[YARN-2466] Umbrella issue for Yarn launched Docker Containers - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: 2.4.1
Fix Version/s: None
Component/s: None
Labels:
- Docker

Description

Docker (https://www.docker.io/) is, increasingly, a very popular container technology.

In context of YARN, the support for Docker will provide a very elegant solution to allow applications to package their software into a Docker container (entire Linux file system incl. custom versions of perl, python etc.) and use it as a blueprint to launch all their YARN containers with requisite software environment. This provides both consistency (all YARN containers will have the same software environment) and isolation (no interference with whatever is installed on the physical machine).

In addition to software isolation mentioned above, Docker containers will provide resource, network, and user-namespace isolation.

Docker provides resource isolation through cgroups, similar to LinuxContainerExecutor. This prevents one job from taking other jobs resource(memory and CPU) on the same hadoop cluster.

User-namespace isolation will ensure that the root on the container is mapped an unprivileged user on the host. This is currently being added to Docker.

Network isolation will ensure that one user’s network traffic is completely isolated from another user’s network traffic.

Last but not the least, the interaction of Docker and Kerberos will have to be worked out. These Docker containers must work in a secure hadoop environment.

Additional details are here: https://wiki.apache.org/hadoop/dineshs/IsolatingYarnAppsInDockerContainers

Attachments

Issue Links

incorporates

YARN-2478 Nested containers should be supported

Resolved

YARN-2479 DockerContainerExecutor must support handling of distributed cache

Resolved

YARN-2482 DockerContainerExecutor configuration

Resolved

YARN-2981 DockerContainerExecutor must support a Cluster-wide default Docker image

Resolved

YARN-2477 DockerContainerExecutor must support secure mode

Resolved

YARN-2480 DockerContainerExecutor must support user namespaces

Resolved

YARN-2481 YARN should allow defining the location of java

Resolved

YARN-2718 Create a CompositeConatainerExecutor that combines DockerContainerExecutor and DefaultContainerExecutor

Resolved

YARN-3095 Enable DockerContainerExecutor to update Docker image

Resolved

YARN-1964 Create Docker analog of the LinuxContainerExecutor in YARN

Closed

YARN-2878 Fix DockerContainerExecutor.apt.vm formatting

Closed

is part of

YARN-3290 DockerContainerExecutor should optionally limit memory and cpu

Resolved

YARN-3291 DockerContainerExecutor should run as a non-root user inside the container

Resolved

is related to

YARN-3611 Support Docker Containers In LinuxContainerExecutor

Resolved

(6 incorporates, 2 is part of, 1 is related to)

Sub-Tasks

1.	Document and fix indentation in the DockerContainerExecutor code	Resolved	Ravi Prakash
2.	Docker images should be downloaded during localization	Resolved	Unassigned
3.	TestDockerContainerExecutor should run automatically if it can detect docker in the usual place	Resolved	Ravindra Kumar Naik
4.	TestDockerContainerExecutor should clean test docker image from local repository after test is done	Resolved	Unassigned
5.	Nested containers should be supported	Resolved	Unassigned
6.	DockerContainerExecutor must support handling of distributed cache	Resolved	Unassigned
7.	DockerContainerExecutor configuration	Resolved	Unassigned
8.	DockerContainerExecutor should allow user specify "docker run" parameters	Resolved	Chen He

Activity

People

Assignee:: Unassigned

Reporter:: Abin Shahab

Votes:: 1 Vote for this issue

Watchers:: 60 Start watching this issue

Dates

Created:: 29/Aug/14 00:18

Updated:: 16/May/18 19:58

Resolved:: 04/Apr/18 12:35