SlideShare une entreprise Scribd logo

Containers @ Google

Victor Marmol
Victor Marmol

Slides from our presentation at the SF Bay Area Large Scale Production Engineering meetup on Lightweight Containers.

Technologie
1  sur  17
Télécharger pour lire hors ligne
Let Me Contain That For You Containers @ Google Victor Marmol (vmarmol@google.com) Rohit Jnagal (jnagal@google.com) SF Bay Area Large-Scale Production Engineering: Lightweight Containers Meetup February 20, 2014 Google Confidential and Proprietary
Containers in the Wild User 1 User 2 User 3 User 4 Linux Kernel ● ● ● ● Used to provide VM-like instances High density (lower costs) and high performance Fast to start Migration is hard, but possible Google Confidential and Proprietary
The Need for Isolation: A Shared Google Machine I/O:CPU:Mem Sensitive Task Front End Task Back End Task Alloc BACKGROUND System Daemons Batch workload TASKS Soaker workload Google Confidential and Proprietary
Containers @ Google SS1 SS2 Sub 2 Task 1 Task 2 Sub 1 Sub 4 Sub 1 SS3 Sub 3 SS4 Sub 3 Sub 2 Alloc 1 Task 1 Task 2 Linux Kernel ● ● ● ● Container-aware tasks use asymmetric subcontainers Provide different guarantees of quality of service Overcommit resources to achieve high utilization Early users, few namespaces, and near-zero overhead Google Confidential and Proprietary
Asymmetric Isolation Isolating only certain resources (e.g., CPU but not memory). CPU Memory Net Container 1 Container 2 Container 3 Google Confidential and Proprietary
Containers @ Google Today ● Historically ○ ○ ○ ● ● ● ● ● 2004: No isolation 2006: Cgroups Now: Namespaces Primarily Linux cgroups + user-space policies and monitoring We skipped VMs due to high overhead Used everywhere: SaaS, PaaS, IaaS; Android, Chrome OS Heterogeneous workloads: Latency, bandwidth, and priority High task churn Google Confidential and Proprietary
Goals ● Isolation ○ Tasks do not impact each other ○ The behavior of a Task is the same regardless of what else is on the machine ● Predictability ○ Tasks behave the same each time they run ○ Unless they are specifically configured to use "slack" ● Quality of Service ○ Different tasks get different quality of resources ● Overcommitment ○ Oversell machine resources within QoS guarantees Google Confidential and Proprietary
lmctfy: Let Me Contain That For You Open source containers stack based on Google’s. github.com/google/lmctfy/ Provides the Container abstraction to higher levels by abstracting away the kernel interfaces. Motivation ● Existing code, systems, and design around containers ● Problems with LXC ○ ○ No abstraction (direct knob exposure) No easy way to access programmatically Google Confidential and Proprietary
lmctfy: Let Me Contain That For You Objectives ● Abstract away enforcement: separate policy from enforcement ● Scalability and parallel access ● Intent-based container specifications ● Asymmetric isolation ● Subcontainer support ● Provides tiers of quality of service System Layers ● CL1 ○ ○ ○ Container abstraction and enforcement Thin and light layer Current lmctfy ● CL2 ○ ○ ○ Sets policy (QoS, overcommitment) Higher level logic, monitoring, and control loops Stateful entity Google Confidential and Proprietary
