Isolate your containers the VM way with Intel® Clear Container technology and Cloud 66

alt

Cloud 66 joined the Intel® Cloud Builders to work closely with Intel® to bring their amazing technology in the reach of our customers. Of course with the Cloud 66 "EasyOps for Dev" promise.

Intel® Cloud Builders brings together industry leading solutions providers to deliver a choice of optimised software-defined infrastructure solutions. The collaboration helps lower technical barriers and accelerates innovation for Cloud 66 customers.

Docker runtimes

At Cloud 66 we are running Docker in production for our customers since the beginning of the container era. Lots of things changed in the last four years. We got much better security models with Docker, schedulers and the swappable network- and container-runtime drivers.

You are in control to change your (micro) service oriented architecture to another runtime models. Intel releases his own runtime, Intel® Clear Container, which is compatible with the OCI Runtime Specification. The OCI Runtime Specification is part of the open container initiative.

Let's talk about how we can leverage this technology with Cloud 66.

What is Intel® Clear Container technology?

Clear Containers leveraging the isolation of virtual machine technology along with the deployment benefits of containers.

Key ingredients in the Clear Container model are:

  • A fast and lightweight hypervisor. QEMU has been optimised to reduce memory footprint and improve startup performance.
  • Optimisations in the kernel.
  • Optimisations in systemd.
  • Utilisation of the DAX “direct access” feature of the 4.0 kernel.

This enables the page cache and VM subsystems to be bypassed entirely, allowing for faster filesystem accesses (no copies!) and lower per-container memory usage. Optimisation of core userspace for minimal memory consumption.

Combined, these features improve the resource utilisation efficiency significantly. The launch times are so fast that a typical user would hardly be able to see the difference. Clear Containers offer enhanced security with speeds vastly superior to traditional VM technologies.

Requirements

If you are ready to deploy a Docker stack with Cloud 66 using Intel® Clear Container technology you need to know on which hardware you can deploy. Your target hardware should support Intel® VT technology. You can use VM's provided by our supported Cloud providers, but the real power shines when you deploy your infrastructure on bare metal.

Luckily we integrate with Packet which provides Intel® hardware as a service. If you want to bring your own server, we have the option to deploy Intel® Clear Container technology using our feature called Registered Servers.

Deploy your containers with Intel® Clear Container and Cloud 66

Let create a new Docker stack first.

alt Give our new Docker stack a name and add some services. In this case some pre-build images.

alt

Next step is to setup the deployment to use Intel® Clear Container. Select configuration and edit the Deploy hooks.

alt

We create a snippet to install Intel® Clear Container on every docker node you add to your cluster. The deploy hook looks like this:

production:  
    after_docker: # Hook point
      - snippet: cloud66/clearcontainers # Hook type
        target: docker # Hook fields
        apply_during: build_only
        execute: true

alt

Let us deploy our Stack in a production environment.

alt

We must select the target cloud or deploy it on our own servers, using registered servers.

alt

We choice Packet!

alt

And we select a type 1 for testing our Clear Containers.

alt

After we hit deploy, Cloud 66 will do all the heavy lifting. Provising the nodes, install Docker, Clear Containers and all the nice features Cloud 66 has to over.

alt

You can check the server log and you see after Cloud 66 installed Docker the deploy hook install Intel® Clear Container. Whoop Whoop.
alt

And the running container:

alt

Take a look inside

If you SSH to your server and run the command ps aux you can see that every container is no isolated by Intel® Clear Container technology. Every process is isolated using /usr/bin/qemu-lite-system-x86_64.

Summary

Using Intel Clear Containers with Cloud 66 gives your container infrastructure wings. With a simple deploy hook in your deployment you can use Intel Clear Containers right out of the box. Be the first to try it.

Final Note: Using Intel Clear Containers with Cloud 66 is still in beta stage, test your setup first in a staging environment before migrating to production.

Have fun!

Daniël van Gils

Daniël van Gils is a developer advocate at Cloud 66. He helps other developers craft web apps and container based μ service architectures with ♥, to deploy on any server or public cloud.

Amsterdam & London
Subscribe and get updates

Have feedback? Please get in touch @cloud66 on Twitter.

Everything you need to build, manage and maintain containers in production on your own servers and any cloud

Try Cloud 66 — 14 Days Free Trial, No credit card required