CI/CD
Security scan
& sign
Traditional
Third Party
Microservices
docker store
DEVELOPERS IT OPERATIONS
Control Plane
Docker EE Container Platform to Modernize Traditional Apps
and beyond
More Info: Docker.com/MTA
8. Docker Enterprise Edition
Docker Community Edition
containerd
The best container
development workflow
The best enterprise
container security and
management
Docker: Now Powered by Swarm and Kubernetes
Native Kubernetes
integration provides full
ecosystem compatibility
Industry-standard
container runtime
9. Docker Community Edition
Developers EnterpriseContainer Ecosystem
The Docker Innovation Model
Docker Enterprise Edition
9,149 Open Source Contributors 8800 PRs/Year
11. November 2016 containerd
1.0 development starts at
KubeCon
March 2017
containerd contributed to CNCF
at CloudNativeCon
April 2017
LinuxKit + Kubernetes at
DockerCon
Kubernetes + cri-containerd at
Moby Summit
September 2017
libnetwork + CNI at
Open Source Summit
October 2017 Notary
submitted to CNCF
contribution
Q4 2017
Beta of Docker
with Kubernetes support
An Open Source Integration
1 Year in the Making
20. Early History
APRIL 2016 Containerd “0.2” announced, Docker 1.11
DECEMBER 2016Announce expansion of containerd OSS project, roadmap to 1.0
Management/Supervisor for the OCI runc executor
Containerd 1.0: A core container runtime project for the industry
21.
22. runc
containerd
Why Containerd 1.0?
▪ Continue projects spun out
from monolithic Docker engine
▪ Expected use beyond Docker
engine (Kubernetes CRI)
▪ Donation to foundation for
broad industry collaboration
▫ Similar to runc/libcontainer
and the OCI
23. Technical Goals/Intentions
▪ Clean gRPC-based API + client library
▪ Full OCI support (runtime and image spec)
▪ Stability and performance with tight, well-
defined core of container function
▪ Decoupled systems (image, filesystem,
runtime) for pluggability, reuse
24. Requirements
- A la carte: use only what is required
- Runtime agility: fits into different platforms
- Pass-through container configuration (direct OCI)
- Decoupled
- Use known-good technology
- OCI container runtime and images
- gRPC for API
- Prometheus for Metrics
25. Use cases
- CURRENT
- Docker (moby)
- Kubernetes (cri-
containerd)
- SwarmKit (experimental)
- LinuxKit
- BuildKit
- FUTURE/POTENTIAL
- IBM Cloud/Bluemix
- OpenFaaS
- {your project here}
26. containerd 1.0 facts and figures
• 1994 GitHub stars, 401 forks
• 108 contributors
• 8 maintainers from independents and and
member companies alike including Docker,
Google, IBM, ZTE and ZJU .
27. Resources
To participate in containerd: github.com/containerd/containerd
• Getting Started with containerd: http://mobyproject.org/blog/2017/08/15/containerd-
getting-started/
• Roadmap: https://github.com/containerd/containerd/blob/master/ROADMAP.md
• Scope table: https://github.com/containerd/containerd#scope
• Architecture
document: https://github.com/containerd/containerd/blob/master/design/architecture.md
28. LinuxKit
A toolkit for building secure, portable and lean
operating systems for containers
33. What it means for you
Moby helps you
innovate without tying
you to Docker
System BuildersDocker Users
Docker will better leverage
the ecosystem to innovate
faster for you
41. What is it?
47
• Launched at LinuxCon, Berlin in October, 2016.
• Toolkit for building declarative, self-managing distributed
applications
• Active management with active controllers
• scaling groups, rolling updates
• monitoring / health checks
• connecting nodes to L4 / ingress
• Declarative infrastructure
• Proposal to contribute to CNCF 6/20, too soon
42. What is InfraKit
48
• Toolkit for infrastructure automation
• Provisioning and management services for
higher-level systems
• Focus on patterns and automation:
• Convergence to declarative specification
• Scaling groups, rolling updates
• Infrastructure metadata, events
• Immutable infrastructure
Application Definition/ Development
Orchestration & Management
Runtime
Provisioning
Infrastructure (Bare Metal/Cloud)
43. InfraKit in a Cloud Native Ecosystem
49
• Immutable nodes + attached storage
• OS Images - LinuxKit integration
• Devops Deployment Tooling &
Provisioning
• Infrastructure Automation
• Compute - rolling updates, scaling
groups
• Storage
• Network
Provisioning layer + infrastructure automation services
44. InfraKit Use Cases
50
• Day-0 (install), Day-1 (configure) of container orchestrators
• Docker Swarm - Docker for GCP, AWS, Appcelerator/AMP
• Kubernetes
• Day-N automation of infrastructure - provisioning, rolling
updates and capacity scaling.
