Cloud Foundry Summit 2015: Diego Update

The Go gopher was designed by Renee French

DIEGOwhat’s new with

onsi fakhouri

last year…

last year…

story

last year…

last year…

HOPE

last year…

HOPEA NEW

this year….

this year….

…it’s complicated

this year….

…but there’s a plot twist

DIEGOstrikes back

? a rewrite

RUNTIME

? a rewrite

RUNTIME

DEA HMWarden

? a rewrite

RUNTIME

(in GO)DEA HMWarden

?

DEAGO

?

DIEGO

? DIEGO is

a distributed system thatorchestrates containerized workloads

? DIEGO isa distributed system that orchestrates containerized workloads

? DIEGO is

a distributed system that orchestrates containerized workloads

Cells

? DIEGO is


Cells

Brain

? DIEGO isa distributed system that orchestrates containerized workloads

Cells

Brain

BBS(currently etcd)

? DIEGOa distributed system that orchestrates containerized workloads

Cells

Brain

BBS(currently etcd)


Cells

Brain

BBS(currently etcd)

scheduler


Cells

Brain

BBS(currently etcd)

health-monitor

? DIEGO runs


? DIEGO runsa distributed system that orchestrates containerized workloads

one-off taskslong running

processes


long running processes

Taska unit of work

runs at most once


Task LRPa unit of work

runs at most onceN long-running instances

distributed across cells for HAmonitored & restarted


Task LRPgeneric, platform independent, abstraction


Task LRP

working today

generic, platform independent, abstraction


Task LRPsuccessful abstraction

working today

…confusion

…confusion

=?

…confusion

? ?

…confusion

?

…confusion

?

isolation

?

? isolation

shared resources

pro

cess

A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess

F

kernel

tenant 1 tenant 2tenant 3

? isolation

shared resources

kernel

resource isolation

namespace isolation

pro

cess

A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess

Ftenant 1 tenant 2tenant 3

? isolation

CPU

kernel

resource isolation

namespace isolation

pro

cess

A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess


? isolation

resource isolation

namespace isolation

CPUp

roce

ss A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess


? isolation

resource isolation

namespace isolation

pro

cess

A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess


CPU

? isolation

resource isolation

namespace isolation

pro

cess

A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess


cgroups

CPU

? isolation

resource isolation

namespace isolation

pro

cess

A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess


cgroupsp

roce

ss D

pro

cess

E

pro

cess

F

CPU

? isolation

shared resources

kernel

resource isolation

namespace isolation

pro

cess

A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess


? isolation

kernel

resource isolation

namespace isolation

pro

cess

A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess


ProcessID

? isolation

resource isolation

namespace isolation

pro

cess

A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess


PID 2 3 4 5 6 7

? isolation

resource isolation

namespace isolation

pro

cess

A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess


PID 2 3 4 5 6 7

PID namespace

? isolation

resource isolation

namespace isolation

pro

cess

A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess


PID 2 3 4 2 2 3

PID namespace

? isolation

resource isolation

namespace isolation

pro

cess

A

pro

cess

B

pro

cess

C

pro

cess

D

pro

cess

E

pro

cess


PID

shared resources

kernel

NetworkMountUser

namespaces

?

? =

isolation

User

Network

cgroups

PID

?

?

? =

isolation

PID

User

Network

cgroups

?

? =

isolation

PID

User

Network

cgroups

+

contents

?

? =

isolation

PID

User

Network

cgroups

+

contents

+

processes

?

? =

?

TasksLRPs

in

?

TasksLRPs

in Garden

?Garden

allows Diego to programmatically say

“make me a container”“put this in it” “then run this”

via a platform-agnostic API

?Garden

allows Diego’s abstractions to be flexible

?

cf push

?

cf push haiku

here is my source code

i do not care howrun it on the cloud for me

?

appsourcecode

Task

staging

cf push

? cf push

compiled assetapp + app-specific dependencies

assumes a particular execution context

cflinuxfs2

? cf push

?

? cf push

LRP

? cf push

? cf push

cflinuxfs2

preloaded rootfs

? cf push

cflinuxfs2

preloaded rootfs

download droplet

? cf push

cflinuxfs2

preloaded rootfs

download droplet

start command

? cf push

Droplet LRP{memory: 128mb,

rootfs: “preloaded:cflinuxfs2”,setup: <download-droplet>,

run: {metadata}.start-command}

? cf push

{memory: 128mb,

rootfs: “preloaded:cflinuxfs2”,setup: <download-droplet>,


Droplet LRP

?

cf push

?

cf push-docker

? cf push-docker

? cf push-docker

docker image

? cf push-docker

docker image docker metadata

? cf push-docker

docker image docker metadata

docker registry

}

?

Docker LRP{memory:128mb,

rootfs: “docker://docker-image”,

run: {docker metadata}.start-command}

cf push-docker

??

(anything)

??

(anything) (anything)

??

appc

?

cf push-docker

?

cf push -stack windows

?