lmctfy: Fine-tuned resource isolation Current cgroup API is complicated with lots of knobs (each a cgroup file): Common: 5+ files cgroup.clone_children cgroup.event_control cgroup.procs notify_on_release release_agent CPU: 8+ files cpuacct.stat cpuacct.usage cpuacct.usage_percpu cpu.cfs_period_us cpu.cfs_quota_us cpu. rt_period_us cpu.rt_runtime_us cpu.shares cpu.stat Memory: 12+ files memory.failcnt memory.force_empty memory.limit_in_bytes memory.max_usage_in_bytes memory. move_charge_at_immigrate memory.numa_stat memory.oom_control memory.pressure_level memory.soft_limit_in_bytes memory.stat memory.swappiness memory.usage_in_bytes memory. use_hierarchy Cpuset: 12+ files cpuset.cpu_exclusive cpuset.cpus cpuset.mem_exclusive cpuset.mem_hardwall cpuset. memory_migrate cpuset.memory_pressure cpuset.memory_pressure_enabled cpuset. memory_spread_page cpuset.memory_spread_slab cpuset.mems cpuset.sched_load_balance cpuset.sched_relax_domain_level +DiskIO +Net +... Google Confidential and Proprietary
Released 0.4.0 (This Week!) Initial version of lowest layer ● Written entirely in C++ ● Delivered as a CLI and a C++ library (C and Go bindings soon) ● Isolation for CPU, memory, and perf event ● Full support for subcontainers ● “Stateless” and lightweight ● Initial support for namespaces, more to come in the next week. Can be augmented with custom kernel patches ● CPU latency and accounting ● OOM priority Supported configurations ● Target configuration is well supported ● Designed to be flexible, but we test on a limited set of them ● More target configurations being added ● Contributions to add more are welcome Google Confidential and Proprietary
Container Specifications message ContainerSpec { optional int64 owner = 1; optional optional optional optional optional ... CpuSpec cpu = 2; MemorySpec memory = 3; DiskIoSpec diskio = 4; NetworkSpec network = 5; VirtualHost virtualhost = 6; } message CpuSpec { optional ShedulingLatency scheduling_latency = 1; optional uint64 limit = 2; optional uint64 max_limit = 3; ... } Create: “cpu:<limit:1000 max_limit:2000> memory:<limit:4096000 reservation:1024000>” Google Confidential and Proprietary
Cgroup Specifications Create: “cpu:<limit:1000 max_limit:2000 scheduling_latency:PRIORITY> memory:<limit:4096000 reservation:1024000>” equivalent lxc cgroup config: lxc.cgroup.cpu.shares = 2048 lxc.cgroup.cpu.cfs_period_us = 50000 lxc.cgroup.cpu.cfs_quota_us = 10000 lxc.cgroup.cpu.lat = 25 .. cpu performance knobs .. lxc.cgroup.memory.limit_in_bytes = 4096000 lxc.cgroup.memory.soft_limit_in_bytes = 1024000 .. memory performance knobs .. Google Confidential and Proprietary
C++ API ::containers::lmctfy::ContainerApi ● Create ● Get ● Destroy ● Detect ● InitMachine ::containers::lmctfy::Container ● Update ● Run ● Notifications ● List (threads, PIDs, and subcontainers) ● Stats ● Pause/Resume ● KillAll CLI is a thin wrapper around the C++ API Google Confidential and Proprietary
Container Names Path-like hierarchy of container names: Absolute: /parent/self Relative: self when in /parent Container Name Refers To / The root top-level container /sys The sys top-level container /sys/sub The sub subcontainer of the sys top-level container . or ./ The current container (current relative to the calling process) .. The parent container (parent relative to the calling process) ./foo_container or foo_container The foo_container subcontainer of the current container /foo_container The foo_container top-level container Google Confidential and Proprietary
Roadmap Towards Version 1.0 ● Improve VirtualHost support ● Root file systems ● Checkpoint restore ● Support and target most major distros ● Fully compatible with Docker’s use of containers Higher Layer ● Admission control and feasibility checks ● Monitoring, notifications, and statistics ● Tiers of quality of service guarantees Contributions Welcome! Google Confidential and Proprietary
Questions? Repository: https://github.com/google/lmctfy/ Mailing list: lmctfy@googlegroups.com Victor Marmol: vmarmol@google.com Rohit Jnagal: jnagal@google.com Google Confidential and Proprietary

