Intel® Clear Containers: How We Made Them Smaller and Faster Part 2

  • Overview
  • Resources
  • Transcript

Clear Containers integrate seamlessly with popular container tools and orchestrators including Docker, Docker Swarm and Kubernetes. This hands on demonstration shows the containers being launched using Docker with the Clear Containers runtime on Ubuntu and Fedora.  

We also measure the difference in launch latency between containers launched with runc and Clear Containers. We show key  qemu/kvm capabilities used by Clear Containers. At the end we show Docker Swarm being used seamlessly with Clear Containers to launch a scaled out nginx service. 

Watch the rest of the Intel® Clear Containers Overview playlist

Hi, my name is Manohar Castelino. I'm part of the Clear Containers team. As part of this demo, I'll show you Clear Containers running on Fedora, as well as on Ubuntu. I will highlight some of the key QMU capabilities that we use in Clear Containers. And at the very end, I'll show you Clear Containers being orchestrated via Docker Swarm. 

Here I'm going to show you under Clear Containers running on Fedora. If you notice, we have Fedora running a 4.9.13 kernel. And on this machine, the default runtime for Docker has been set to Clear Containers. Now let's launch a Clear Container and time how long it takes for us to launch a Clear Container. So if you notice, it takes around 775 milliseconds to launch a Clear Container. 

Now let us launch a runC-based container. So now I'm launching the same alpine container, but with a runtime set to runC. If you notice, it took around 549 milliseconds. So the launch of a Clear Container takes around 200 milliseconds more than the namespace container. 

Let's take a quick look at what the Clear Container looks like. Each Clear Container is launched in its own virtual machine. So you will see a QEMU instance that corresponds to a Clear Container, with a machine type called pc-lite, which is an optimized machine type, which is used with Clear Containers. 

The root file system for the Clear Container is mapped into the virtual machine using NVDIMM. And it is mounted inside of the VM using DAX. Lastly, the container workload itself is mapped into the virtual machine using the [? plan man ?] file system. This allows to transfer in use of the old [INAUDIBLE] file system inside of the Clear Container. 

Next I'll show you Clear Containers being orchestrated by Docker Swarm inside Ubuntu. Here I'm on a machine running Ubuntu. And on this machine, the default runtime has been set to Clear Containers. Now let us create it on Docker Swarm. 

So I'll go and create a Docker Swarm on this machine. Now let me launch an NGINX service with three replicas. And let's see how long it takes for us to launch it. In the time that it took for runtime to command, we have three replicas of NGINX running in Clear Containers on this machine. Just to take a quick look if this is true. We will see that there are three VMs, one for each container running in the Docker Swarm. 

Now let's try to reach the service that we're running. So here I'm going to try to access the service multiple times. And you will notice that each time, we get a different response indicating that the response is coming from a different [INAUDIBLE] replica. And each response comes from one of the Clear Containers that has been launched as part of this swarm. 

So in summary, in this demo, you have seen Clear Containers being used seamlessly across multiple distributions. You have used it with all the Docker tools that you are used to, and being orchestrated in a Docker Swarm. If you are interested in trying this Clear Containers out and the entirety of this demo, you can find it at this link. Thanks for watching.