Containers at Google

A better way to develop and deploy applications

Try It Free View Documentation
The Google Way

From Gmail to YouTube to Search, everything at Google runs in containers. Containerization allows our development teams to move fast, deploy software efficiently, and operate at an unprecedented scale. Each week, we start over two billion containers. We’ve learned a lot about running containerized workloads in production over the past decade, and we’ve shared this knowledge with the community along the way: from the early days of contributing cgroups to the Linux kernel, to taking designs from our internal tools and open sourcing them as the Kubernetes project. We’ve packaged this expertise into Google Cloud Platform so that developers and businesses of any size can easily tap the latest in container innovation.

Containers 101: What are containers?

Containers offer a logical packaging mechanism in which applications can be abstracted from the environment in which they actually run. This decoupling allows container-based applications to be deployed easily and consistently, regardless of whether the target environment is a private data center, the public cloud, or even a developer’s personal laptop. Containerization provides a clean separation of concerns, as developers focus on their application logic and dependencies, while IT operations teams can focus on deployment and management without bothering with application details such as specific software versions and configurations specific to the app.

For those coming from virtualized environments, containers are often compared with virtual machines (VMs). You might already be familiar with VMs: a guest operating system such as Linux or Windows runs on top of a host operating system with virtualized access to the underlying hardware. Like virtual machines, containers allow you to package your application together with libraries and other dependencies, providing isolated environments for running your software services. As you’ll see below however, the similarities end here as containers offer a far more lightweight unit for developers and IT Ops teams to work with, carrying a myriad of benefits.

Why Containers?

Instead of virtualizing the hardware stack as with the virtual machines approach, containers virtualize at the operating system level, with multiple containers running atop the OS kernel directly. This means that containers are far more lightweight: they share the OS kernel, start much faster, and use a fraction of the memory compared to booting an entire OS.

There are many container formats available. Docker is a popular, open-source container format that is supported on Google Cloud Platform and by Google Kubernetes Engine.

Why Sandbox anyway?

Containers silo applications from each other unless you explicitly connect them. That means you don't have to worry about conflicting dependencies or resource contention — you set explicit resource limits for each service. Importantly, it's an additional layer of security since your applications aren't running directly on the host operating system.

Consistent Environment

Containers give developers the ability to create predictable environments that are isolated from other applications. Containers can also include software dependencies needed by the application, such as specific versions of programming language runtimes and other software libraries. From the developer’s perspective, all this is guaranteed to be consistent no matter where the application is ultimately deployed. All this translates to productivity: developers and IT Ops teams spend less time debugging and diagnosing differences in environments, and more time shipping new functionality for users. And it means fewer bugs since developers can now make assumptions in dev and test environments they can be sure will hold true in production.

Run Anywhere

Containers are able to run virtually anywhere, greatly easing development and deployment: on Linux, Windows, and Mac operating systems; on virtual machines or bare metal; on a developer’s machine or in data centers on-premises; and of course, in the public cloud. The widespread popularity of the Docker image format for containers further helps with portability. Wherever you want to run your software, you can use containers.

Isolation

Containers virtualize CPU, memory, storage, and network resources at the OS-level, providing developers with a sandboxed view of the OS logically isolated from other applications.

  Container Benefits Virtual Machine Benefits
Consistent Runtime Environment check check
Application Sandboxing check check
Small Size on Disk check  
Low Overhead check  
From Code to Applications

Containers allow you to package your application and its dependencies together into one succinct manifest that can be version controlled, allowing for easy replication of your application across developers on your team and machines in your cluster.

Just as how software libraries package bits of code together, allowing developers to abstract away logic like user authentication and session management, containers allow your application as a whole to be packaged, abstracting away the operating system, the machine, and even the code itself. Combined with a service-based architecture, the entire unit that developers are asked to reason about becomes much smaller, leading to greater agility and productivity. All this eases development, testing, deployment, and overall management of your applications.

