Connecting Containers

Building a PaaS with Docker and Kubernetes

Presented by
Katie Miller / @codemiller
Steve Pousty / @TheSteve0

Deployment Styles

Wait and See
request server >> wait >> wait some more >> request deployment >> while (environment issues) { reattempt deployment >> wait } >> in production
Resource Loop
request server >> wait >> request deployment >> in production >> app fails under load >> request server...
Procure Cure
attempt to navigate IT Service Desk software >> fail >> acquire server on the sly >> in "production"
Friends in High Places
failure in production >> call in Chuck Norris >> Norris whispers "you better run" >> the app runs


  • Freedom to choose best tool for the job, without config headaches
  • Fast, easy, reproducible deployments, made up of small components wired together (à la microservices)
  • Ability to scale pieces of a solution independently, to meet changing demand
  • End battles between Dev and Ops; automated deployment pipeline; CI/CD
  • Security and the ability to respond quickly to issues

Platform as a Service

Reasons to Rebuild

Act on lessons from the past three years of running a PaaS
New technologies to build on, including Docker image-based packaging and large associated ecosystem

The New Stack

Why touch the OS

Change happens!

Virtualisation and then Cloud

A lot of experience with Linux and the growth of containers


A system to compose RPMs on a server side into an OSTree repository

Minimal System

Best supported kernel in the world

All the System Utilities you need and nothing else

Containers first-class citizens

Made for running containers

Includes a console for management


Fast boot: OS with just the good parts
Container management and security is its speciality
Friggin' awesome kernel

Defining Container

  • In Docker parlance, a container is a running instance of an image
  • Based on Linux containers (namespaces, control groups)
  • Combines file system layers into a "Union File System"
  • Includes all of the components necessary to run a process, store persistent data, or both

Containers vs. VMs

Container Operations

Instantiate a Docker container with docker run:

$ docker run -i -t centos /bin/bash
bash-4.1# exit

List running and exited docker processes with docker ps:

$ docker ps -l
CONTAINER ID  IMAGE                  COMMAND      CREATED         STATUS      NAMES
7c4ef3596fa5  centos:latest  "/bin/bash"  49 seconds ago  Exited (0)  grave_newton

Rejoin containers with docker attach:

$ docker start grave_newton
$ docker attach grave_newton
bash-4.1# exit

'Diffing' a Container

Add a label to a docker container and install wget:

$ docker run -i -t --name="add_wget" centos /bin/bash
bash-4.1# yum install -y wget
bash-4.1# exit

Run a diff on the container after it has run:

$ docker diff add_wget
C /.bash_history
C /etc
A /etc/wgetrc
C /tmp
C /usr
C /usr/bin
A /usr/bin/wget
C /usr/share
C /usr/share/doc
A /usr/share/doc/wget-1.12

Containers as Daemons

A docker container runs until:

  • The process inside it exits or
  • You stop it with docker stop <container_name>

Linking Containers

  • Containers on the same host can be linked together
  • Links between containers are not accessible outside the host
  • Links are shared via ENV and /etc/hosts

Docker: Pros and Cons


  • Extreme application portability
  • Very easy to create and work with derivative images
  • Fast boot on containers


  • Host-centric solution; not aware of anything else
  • No higher-level provisioning
  • No usage tracking / reporting


Efficient resource usage
BYOB - bring your own bits
A standard way for people to make container images
Huge ecosystem


Greek for 'pilot' or 'helmsman'
"a system for managing containerised applications across multiple hosts"
declarative model
open source project by Google

Terminology and Architecture


  • pod: colocated group of Docker containers that share an IP and storage volumes
  • service: provides a single, stable name for set of pods and acts as basic load balancer
  • replication controller: manages the lifecycle of pods and ensures specified number are running
  • label: used to organise and select groups of objects


  • cluster: compute resources on top of which containers are built
  • node: Docker host running kubelet (node agent) and proxy services
  • master: hosts cluster-level control services, including the API server, scheduler, and controller manager
  • etcd: distributed key-value store used to persist Kubernetes system state


Runtime and operational management of containers

Manage related Docker containers as a unit
Container communication across hosts
Availability and scalability through automated deployment and monitoring of pods and their replicas, across hosts

Rebuilding OpenShift

Design Goal

Kubernetes provides a
container runtime

OpenShift provides the
DevOps and team environment


  • application: one or more pods linked together by services; distinct, interconnected components
  • config: collection of objects describing combination of pods, services, replication controllers, environment variables, and other components
  • template: parameterised version of config for generalised reuse
  • build config: object defining source code URI, authentication for change notifications (webhooks), and build type (source-to-image or docker-builder)
  • deployment: image and settings for it: replication controller, trigger policies, and deployment strategy


  • Ability to build, manage, and deliver application descriptions at scale
  • Turning source code into new deployable components
  • Support for common workflows, the application lifecycle, and teams
    • Integration of CI/CD flows into Kubernetes; trigger builds manually or from code, app, or image changes
    • Support for projects and multi-user usage and tracking; default network isolation based on team access control



Build a single artifact containing the dependency chain for reproducible deployments
Share common technology stacks and common patterns for rolling out changes
Efficiently manage thousands of applications, auto-scaling components independently and updating them en masse
Easily provision new resources at scale and subdivide them for teams
Responsive, change-aware platform supports fault-tolerant, automated, and repeatable builds and deployments


  • We covered A LOT
  • For us, it's the Linux story again - come build with us!
  • Your world as a sys admin or developer is looking bright
    • Use containers to have an agreed upon way to managage server bits
    • We can automate some annoying things - i.e. dev env creation or autoscaling
    • Template an entire application - infra and code
    • OpenShift packages all this technology into one nice package

References and Resources

Connecting Containers

Presented by
Katie Miller / @codemiller
Steve Pousty / @TheSteve0

Runs on Kubernetes Presentation Source