Recommandé

Kubernetes introduction
Kubernetes introductionKubernetes introduction
Kubernetes introductionDongwon Kim
 
Kubernetes Basis: Pods, Deployments, and Services
Kubernetes Basis: Pods, Deployments, and ServicesKubernetes Basis: Pods, Deployments, and Services
Kubernetes Basis: Pods, Deployments, and ServicesJian-Kai Wang
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupKubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupStefan Schimanski
 
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kevin Lynch
 
Deep Dive into Openstack Storage, Sean Cohen, Red Hat
Deep Dive into Openstack Storage, Sean Cohen, Red HatDeep Dive into Openstack Storage, Sean Cohen, Red Hat
Deep Dive into Openstack Storage, Sean Cohen, Red HatCloud Native Day Tel Aviv
 
Kubernetes for Java developers
Kubernetes for Java developersKubernetes for Java developers
Kubernetes for Java developersRobert Barr
 
Monitoring hybrid container environments
Monitoring hybrid container environments Monitoring hybrid container environments
Monitoring hybrid container environments Samuel Vandamme
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 

Recommandé

Kubernetes introduction
Kubernetes introductionKubernetes introduction
Kubernetes introductionDongwon Kim
 
Kubernetes Basis: Pods, Deployments, and Services
Kubernetes Basis: Pods, Deployments, and ServicesKubernetes Basis: Pods, Deployments, and Services
Kubernetes Basis: Pods, Deployments, and ServicesJian-Kai Wang
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupKubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupStefan Schimanski
 
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kevin Lynch
 
Deep Dive into Openstack Storage, Sean Cohen, Red Hat
Deep Dive into Openstack Storage, Sean Cohen, Red HatDeep Dive into Openstack Storage, Sean Cohen, Red Hat
Deep Dive into Openstack Storage, Sean Cohen, Red HatCloud Native Day Tel Aviv
 
Kubernetes for Java developers
Kubernetes for Java developersKubernetes for Java developers
Kubernetes for Java developersRobert Barr
 
Monitoring hybrid container environments
Monitoring hybrid container environments Monitoring hybrid container environments
Monitoring hybrid container environments Samuel Vandamme
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 
Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic OperationSimon Su
 
GlusterFS Cinder integration presented at GlusterNight Paris event @ Openstac...
GlusterFS Cinder integration presented at GlusterNight Paris event @ Openstac...GlusterFS Cinder integration presented at GlusterNight Paris event @ Openstac...
GlusterFS Cinder integration presented at GlusterNight Paris event @ Openstac...Deepak Shetty
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Imesh Gunaratne
 
GlusterFS and Openstack Storage
GlusterFS and Openstack StorageGlusterFS and Openstack Storage
GlusterFS and Openstack StorageDeepak Shetty
 
Docker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshopDocker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshopSathish VJ
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKevin Lynch
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeDocker, Inc.
 
Swarm: Native Docker Clustering
Swarm: Native Docker ClusteringSwarm: Native Docker Clustering
Swarm: Native Docker ClusteringRoyee Tager
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionMiloš Zubal
 
Federated Kubernetes: As a Platform for Distributed Scientific Computing
Federated Kubernetes: As a Platform for Distributed Scientific ComputingFederated Kubernetes: As a Platform for Distributed Scientific Computing
Federated Kubernetes: As a Platform for Distributed Scientific ComputingBob Killen
 
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Docker, Inc.
 
