2. Containersare...
Speedy
Quick creation, update,
and uninstall cycle
Request and provision
in milliseconds
Manageable
Containers take the
complexity out of
bundling, distributing
and installing
applications
Easy
Simple and easy to use
and maintain
Secure?
What about security
and isolation? Can a
container include
hardware isolation like
a Virtual Machine?
2
4. Server hardware
Linux* Kernel
Container A Container CContainer B
Middleware
App App App
Middleware Middleware
4*Other names and brands may be claimed as the property of others.
6. Server hardware
Linux* Kernel
Container A Container CContainer B
Middleware
App App App
Middleware Middleware
*Other names and brands may be claimed as the property of others. 6
8. Server hardware
Linux Kernel
Container A
Middleware
(A)
App
Intel® VT-x
Linux* Kernel
(A)
Container B
Middleware
(de-duplicate of A)
App
Linux Kernel
(de-duplicate of A)
Container C
Middleware
(C)
App
Linux Kernel
(C)
Intel® VT-x Intel® VT-x
Intel®ClearContainersandIntel®VirtualizationTechnology
(Intel®VT-x)
8*Other names and brands may be claimed as the property of others.
9. ClearContainers,CreateacontinuumbetweencontainersandVMs
Before Intel® Clear Containers
“Hot”“Old & Stale”
Intel® Clear Container with
Intel® Virtualization Technology
(Intel® VTx)
Container
Technology
After Intel Clear Container
9*Other names and brands may be claimed as the property of others. The nominative use of third party logos
serves only the purposes of description and identification.
*
*
13. 13
UpstreamandDownstreamProliferation Goals
*Other names and brands may be claimed as the property of others. The nominative use of third party logos
serves only the purposes of description and identification.
CNI CNM
ISV’s
+
Integrators
* *
15. Traditional Intel Clear
Containers
rootfs
QEMU*
Intel® ClearContainersvstraditionalVMs
KVM*
Kernel <v4.0
Kernel
Clear Linux
rootfs
QEMU-lite
KVM*
Kernel >=v4.0
Clear Linux
kernel
QEMU-lite is optimized
for size and speed.
We use a recent KVM,
it is optimized for
memory sharing (KSM)
and boot speed.
The Clear Linux kernel
is optimized for
container boot
performance.
The Clear Linux user
space is optimized for
further container boot.
StandardDistro
CCMini-OS
HostClient/Container
Optimizations
15*Other names and brands may be claimed as the property of others.
Host
17. Intel® ClearContainersaddsanewruntimeforDocker*
Intel Clear Containers
provide a plugin
replacement of runc with
cor, our OCI runtime.
17*Other names and brands may be claimed as the property of others. The nominative use of third party logos
serves only the purposes of description and identification.
dockerd -D --add-runtime cor=/usr/bin/cc-oci-runtime --default-runtime=runc
25. ClearContainers–Quickstart
- Clear Containers can be run within privileged Docker* containers
- Images available with Fedora*, Ubuntu*, and Clear Linux as the host OS
- https://hub.docker.com/u/clearcontainers/
- Trying out the images:
sudo docker run -it --privileged clearcontainers/clearlinux
docker run -it debian
25*Other names and brands may be claimed as the property of others.
26. ClearContainers–Installing onfedora*
dnf install cc-oci-runtime linux-container
- Configure clear containers to be the default runtime:
ExecStart=/usr/bin/dockerd --add-runtime cor=/usr/bin/cc-oci-runtime --
default-runtime=cor
https://github.com/01org/cc-oci-runtime/wiki/Installing-Clear-Containers-on-Fedora-25
26*Other names and brands may be claimed as the property of others.
27. ClearContainers:GetInvolved
Start Here!
• https://clearlinux.org/containers
Check us out on GitHub*! Join the conversation!
• https://github.com/clearcontainers
• IRC: #clear-containers on Freenode*
• Mailing list: https://lists.01.org/mailman/listinfo/cc-devel
27*Other names and brands may be claimed as the property of others.