Download - Java Container Images
![Page 1: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/1.jpg)
LEVEL UPYour
Java Container Images
Melissa McKayDeveloper Advocate @JFrog
![Page 2: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/2.jpg)
MELISSA MCKAYDeveloper Advocate @JFrog @melissajmckay
linkedin.com/in/melissajmckay
![Page 3: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/3.jpg)
THE AGENDA
• Brief History
• The Container Market
• What is Docker?
• What is a Container?
• Container Gotchas
![Page 4: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/4.jpg)
HOW ARE YOU USING CONTAINERS TODAY???
• LOCALLY
• TEST/QA ENVIRONMENTS
• PRODUCTION
• WE DON’T USE THEM TODAY
• WE ARE CONSIDERING USING THEM
![Page 5: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/5.jpg)
ALLABOUT . . .
CONTAINERS
![Page 6: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/6.jpg)
SHARING LIMITED RESOURCES
1979 / 1982- chroot
![Page 7: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/7.jpg)
PROGRESS TOWARD VIRTUALIZATION▪ 2000 - FreeBSD jail
▪ 2004 - Solaris Zones / snapshots
▪ 2006 - Google Process Containers / cgroups
▪ 2008 - IBM LinuX Containers (LXC)
▪ 2013 - Docker (open source!) - Google LMCTFY (open source!)
▪ 2014 - Docker trades LXC for libcontainer
▪ … more stuff happened
▪ June 2015 - Open Container Project/Initiative (OCI)
○ Runtime Specification (runtime-spec)
○ Image Specification (image-spec)
▪ … even more stuff happened and is still happening!
2011
Java 7
2014Java 8
![Page 8: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/8.jpg)
THE CONTAINER MARKET (according to Sysdig)
18
2017 - 45,000 Containers, 99% Docker
2018 - 90,000 Containers
Fig. 1. 2018 Container Runtimes from: "2018 Docker usage report," 29 May. 2018, sysdig.com/blog/2018-docker-usage-report/. Accessed 10 Jun. 2020.
![Page 9: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/9.jpg)
THE CONTAINER MARKET (according to Sysdig)
19
2019 - 2 million Containers(includes both SaaS & on prem users)
Fig. 2. 2019 Container Runtimes from: "Sysdig 2019 Container Usage Report: New Kubernetes and security insights," 29 Oct. 2019, sysdig.com/blog/sysdig-2019-container-usage-report/. Accessed 10 Jun. 2020.
![Page 10: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/10.jpg)
THE CONTAINER MARKET (according to Sysdig)
20
2020/21 - 2 million Containers(a subset of customer containers)
Fig. 3. Container runtimes from: "REPORT.2021 Container Security And Usage Report," Jan 2021, https://dig.sysdig.com/c/pf-2021-container-security-and-usage-report?x=u_WFRi. Accessed 21 Jan. 2021.
![Page 11: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/11.jpg)
WHATEXACTLYIS DOCKER?
21
![Page 12: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/12.jpg)
22
WHAT DO WE ACTUALLY NEED/WANT?
• An isolated environment where a user/application can operate, sharing the
host system’s OS/kernel without interfering with the operation of another
isolated environment on the same system (a container)
• A way to define a container (an image format)
• A way to build an image of a container
• A way to manage container images
• A way to distribute/share container images
• A way to create a container environment
• A way to launch/run a container (a container runtime)
• A way to manage the lifecycle of container instances
![Page 13: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/13.jpg)
DOCKER, THE WHOLE PACKAGE
23
DOCKER ENGINEDOCKER IMAGE FORMATDockerfile docker build
docker images
docker rm
docker pushdocker pull
DOCKER HUB
docker run docker stop docker ps
![Page 14: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/14.jpg)
BREAKING UP THE MONOLITH
24
OCI CONTAINER RUNTIME
OCI IMAGE FORMAT
• Docker V2 Image Spec
• runC (which used to be libcontainer... which was
written by Docker)
OTHERS - containerd, rkt, cri-o, Kata, etc...
https://lwn.net/Articles/741897/
https://www.ianlewis.org/en/container-runtimes-part-1-introduction-container-r
![Page 15: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/15.jpg)
WHAT IF I DON’T WANNA DOCKAH??
25
& Skopeohttps://developers.redhat.com/blog/2019/02/21/podman-and-buildah-for-docker-users/https://www.redhat.com/en/blog/say-hello-buildah-podman-and-skopeohttps://developers.redhat.com/blog/2020/02/12/podman-for-macos-sort-of/
![Page 16: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/16.jpg)
WHATEXACTLYIS A CONTAINER?
26
![Page 17: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/17.jpg)
CONTAINER COMPONENTS
27
TARBALL OF A FILESYSTEM
LINUX FEATURES
• namespaces
• cgroups
• Union File systems
Mix these together to create and run a container! Voila!
https://docs.docker.com/get-started/overview/
![Page 18: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/18.jpg)
FILESYSTEM DETAILS
28
...
...
NOTE: On OSX, containers will actually be running in a tiny Linux VM (use screen)screen ~/Library/Containers/com.docker.docker/Data/vms/0/ttyscreen ~/Library/Containers/com.docker.docker/Data/vms/0/tty
![Page 19: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/19.jpg)
FILESYSTEM DETAILS
29
...
...
![Page 20: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/20.jpg)
FILESYSTEM DETAILS
30
![Page 21: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/21.jpg)
CONTAINER GOTCHAS
31
![Page 22: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/22.jpg)
CONTAINER GOTCHAS - RUNNING AS ROOT
32
![Page 23: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/23.jpg)
CONTAINER GOTCHAS - NO CONSTRAINTS
33
![Page 24: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/24.jpg)
CONTAINER GOTCHAS - NEVER UPDATING
34
![Page 25: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/25.jpg)
CONTAINER GOTCHAS - JAVA/JVM GOTCHAS
35
![Page 26: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/26.jpg)
CONTAINER GOTCHAS - IMAGE BLOAT
36
![Page 27: Java Container Images](https://reader034.vdocuments.net/reader034/viewer/2022042415/625f143205ac0b2d5230fdb6/html5/thumbnails/27.jpg)
MANAGING YOUR IMAGES - REMOTE BY DEFAULT
38
START FREE: http://jfrog.co/FreeDevOpsTools_STLJUG
https://dzone.com/refcardz/getting-started-with-container-registries