Unleashing k8 s to reduce complexities of an entire middleware platform
Unleashing k8 s to reduce complexities of an entire middleware platformUnleashing k8 s to reduce complexities of an entire middleware platform
Unleashing k8 s to reduce complexities of an entire middleware platformLakmal Warusawithana
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networkingSim Janghoon
 
Kubernetes architecture
Kubernetes architectureKubernetes architecture
Kubernetes architectureJanakiram MSV
 
Kubernetes
KubernetesKubernetes
Kuberneteserialc_w
 
Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1dotCloud
 
Zun project update (boston summit)
Zun project update (boston summit)Zun project update (boston summit)
Zun project update (boston summit)hongbin034
 
Zun presentation (OpenStack Barcelona summit)
Zun presentation (OpenStack Barcelona summit)Zun presentation (OpenStack Barcelona summit)
Zun presentation (OpenStack Barcelona summit)hongbin034
 
Kubernetes
KubernetesKubernetes
KubernetesMeng-Ze Lee
 
Compute 101 - OpenStack Summit Vancouver 2015
Compute 101 - OpenStack Summit Vancouver 2015Compute 101 - OpenStack Summit Vancouver 2015
Compute 101 - OpenStack Summit Vancouver 2015Stephen Gordon
 
LXC on Ganeti
LXC on GanetiLXC on Ganeti
LXC on Ganetikawamuray
 
Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...Codemotion
 

Contenu connexe

Tendances

Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic OperationSimon Su
 
GlusterFS Cinder integration presented at GlusterNight Paris event @ Openstac...
GlusterFS Cinder integration presented at GlusterNight Paris event @ Openstac...GlusterFS Cinder integration presented at GlusterNight Paris event @ Openstac...
GlusterFS Cinder integration presented at GlusterNight Paris event @ Openstac...Deepak Shetty
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Imesh Gunaratne
 
GlusterFS and Openstack Storage
GlusterFS and Openstack StorageGlusterFS and Openstack Storage
GlusterFS and Openstack StorageDeepak Shetty
 
Docker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshopDocker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshopSathish VJ
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKevin Lynch
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeDocker, Inc.
 
Swarm: Native Docker Clustering
Swarm: Native Docker ClusteringSwarm: Native Docker Clustering
Swarm: Native Docker ClusteringRoyee Tager
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionMiloš Zubal
 
Federated Kubernetes: As a Platform for Distributed Scientific Computing
Federated Kubernetes: As a Platform for Distributed Scientific ComputingFederated Kubernetes: As a Platform for Distributed Scientific Computing
Federated Kubernetes: As a Platform for Distributed Scientific ComputingBob Killen
 
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Docker, Inc.
 
Unleashing k8 s to reduce complexities of an entire middleware platform
Unleashing k8 s to reduce complexities of an entire middleware platformUnleashing k8 s to reduce complexities of an entire middleware platform
Unleashing k8 s to reduce complexities of an entire middleware platformLakmal Warusawithana
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networkingSim Janghoon
 
Kubernetes architecture
Kubernetes architectureKubernetes architecture
Kubernetes architectureJanakiram MSV
 
Kubernetes
KubernetesKubernetes
Kuberneteserialc_w
 
Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1dotCloud
 
Zun project update (boston summit)
Zun project update (boston summit)Zun project update (boston summit)
Zun project update (boston summit)hongbin034
 
Zun presentation (OpenStack Barcelona summit)
Zun presentation (OpenStack Barcelona summit)Zun presentation (OpenStack Barcelona summit)
Zun presentation (OpenStack Barcelona summit)hongbin034
 
Compute 101 - OpenStack Summit Vancouver 2015
Compute 101 - OpenStack Summit Vancouver 2015Compute 101 - OpenStack Summit Vancouver 2015
Compute 101 - OpenStack Summit Vancouver 2015Stephen Gordon
 

Tendances (20)

Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic Operation
 
GlusterFS Cinder integration presented at GlusterNight Paris event @ Openstac...
GlusterFS Cinder integration presented at GlusterNight Paris event @ Openstac...GlusterFS Cinder integration presented at GlusterNight Paris event @ Openstac...
GlusterFS Cinder integration presented at GlusterNight Paris event @ Openstac...
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
 
GlusterFS and Openstack Storage
GlusterFS and Openstack StorageGlusterFS and Openstack Storage
GlusterFS and Openstack Storage
 
