Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
2.4.1
-
None
-
None
Description
Docker (https://www.docker.io/) is, increasingly, a very popular container technology.
In context of YARN, the support for Docker will provide a very elegant solution to allow applications to package their software into a Docker container (entire Linux file system incl. custom versions of perl, python etc.) and use it as a blueprint to launch all their YARN containers with requisite software environment. This provides both consistency (all YARN containers will have the same software environment) and isolation (no interference with whatever is installed on the physical machine).
In addition to software isolation mentioned above, Docker containers will provide resource, network, and user-namespace isolation.
Docker provides resource isolation through cgroups, similar to LinuxContainerExecutor. This prevents one job from taking other jobs resource(memory and CPU) on the same hadoop cluster.
User-namespace isolation will ensure that the root on the container is mapped an unprivileged user on the host. This is currently being added to Docker.
Network isolation will ensure that one user’s network traffic is completely isolated from another user’s network traffic.
Last but not the least, the interaction of Docker and Kerberos will have to be worked out. These Docker containers must work in a secure hadoop environment.
Additional details are here: https://wiki.apache.org/hadoop/dineshs/IsolatingYarnAppsInDockerContainers
Attachments
Issue Links
- incorporates
-
YARN-2478 Nested containers should be supported
- Resolved
-
YARN-2479 DockerContainerExecutor must support handling of distributed cache
- Resolved
-
YARN-2482 DockerContainerExecutor configuration
- Resolved
-
YARN-2981 DockerContainerExecutor must support a Cluster-wide default Docker image
- Resolved
-
YARN-2477 DockerContainerExecutor must support secure mode
- Resolved
-
YARN-2480 DockerContainerExecutor must support user namespaces
- Resolved
-
YARN-2481 YARN should allow defining the location of java
- Resolved
-
YARN-2718 Create a CompositeConatainerExecutor that combines DockerContainerExecutor and DefaultContainerExecutor
- Resolved
-
YARN-3095 Enable DockerContainerExecutor to update Docker image
- Resolved
-
YARN-1964 Create Docker analog of the LinuxContainerExecutor in YARN
- Closed
-
YARN-2878 Fix DockerContainerExecutor.apt.vm formatting
- Closed
- is part of
-
YARN-3290 DockerContainerExecutor should optionally limit memory and cpu
- Resolved
-
YARN-3291 DockerContainerExecutor should run as a non-root user inside the container
- Resolved
- is related to
-
YARN-3611 Support Docker Containers In LinuxContainerExecutor
- Resolved
1.
|
Document and fix indentation in the DockerContainerExecutor code | Resolved | Ravi Prakash | |
2.
|
Docker images should be downloaded during localization | Resolved | Unassigned | |
3.
|
TestDockerContainerExecutor should run automatically if it can detect docker in the usual place | Resolved | Ravindra Kumar Naik | |
4.
|
TestDockerContainerExecutor should clean test docker image from local repository after test is done | Resolved | Unassigned | |
5.
|
Nested containers should be supported | Resolved | Unassigned | |
6.
|
DockerContainerExecutor must support handling of distributed cache | Resolved | Unassigned | |
7.
|
DockerContainerExecutor configuration | Resolved | Unassigned | |
8.
|
DockerContainerExecutor should allow user specify "docker run" parameters | Resolved | Chen He |