don’t talk to strangers: test isolation with containers

Don’t talk to strangers

Test isolation with containers

Hristo Iliev, Georgi Sabev | SAP Labs 18-19 November, Sofia

Hristo Iliev

ISTAcon.org 18-19 November, Sofia

• NetWeaver Application Server Java

• SAP HANA Cloud Platform

Open Source

• Eclipse Virgo

• Cloud Foundry (Diego & Abacus)

Georgi Sabev

• SAP HANA Cloud Platform

Open Source

• Cloud Foundry (Diego & Abacus)

PicturesCreative Commons @ Flickr

Creating Working Software

Automation

Discipline

Problems

Test Pollution

Environment variables

Database records

Programs / libraries

Resource contention

Processes compete for

• CPU

• Memory

• I/O

Multiple environments

Mobile / Desktop

Cloud / Standalone

Databases

Versions

Test problems summary

Test pollution

Resource contention

Multiple environments

Solutions

Traditional

• Dedicated hardware

• Virtual machines

• Cloud: AWS, Azure

New tools

Containersbuild, isolate, ship

Container: Resource isolation

Tenant 1 Tenant 2 Tenant 3

Kernel

A FEDCB

Kernel

A FEDCB

Kernel

A FEDCB

Linux Kernel

Container: Namespace isolation

PID, Network, Mount, User

Kernel

Containerization = Lightweight Virtualization

Operating System

Hypervisor

Virtual Machine

Operating System

Bins / libs

App App

Virtual Machine

Operating System

Bins / libs

App App

Container Daemon

Container

Bins / libs

App App

Container

Bins / libs

App App

Virtualization Containerization

Operating System

Hardware Hardware

Container

ISTAcon.org18-19 November, Sofia

Network

cgroups

Isolation

Container

Content

Network

cgroups

Isolation

Container

Content Processes

Network

cgroups

Isolation

Container

Network

cgroups

Container actions

Make me a container

Container actions

Put this in itMake me a container

Container actions

Put this in it Run this for meMake me a container

Docker

“Build, Ship, Run” Containers

• Dockerfile

• Docker image

• Docker Hub

Docker

Go lang

https://github.com/hsiliev/strangers

Containers: Pros & Cons

• Isolation

• Reproducible environment

• Easy to maintain

• Multi-platform

• Discipline

Software Production

Complexity

Automation

PipelinesMultiple-builds

don’t talk to strangers: test isolation with containers

Software

strangers universe #3

container based virtualization applied€¦ · •...

relations with strangers - talent education › ... ›...

talking to strangers

container isolation at scale - schd.ws isolation at... ·...

de strangers

a survey on security isolation of virtualization ... ·...

a survey on security isolation of virtualization...

family of strangers

strangers' pitch

(kernel) isolation – pv, hvm, os-v technologies in...

strangers s2 #2

meeting strangers,

interfacestudio strangers

becoming strangers:

containers and isolation as implemented in the linux kernel

strangers tips

strangers report lr_20080924101433

the strangers 2

strangers book