Docker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshopDocker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshop
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the Datacenter
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to Practice
 
Swarm: Native Docker Clustering
Swarm: Native Docker ClusteringSwarm: Native Docker Clustering
Swarm: Native Docker Clustering
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
Federated Kubernetes: As a Platform for Distributed Scientific Computing
Federated Kubernetes: As a Platform for Distributed Scientific ComputingFederated Kubernetes: As a Platform for Distributed Scientific Computing
Federated Kubernetes: As a Platform for Distributed Scientific Computing
 
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
 
Unleashing k8 s to reduce complexities of an entire middleware platform
Unleashing k8 s to reduce complexities of an entire middleware platformUnleashing k8 s to reduce complexities of an entire middleware platform
Unleashing k8 s to reduce complexities of an entire middleware platform
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networking
 
Kubernetes architecture
Kubernetes architectureKubernetes architecture
Kubernetes architecture
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1
 
Zun project update (boston summit)
Zun project update (boston summit)Zun project update (boston summit)
Zun project update (boston summit)
 
Zun presentation (OpenStack Barcelona summit)
Zun presentation (OpenStack Barcelona summit)Zun presentation (OpenStack Barcelona summit)
Zun presentation (OpenStack Barcelona summit)
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Compute 101 - OpenStack Summit Vancouver 2015
Compute 101 - OpenStack Summit Vancouver 2015Compute 101 - OpenStack Summit Vancouver 2015
Compute 101 - OpenStack Summit Vancouver 2015
 

Similaire à Containers @ Google

LXC on Ganeti
LXC on GanetiLXC on Ganeti
LXC on Ganetikawamuray
 
Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...Codemotion
 
Customize and Secure the Runtime and Dependencies of Your Procedural Language...
Customize and Secure the Runtime and Dependencies of Your Procedural Language...Customize and Secure the Runtime and Dependencies of Your Procedural Language...
Customize and Secure the Runtime and Dependencies of Your Procedural Language...VMware Tanzu
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
 
Deep dive into OpenStack storage, Sean Cohen, Red Hat
Deep dive into OpenStack storage, Sean Cohen, Red HatDeep dive into OpenStack storage, Sean Cohen, Red Hat
Deep dive into OpenStack storage, Sean Cohen, Red HatSean Cohen
 
Introduction to rook
Introduction to rookIntroduction to rook
Introduction to rookRohan Gupta
 
Running PostgreSQL in Kubernetes: from day 0 to day 2 with CloudNativePG - Do...
Running PostgreSQL in Kubernetes: from day 0 to day 2 with CloudNativePG - Do...Running PostgreSQL in Kubernetes: from day 0 to day 2 with CloudNativePG - Do...
Running PostgreSQL in Kubernetes: from day 0 to day 2 with CloudNativePG - Do...DoKC
 
Cloud Native ClickHouse at Scale--Using the Altinity Kubernetes Operator-2022...
Cloud Native ClickHouse at Scale--Using the Altinity Kubernetes Operator-2022...Cloud Native ClickHouse at Scale--Using the Altinity Kubernetes Operator-2022...
Cloud Native ClickHouse at Scale--Using the Altinity Kubernetes Operator-2022...Altinity Ltd
 
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherOSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherNETWAYS
 
How to Puppetize Google Cloud Platform - PuppetConf 2014
How to Puppetize Google Cloud Platform - PuppetConf 2014How to Puppetize Google Cloud Platform - PuppetConf 2014
How to Puppetize Google Cloud Platform - PuppetConf 2014Puppet
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformAll Things Open
 
Container orchestration and microservices world
Container orchestration and microservices worldContainer orchestration and microservices world
Container orchestration and microservices worldKarol Chrapek
 
