The recent GA release of DC/OS 1.8 (and Enterprise DC/OS 1.8) included a wide range of new features, with one of the most important being the DC/OS universal container runtime. First presented to the world as part of the recent Apache Mesos 1.0 release in July, the universal container runtime allows DC/OS users to deploy Docker images without depending on the Docker daemon. Instead, these containers will leverage the Mesos containerizer that is deeply embedded within DC/OS.
Keep reading for a deeper dive into this promising technology.
What is the DC/OS universal container runtime?
In practice, the DC/OS universal container runtime extends the Mesos containerizer to support running multiple container image formats. Docker is supported today, with OCI and AppC already in the works. This means that DC/OS users can launch and manage a greater number of containerized applications.
For a more technical look at the DC/OS universal container runtime, including how to deploy a Docker container with it (it's a quite simple process), read this post on the open source DC/OS site.
Why did we build it?
The DC/OS architecture follows the UNIX philosophy of creating simple and composable programs. We believe that this is the best way to deliver a stable core product while allowing innovation to happen around the core. While we respect Docker and the innovation it has brought to the industry with the Docker container format, recent moves to embed more and more functionality into the Docker daemon have come at the expense of simplicity, composability and stability.
Our customers (and open source DC/OS users) have expressed concern over this issue, along with a desire for freedom of choice as the container ecosystem evolves. The container ecosystem is still young and we want DC/OS users to be able to choose the container image format that is right for their use case, and run it with the scalability, reliability and flexibility that they demand.
We also want users to benefit from the advanced capabilities of the Mesos containerizer—such as network performance isolation—no matter which container image format they're running. The current method of running Docker containers on DC/OS uses a different code path that is dependent on the Docker daemon, so it cannot utilize these capabilities. We developed the DC/OS universal container runtime to overcome this issue and achieve the goals stated above.
Why is the DC/OS universal container runtime better?
Although the DC/OS universal container runtime is still labeled as experimental (Read: "Use it in production at your own risk.") it is built on the Mesos containerizer that has been running production systems for years. Mesosphere and the DC/OS community are hard at work to make the universal container runtime stable as soon as possible.
The universal container runtime offers the following advantages over other options:
- Removes your dependency on the Docker daemon, which has historically resulted in stoppage of all containers should the daemon need to be restarted. This can happen when the daemon becomes unresponsive or needs to be upgraded. Additionally, Docker must be installed on each of your agent nodes running containers, all of which must be updated each time a new version of Docker comes out.
- The universal container runtime is in large part based on simple code that has been running in production for years. As the new code pieces mature, it will become the most stable and scalable way to run Docker containers with DC/OS.
- The universal container runtime allows you to take advantage of continuing innovation within the Mesos and DC/OS communities, as well as on Mesosphere Enterprise DC/OS. These include current and forthcoming features such as IP per container, strict container isolation, container-level security and privacy, CNI support, network performance isolation, GPU support and more.
- The universal container runtime can be extended to support other container formats in the future, such as OCI, AppC, LXD, Clear Containers and more.
In time, we expect the DC/OS universal container runtime to become the de facto runtime for containers operations on DC/OS. Not because we or the open source DC/OS community will dictate that change, but because users and customers will find it to be the optimal choice. Whether they use it to deploy Docker, Mesos, AppC and/or OCI-spec containers will be their choice, too. Getting to choose the best tools for the job is what open source is all about.