Just DOckerize It

By Jack Bezalel

AllCloud Blog: Cloud Insights and Innovation

If you feel overwhelmed by the breakdown of technologies Docker is built on, here is a cheat sheet to ease the pain.
Take a look at the new structure of the Docker platform, many of its components are now offered as individual components that anyone can use to build a new container framework. Although Docker has just started offering these new generalized components, the components have been part of  Docker’s open source free tools as well as enterprise paid products for several months and tested have been tested in the field.

This new structure is part of the OCI – Open Container Initiative driven projects.

Users of Docker tools should not experience any change in their work flows, and system builders now have common standard hooks they can use to stack their solutions into Docker and other container based frameworks.

  1. Moby is a standard framework for system builders to create customized containers based on Docker or other engines. Moby container images are called Assemblies and they usually contain a specific set of components such Infrakit, Linuxkit, Containerd, JDK, Java App.
  2. InfraKit is a toolkit for creating and managing self-healing infrastructure. InfraKit is designed to support setup and management of base infrastructure. For example, it can help you manage a system like a cluster or container orchestrator
  3. LinuxKit, a toolkit for building custom minimal, immutable Linux distributions. Linuxkit is a hardened minimized Linux image as the basis for building container images – based on minimized read-only Alpine Linux that is cryptographically  verified and used for the initialization of a container. Linuxkit include a timer counter that triggers the refresh of your container image so you always run the latest most secure baseline and also reverse any changes an attacker may have caused to your container
  4. Containerd is the open source generalized replacement for dockerd daemon. It takes care of image retrieval, network name spaces, launching runC. Containerd includes a daemon exposing gRPC API over a local UNIX socket – much more robust that the REST API previous versions of Dockerd daemon was using.
  5. RunC is a CLI that activates the actual container engine required for our image: Docker, Rkt or others
  6. Notary is the mechanism that signs an verifies cryptographically the images in its registry.
  7. SwarmKit is a toolkit for orchestrating distributed systems at any scale. It includes primitives for node discovery, raft-based consensus, task scheduling and more. Swarmkit takes care of cluster maintenance including rotation of certificates.

Docker’s ecosystem is continuing to evolve and the new components are certainly what people have been asking for. Now it’s time to see what they create…

Jack Bezalel

Read more posts by Jack Bezalel