Monolithic to Service Based Architecture

Containers work best for service based architectures. Opposed to monolithic architectures, where every pieces of the application is intertwined — from IO to data processing to rendering — service based architectures separate these into separate components. Separation and division of labor allows your services to continue running even if others are failing, keeping your application as a whole more reliable.

Componentization also allows you to develop faster and more reliably; smaller codebases are easier to maintain and since the services are separate, it's easy to test specific inputs for outputs.

Containers are perfect for service based applications since you can health check each container, limit each service to specific resources and start and stop them independently of each other.

And since containers abstract the code away, containers allow you to treat separate services as black boxes, further decreasing the space a developer needs to be concerned with. When developers work on services that depends on another, they can easily start up a container for that specific service without having to waste time setting up the correct environment and troubleshooting beforehand.

Kubernetes: Production-Grade Container Orchestration

We’ve had so much success with our internal cluster management system Borg that we’ve taken what we’ve learned and put it into the open source project Kubernetes. Now you and other companies can benefit from our decades of experience. Also known as “k8s,” Kubernetes provides automated container orchestration -- management of your machines and services for you -- improving your reliability and reducing the time and resources you need to spend on DevOps, not to mention relief from the stress attached to these tasks.

Kubernetes makes everything associated with deploying and managing your application easier. Kubernetes automates rollouts and rollbacks, monitoring the health of your services to prevent bad rollouts before things go bad. It also continuously runs health checks against your services, restarting containers that fail or have stalled, and only advertising services to clients when it has confirmed they’ve started up successfully. Additionally, Kubernetes will automatically scale your services up or down based off of utilization, ensuring you’re only running what you need, when you need it. Like containers, Kubernetes allows you to declaratively manage your cluster, allowing your setup to be version controlled and easily replicated.

Kubernetes Features
  • check Automated rollouts and roll backs
  • check Service health monitoring
  • check Automatic scaling of services
  • check Declarative management
  • check Deploy anywhere, including hybrid deployments

Perhaps most importantly, Kubernetes is built to be used anywhere, allowing you to orchestrate across on-site deployments to public clouds to hybrid deployments in between. This enables your infrastructure to reach your users where they’re at, your applications to have higher availability, and your company to balance your security and cost concerns, all tailored to your specific needs.

Your Cluster on Google

Of course, Kubernetes runs best on Google Cloud Platform. Google Kubernetes Engine is the premier managed Kubernetes solution that gets you quickly set up and production-ready.

Kubernetes Engine is fully managed by Google reliability engineers, the ones who know containers the best, ensuring your cluster is highly available and up-to-date. It integrates seamlessly with all GCP services, such as Stackdriver monitoring, diagnostics, and logging; Identity and Access Management; and Google’s best-in-class networking infrastructure.

Kubernetes Engine Features
  • check Managed open-source Kubernetes
  • check 99.5% SLA, and high availability with integrated multi-zone deployments
  • check Seamless integration of other GCP services
  • check Industry leading price per performance
  • check Flexible & interoperable with your on-premises clusters or other cloud providers
  • check Google-grade managed-infrastructure

But we love to give you options. Google Cloud Platform offers you a full spectrum for running your containers. From fully managed platform-as-a-service with Google App Engine Flexible Environment to cluster management with Kubernetes Engine to roll-it-yourself infrastructure on world-class price-to-performance Google Compute Engine, you can find your ideal solution for running containers on Google Cloud Platform.

The Complete Container Solution

It doesn’t stop there. Google Cloud Platform provides the tools you need to use containers from development to production. Container Builder and Container Registry provide Docker image storage and management, backed by both Google’s high security standards and world-class network. Google’s Container-Optimized OS provides a lightweight, highly secure operating system that comes with the Docker and Kubernetes runtimes pre-installed. All your container management can take place on GCP.

“ A decade’s worth of experience building container management systems has taught us much, and we have embedded many of those lessons into Kubernetes, Google’s most recent container management system. Its goals are to build on the capabilities of containers to provide significant gains in programmer productivity and ease of both manual and automated system management.”

Google, Inc