PGConf.ASIA 2019 Bali - PostgreSQL on K8S at Zalando - Alexander Kukushkin
PGConf.ASIA 2019 Bali - PostgreSQL on K8S at Zalando - Alexander KukushkinPGConf.ASIA 2019 Bali - PostgreSQL on K8S at Zalando - Alexander Kukushkin
PGConf.ASIA 2019 Bali - PostgreSQL on K8S at Zalando - Alexander KukushkinEqunix Business Solutions
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
 
Everything you need to know about containers security
Everything you need to know about containers securityEverything you need to know about containers security
Everything you need to know about containers securityJose Manuel Ortega Candel
 
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemons
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and DaemonsQConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemons
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemonsaspyker
 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container PlatformAll Things Open
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
Ansiblefest 2018 Network automation journey at roblox
Ansiblefest 2018 Network automation journey at robloxAnsiblefest 2018 Network automation journey at roblox
Ansiblefest 2018 Network automation journey at robloxDamien Garros
 

Similaire à Containers @ Google (20)

LXC on Ganeti
LXC on GanetiLXC on Ganeti
LXC on Ganeti
 
Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...
 
Customize and Secure the Runtime and Dependencies of Your Procedural Language...
Customize and Secure the Runtime and Dependencies of Your Procedural Language...Customize and Secure the Runtime and Dependencies of Your Procedural Language...
Customize and Secure the Runtime and Dependencies of Your Procedural Language...
 
Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
 
Deep dive into OpenStack storage, Sean Cohen, Red Hat
Deep dive into OpenStack storage, Sean Cohen, Red HatDeep dive into OpenStack storage, Sean Cohen, Red Hat
Deep dive into OpenStack storage, Sean Cohen, Red Hat
 
Introduction to rook
Introduction to rookIntroduction to rook
Introduction to rook
 
Running PostgreSQL in Kubernetes: from day 0 to day 2 with CloudNativePG - Do...
Running PostgreSQL in Kubernetes: from day 0 to day 2 with CloudNativePG - Do...Running PostgreSQL in Kubernetes: from day 0 to day 2 with CloudNativePG - Do...
Running PostgreSQL in Kubernetes: from day 0 to day 2 with CloudNativePG - Do...
 
Cloud Native ClickHouse at Scale--Using the Altinity Kubernetes Operator-2022...
Cloud Native ClickHouse at Scale--Using the Altinity Kubernetes Operator-2022...Cloud Native ClickHouse at Scale--Using the Altinity Kubernetes Operator-2022...
Cloud Native ClickHouse at Scale--Using the Altinity Kubernetes Operator-2022...
 
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherOSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
 
How to Puppetize Google Cloud Platform - PuppetConf 2014
How to Puppetize Google Cloud Platform - PuppetConf 2014How to Puppetize Google Cloud Platform - PuppetConf 2014
How to Puppetize Google Cloud Platform - PuppetConf 2014
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
 
Container orchestration and microservices world
Container orchestration and microservices worldContainer orchestration and microservices world
Container orchestration and microservices world
 
PGConf.ASIA 2019 Bali - PostgreSQL on K8S at Zalando - Alexander Kukushkin
PGConf.ASIA 2019 Bali - PostgreSQL on K8S at Zalando - Alexander KukushkinPGConf.ASIA 2019 Bali - PostgreSQL on K8S at Zalando - Alexander Kukushkin
PGConf.ASIA 2019 Bali - PostgreSQL on K8S at Zalando - Alexander Kukushkin
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
 
Everything you need to know about containers security
Everything you need to know about containers securityEverything you need to know about containers security
Everything you need to know about containers security
 
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemons
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and DaemonsQConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemons
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemons
 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container Platform
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Ansiblefest 2018 Network automation journey at roblox
Ansiblefest 2018 Network automation journey at robloxAnsiblefest 2018 Network automation journey at roblox
Ansiblefest 2018 Network automation journey at roblox
 

Dernier

Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideStefan Dietze
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfUK Journal
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimaginedpanagenda
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?Paolo Missier
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfFIDO Alliance
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 

