Introduction to LinuxKit - Docker Bangalore Meetup
1. Introduction to
Ajeet S Raina - @ajeetsraina
Sr. Systems Development Engineer @ DellEMC
Docker Captain – http://www.collabnix.com
July 1, 2017 - Docker Bangalore Meetup #33
2. Agenda
- What is LinuxKit and what problem does it solve for us?
- A Brief about LinuxKit Tooling System
- A Peep into YAML ~ Building Block of LinuxKit
- LinuxKit Supported Platform
- A Quick Look at LinuxKit Packaging System
- Moby Playground ~ Play with Moby(PWM)
- Demo
- What’s Coming Next?
5. An Era of Immutable Delivery
"In the Cloud, we know exactly what we want a server to be,
and if we want to change that we simply terminate it and
launch a new server with a new AMI".
Netflix, Building with Legos, 2011
6. Problem Statement
“Not every platform provide Linux Subsystem”
~ Solomon Hykes
Non-standard Linux OS shipped by Cloud Platforms
Concerns around –
➢ Portability
➢ Security
➢ Incompatibility
7. LinuxKit
- A Toolkit for building LEAN, PORTABLE & SECURE operating systems for
containers
LinuxKit ~
A LEAN Linux Subsystem
- Minimal size, minimal boot
time
- All system services are
containers
- Everything can be removed
or replaced
LinuxKit ~
A PORTABLE Linux Subsystem
- Desktop, Server, IoT,
Mainframe
- Intel & ARM(others)
- Bare Metal & Virtualized
- On-premises & in Cloud
LinuxKit ~
A SECURE Linux Subsystem
- Only works with containers
- Smaller attack surface
- Immutable Infrastructure
- Specialized patches &
Configurations
8. LinuxKit GITHUB Statistics
Stars 2932
Fork 304
Contributors 54
Commits 3885
Commits (per week) 50+
Contributors(External) 54
Number of Blog posts A lot..
9. LinuxKit Tooling
moby build
Moby Tool
• A Tool for assembling a customised ,
modular & containerised application
• YAML files that defines the whole system
through the set of containers
• Can generate range of output formats
LinuxKit
• A tool to push and Run LinuxKit OS /
VM Images
• Support various backends & options
to push it directly to Cloud Platform
linuxkit push linuxkit run
10. moby Tool – YAML Input
- Specify the part of RootFS
- Boots up First User space (INIT process)
- runC & ContainerD to Run & Manage Containers
- Defines Linux Kernel (Long Term Support) config
- Kernel Command Line for Serial & Virtual Terminal
- One Shot containers to run during the boot process to
get IP address.
- Allows specifying multiple On boot service containers
which gets executed in sequence during the boot time
- This runs as daemon(as in the traditional Linux
System) – Keeps running in the background
- Allow specifying capabilities for the container( like
binding to the host networking namespace etc.)
- Cryptographically verified by content trust
12. Anatomy of Packages
Different Ways of Building packages
- Straight DockerHub Images( e.g. redis or nginx)
- Wrapper around Hub Images , typically a shell script)
- Custom Base Images ( mostly Alpine Linux)
- Custom Packages with just one binary
For LinuxKit Base Packages
- Built from Known Alpine Base Image
- Extensive Use of Multi-Stage Builds to keep package small (Standard Makefile)
- Tagged with Content Hash (only push if changed)
- Contain template for CAPS etc. for simpler YAML files
13. LinuxKit Packaging System
- Packages are just container images stored on DockerHub ( or private registries)
- Base packages provided by Linuxkit are under ./pkg directory
- Stored in hub at LinuxKit Org
- Utilizes Docker Content Trust(aka Notary)
- Utilizes Security Scanning
18. Further Reading
- Why Infrakit & LinuxKit are better together for Building Immutable
Infrastructure?
- Running LinuxKit on AWS Platform made easy
- A Quick Look at LinuxKit Packaging System
- LinuxKit 101: Getting Started with LinuxKit for Google Cloud Platform
- When Moby Meet Kubernetes for the first time
- Test-Drive LinuxKit OS on Oracle VirtualBox running on macOS Sierra
https://github.com/linuxkit/linuxkit
19. What’s Coming Next?
- More Containerd Integration ~ Image Store
- More Blueprints ~ Docker for Windows, Azure, AWS
- Better Focus on Cloud Integration
- Health/Monitoring
- ARM64 Support
- Bare Metal Support to be improved
- CI Improvements ~ Push Packages
- Least Privilege System daemons
- Better Infrakit Integration
- Swarmd Documentation