• A cloud provider for Kubernetes Cluster Autoscaler
• GPU cluster provisioning
• LinuxKit integration for building, deployment of custom OS on
bare-metal or virtualized infrastructure (video).
46. InfraKit Deployment
52
CLI
API
Control Plane
• High availability, single leader
• Can share leader election / spec
storage with higher-level systems:
• Docker swarm mode
• etcd (k8s)
• As Docker or containerd / oci
containers
• Typically “embedded” in control plane
of higher systems as “system”
containers (e.g. LinuxKit image)
47. InfraKit Community: active and growing
• Made public at LinuxCon, Berlin in October, 2016
•1.5K Github stars, 140+ forks
•16 infrastructure providers
•4 maintainers, 4 companies (Docker, IBM, NTT, Axway)
•25 contributors total, 200+ members on slack
•460+ commits, 7 releases, ~50 commits / month
•Meetups: Moby Project Summit, April 20, 2017;
Next: June 19, 2017
53
52. Example: build an autoscaling group
● Pick a plugin to create instances
● Add flavor plugin
● Embed config inside definition of a group.
ID: group/workers
Properties:
Instance:
Plugin: terraform
Properties:
// terraform config here
Flavor:
Plugin: kubernetes/worker
Properties:
// config add-on, etc.
terraform
kubernetes configs
Group RPC API
infrastructure API
Client
53. … across zones / clouds
● Wrap instance plugins with Selector
● Selector selects plugin to provision,
based on weights or spread evenly.
ID: group/workers
Properties:
Instance:
Plugin: selector/weighted
Properties:
aws-us-east/workers:
gcp-us-central/workers:
Options: - aws-us-east:80
- gcp-us-central:20
Flavor:
Plugin: kubernetes/worker
Properties:
// config add-on, etc.
aws-us-east
kubernetes configs
Group RPC API
Client
gcpaws
gcp-us-central
80% 20%
54. … with provisioning priorities
● Tiered selector is just another Instance
● Selects one option after another until
provisioning succeeds.
ID: group/workers
Properties:
Instance:
Plugin: selector/tiered
Properties:
Plugin: vsphere/on-prem-workers:
Properties: // ...
Plugin: aws/ec2-spot-instance:
Properties: // spot price...
Plugin: aws/ec2-instance:
Properties: // on-demand…
Flavor:
Plugin: kubernetes/worker ...
on-prem: vsphere
kubernetes configs
Group RPC API
Client
cloud: AWS spot
cloud: AWS on-demand
Docker has its roots in dev productivitystill lot of work to dosolve it by listening to devs, solving all their pbs one by onelet’s talk about dev problems.
This is compared to “container systems of the past” that were monolithic and tightly coupled
Example: hard to reuse components; e.g. take a Docker graphdriver and use it to implement a volume driver
all components
all assemblies
inviting users, partners the whole ecosystem to join this project and together take container ecosystem to the mainstream
seed this project with 12s of components, an assembly that is very stable and deployed in prod on 1000s nodes
the most important project we have introduced since 2014
not a foundation moby does not own projects
any project can come collab and retain ownership of their code
all components
all assemblies
inviting users, partners the whole ecosystem to join this project and together take container ecosystem to the mainstream
seed this project with 12s of components, an assembly that is very stable and deployed in prod on 1000s nodes
the most important project we have introduced since 2014
not a foundation moby does not own projects
any project can come collab and retain ownership of their code
all components
all assemblies
inviting users, partners the whole ecosystem to join this project and together take container ecosystem to the mainstream
seed this project with 12s of components, an assembly that is very stable and deployed in prod on 1000s nodes
the most important project we have introduced since 2014
not a foundation moby does not own projects
any project can come collab and retain ownership of their code
platform based on containers
Docker uses Moby to innovate in the open.
Each version of Docker will innovate faster
Moore innovation/more choice
all components
all assemblies
inviting users, partners the whole ecosystem to join this project and together take container ecosystem to the mainstream
seed this project with 12s of components, an assembly that is very stable and deployed in prod on 1000s nodes
the most important project we have introduced since 2014
not a foundation moby does not own projects
any project can come collab and retain ownership of their code
platform based on containers
platform based on containers
InfraKit is designed to automate setup and management of infrastructure in support of distributed systems and higher-level container orchestration systems. These are the use cases we currently focus on.
Maintainers from a diverse set of companies: Docker, IBM, NTT, and Axway.
Used in Docker Editions (Docker for AWS, Docker for GCP), Axway Appcelerator
Instance plugin implementation ⇒ to different platform providers.
Diverse set of platforms from bare-metal provisioning (HP OneView, Dell/EMC RackHD) to public clouds (AWS, Alibaba Cloud). Even includes integration with Terraform for even more platform coverage.