Dernier (20)

Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 

Containers @ Google

  • 1. Let Me Contain That For You Containers @ Google Victor Marmol (vmarmol@google.com) Rohit Jnagal (jnagal@google.com) SF Bay Area Large-Scale Production Engineering: Lightweight Containers Meetup February 20, 2014 Google Confidential and Proprietary
  • 2. Containers in the Wild User 1 User 2 User 3 User 4 Linux Kernel ● ● ● ● Used to provide VM-like instances High density (lower costs) and high performance Fast to start Migration is hard, but possible Google Confidential and Proprietary
  • 3. The Need for Isolation: A Shared Google Machine I/O:CPU:Mem Sensitive Task Front End Task Back End Task Alloc BACKGROUND System Daemons Batch workload TASKS Soaker workload Google Confidential and Proprietary
  • 4. Containers @ Google SS1 SS2 Sub 2 Task 1 Task 2 Sub 1 Sub 4 Sub 1 SS3 Sub 3 SS4 Sub 3 Sub 2 Alloc 1 Task 1 Task 2 Linux Kernel ● ● ● ● Container-aware tasks use asymmetric subcontainers Provide different guarantees of quality of service Overcommit resources to achieve high utilization Early users, few namespaces, and near-zero overhead Google Confidential and Proprietary
  • 5. Asymmetric Isolation Isolating only certain resources (e.g., CPU but not memory). CPU Memory Net Container 1 Container 2 Container 3 Google Confidential and Proprietary
  • 6. Containers @ Google Today ● Historically ○ ○ ○ ● ● ● ● ● 2004: No isolation 2006: Cgroups Now: Namespaces Primarily Linux cgroups + user-space policies and monitoring We skipped VMs due to high overhead Used everywhere: SaaS, PaaS, IaaS; Android, Chrome OS Heterogeneous workloads: Latency, bandwidth, and priority High task churn Google Confidential and Proprietary
  • 7. Goals ● Isolation ○ Tasks do not impact each other ○ The behavior of a Task is the same regardless of what else is on the machine ● Predictability ○ Tasks behave the same each time they run ○ Unless they are specifically configured to use "slack" ● Quality of Service ○ Different tasks get different quality of resources ● Overcommitment ○ Oversell machine resources within QoS guarantees Google Confidential and Proprietary
  • 8. lmctfy: Let Me Contain That For You Open source containers stack based on Google’s. github.com/google/lmctfy/ Provides the Container abstraction to higher levels by abstracting away the kernel interfaces. Motivation ● Existing code, systems, and design around containers ● Problems with LXC ○ ○ No abstraction (direct knob exposure) No easy way to access programmatically Google Confidential and Proprietary
  • 9. lmctfy: Let Me Contain That For You Objectives ● Abstract away enforcement: separate policy from enforcement ● Scalability and parallel access ● Intent-based container specifications ● Asymmetric isolation ● Subcontainer support ● Provides tiers of quality of service System Layers ● CL1 ○ ○ ○ Container abstraction and enforcement Thin and light layer Current lmctfy ● CL2 ○ ○ ○ Sets policy (QoS, overcommitment) Higher level logic, monitoring, and control loops Stateful entity Google Confidential and Proprietary
  • 10. lmctfy: Fine-tuned resource isolation Current cgroup API is complicated with lots of knobs (each a cgroup file): Common: 5+ files cgroup.clone_children cgroup.event_control cgroup.procs notify_on_release release_agent CPU: 8+ files cpuacct.stat cpuacct.usage cpuacct.usage_percpu cpu.cfs_period_us cpu.cfs_quota_us cpu. rt_period_us cpu.rt_runtime_us cpu.shares cpu.stat Memory: 12+ files memory.failcnt memory.force_empty memory.limit_in_bytes memory.max_usage_in_bytes memory. move_charge_at_immigrate memory.numa_stat memory.oom_control memory.pressure_level memory.soft_limit_in_bytes memory.stat memory.swappiness memory.usage_in_bytes memory. use_hierarchy Cpuset: 12+ files cpuset.cpu_exclusive cpuset.cpus cpuset.mem_exclusive cpuset.mem_hardwall cpuset. memory_migrate cpuset.memory_pressure cpuset.memory_pressure_enabled cpuset. memory_spread_page cpuset.memory_spread_slab cpuset.mems cpuset.sched_load_balance cpuset.sched_relax_domain_level +DiskIO +Net +... Google Confidential and Proprietary