Garden-Windows

resource isolationkernel job object

disk quotas

namespace isolationuser profiles

Host Web Core(an isolated IIS instance)

Garden-Linux

resource isolationcgroups

namespace isolationPID

NetworkUser

Mount

?

collaborating with Microsoft

Garden-Windows

?

Garden-Windows

provides a container experience for Windows 2012that will only get better with Windows 2016

allows us to build a cf push experience

?

Garden-Linux Garden-Windows

?

Garden-Linux Garden-Windows

?Garden API

?

Garden APIGarden-LinuxGarden-Windows

?

.net LRP{memory: 128mb,

rootfs: “preloaded:windows2012R2”,setup: <download-application>


?

3 different contexts

? 1 cluster

architecture code

architecture code

testsTDD

architecture code

testse.g. performance, simulation

architecture code

tests

architecture code

tests

(agile architecture)

last year…

Cells

Brain

BBS

Distributed auction

Cells

Brain

BBS

architecture

architecture code

architecture

tests

code

architecture

simulation

code

architecture

100 cells

code

simulation

architecture

100 cells200 cells

code

simulation

architecture code++

100 cells200 cells

simulation

architecture code++

100 cells200 cells400 cells

simulation

architecture code++++++


simulation

architecture code++++++


1000s cells?

simulation

Cells

Brain

BBS

Distributed auction

Cells

Brain

BBS

Centralized HAscheduler

API(it’s just simpler this way)

cf pushCloud

Controller

CloudController

DEA

cf push

stage

DEA

DEA

DEArun

CloudControllercf push

stage

run


stage

run

app-specific


stage

run

app-specific generic


stage

run

CCBridge

app-specific generictask

LRP


stage

run

CCBridge

task

LRP

Cells

BrainBBS

app-specific generic

(DB != API)


stage

run

CCBridge

task

Cells

BrainBBS

LRP


stage

run

CCBridge

Cells

BrainBBS

task

LRP


stage

run

CCBridge

Cells

BrainBBS


stage

run

CCBridge

Cells

BrainBBS

Rece

pto

r A

PI

CloudController

CCBridge

Cells

BrainBBS

Rece

pto

r A

PI

generic consumer

CloudController

CCBridge

Cells

BrainBBS

Rece

pto

r A

PIgeneric consumer

other consumers?

Cells

BrainBBS

Rece

pto

r A

PITask or LRP

Cells

BrainBBS

Rece

pto

r A

PITask or LRP

meh

Cells

BrainBBS

Rece

pto

r A

PITask or LRP

gorouter

http traffic

Cells

BrainBBS

Rece

pto

r A

PITask or LRP

gorouter

http traffic

loggregator

logs

vagrant up

vagrant up

terraform apply

vagrant up

terraform apply

ltc create <app>

lattice.cf

lattice.cf

Local VM

lattice.cf

Local VMAWS

Digital OceanGoogle Cloud PlatformOpenStack (thanks!)

?

?Why

?

CCUAA

DiegoLoggregator

GorouterBuildpacksServices

BOSH

?

CCUAA

DiegoLoggregator


BOSH

DiegoLoggregator

Gorouter

?

CCUAA

DiegoLoggregator


BOSH

single-tenant

?

CCUAA

DiegoLoggregator

GorouterBuildpacks*

ServicesBOSH

dockersingle-tenant

?

CCUAA

DiegoLoggregator

GorouterBuildpacks*

ServicesBOSH

BYOSdocker

single-tenant

?

CCUAA

DiegoLoggregator

GorouterBuildpacks*

ServicesBOSH

no rolling upgradesBYOS

dockersingle-tenant

?

cluster root(now go play)

?

?Why

?

…is a useful low-barrier solution to real-world problems

…makes exploring Diego easy

…is a softer onramp to the CF tech stack

…allows us to efficiently prototype new ideas for Diego’s future

Lattice…

“rewrite the DEA”Diego’s scope is much more than

Diego is running in production on PWSManaging ~5% of the load

Running Pivotal’s internal applications

Diego is in beta while wevalidate performance at O(~100s) of cells

secure Diego’s internal components

Start using it alongside the DEAs now and give us feedback

Diego should be out of beta within Q3(probably)

Then what?

Placement Constraintstop of backlog post-beta

cf ssh <app/index>working now, CLI support on the way

shell access, port forwarding, scp

TCP Routingkicking off with GE

Cloud Foundry and IOT protocol supportAtul Kshirsagar - Monday 1:30

Private Docker Registryin collaboration with SAP

Let Diego Manage your Docker ApplicationGeorgi Saber - Tuesday 2:10

Support for persistence(a long term goal)

The Road to Persistence on Cloud Foundry DiegoCaleb Miles & Ted Young - Tuesday 11:20

Container-Container networking(a long term goal)

Condenserlightweight buildpacks for Lattice

github.com/cloudfoundry-incubator/diegolattice.cf

xray.cfopen-house: monday@1:30

http://github.com/cloudfoundry-incubator/diego

Cloud Foundry Summit 2015: Diego Update

Technology

Transcript of Cloud Foundry Summit 2015: Diego Update