  • 11. Released 0.4.0 (This Week!) Initial version of lowest layer ● Written entirely in C++ ● Delivered as a CLI and a C++ library (C and Go bindings soon) ● Isolation for CPU, memory, and perf event ● Full support for subcontainers ● “Stateless” and lightweight ● Initial support for namespaces, more to come in the next week. Can be augmented with custom kernel patches ● CPU latency and accounting ● OOM priority Supported configurations ● Target configuration is well supported ● Designed to be flexible, but we test on a limited set of them ● More target configurations being added ● Contributions to add more are welcome Google Confidential and Proprietary
  • 12. Container Specifications message ContainerSpec { optional int64 owner = 1; optional optional optional optional optional ... CpuSpec cpu = 2; MemorySpec memory = 3; DiskIoSpec diskio = 4; NetworkSpec network = 5; VirtualHost virtualhost = 6; } message CpuSpec { optional ShedulingLatency scheduling_latency = 1; optional uint64 limit = 2; optional uint64 max_limit = 3; ... } Create: “cpu:<limit:1000 max_limit:2000> memory:<limit:4096000 reservation:1024000>” Google Confidential and Proprietary
  • 13. Cgroup Specifications Create: “cpu:<limit:1000 max_limit:2000 scheduling_latency:PRIORITY> memory:<limit:4096000 reservation:1024000>” equivalent lxc cgroup config: lxc.cgroup.cpu.shares = 2048 lxc.cgroup.cpu.cfs_period_us = 50000 lxc.cgroup.cpu.cfs_quota_us = 10000 lxc.cgroup.cpu.lat = 25 .. cpu performance knobs .. lxc.cgroup.memory.limit_in_bytes = 4096000 lxc.cgroup.memory.soft_limit_in_bytes = 1024000 .. memory performance knobs .. Google Confidential and Proprietary
  • 14. C++ API ::containers::lmctfy::ContainerApi ● Create ● Get ● Destroy ● Detect ● InitMachine ::containers::lmctfy::Container ● Update ● Run ● Notifications ● List (threads, PIDs, and subcontainers) ● Stats ● Pause/Resume ● KillAll CLI is a thin wrapper around the C++ API Google Confidential and Proprietary
  • 15. Container Names Path-like hierarchy of container names: Absolute: /parent/self Relative: self when in /parent Container Name Refers To / The root top-level container /sys The sys top-level container /sys/sub The sub subcontainer of the sys top-level container . or ./ The current container (current relative to the calling process) .. The parent container (parent relative to the calling process) ./foo_container or foo_container The foo_container subcontainer of the current container /foo_container The foo_container top-level container Google Confidential and Proprietary
  • 16. Roadmap Towards Version 1.0 ● Improve VirtualHost support ● Root file systems ● Checkpoint restore ● Support and target most major distros ● Fully compatible with Docker’s use of containers Higher Layer ● Admission control and feasibility checks ● Monitoring, notifications, and statistics ● Tiers of quality of service guarantees Contributions Welcome! Google Confidential and Proprietary
  • 17. Questions? Repository: https://github.com/google/lmctfy/ Mailing list: lmctfy@googlegroups.com Victor Marmol: vmarmol@google.com Rohit Jnagal: jnagal@google.com Google Confidential and Proprietary