Sneha Inguva, profile picture
Uploaded bySneha Inguva
PDF, PPTX5,657 views

Containers: The What, Why, and How

The document details the concept of containers, explaining their lightweight nature, role in virtualization, and differences from virtual machines (VMs). It provides technical instructions on building containers using Go, including handling process isolation, namespace management, and filesystem operations. Additionally, it discusses the broader container ecosystem, including orchestration tools and service models.

Embed presentation

Download as PDF, PPTX
@snehainguva
digitalocean.com containers the what, why, and how
digitalocean.com about me software engineer @DigitalOcean delivery team kubernetes, prometheus, terraform
digitalocean.com
digitalocean.com the plan: ● Build your own container ● Containers vs. VMs ● Container ecosystem
digitalocean.com what is a container?
digitalocean.com what is a container? “a lightweight OS-level virtualization method” “stand-alone piece of executable software” “NOT a virtual machine”
digitalocean.com build your own container 1. run input commands with arguments 2. add hostname limitations 3. add process ID limitations 4. add mount point/filesystem limitations
digitalocean.com let’s start with a basic “container” func main() { switch os.Args[1] { case "run": run() default: panic("what?") } } func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(cmd.Run()) } func must(err error) { if err != nil { panic(err) } }
digitalocean.com let’s start with a basic “container”
digitalocean.com let’s start with a basic “container”
digitalocean.com how can we restrict hostname access?
digitalocean.com namespaces!!!
digitalocean.com func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS, } must(cmd.Run()) } UTS namespace
digitalocean.com what about PID access?
digitalocean.com UTS + PID namespace: attempt 1 func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID, } must(cmd.Run()) }
UTS + PID namespace: attempt 2 func run() { cmd := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID, } must(cmd.Run()) } func child() { fmt.Printf("running %v as pid %vn", os.Args[2:], os.Getpid()) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(cmd.Run()) }
UTS + PID namespace: attempt 2
UTS + PID + MNT namespace: attempt 1 func run() { md := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...) // link to currently running process cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS, } must(cmd.Run()) }
UTS + PID + MNT namespace: attempt 1 Initial mounts in MNT namespace inherited from creating namespace → filesystem same as host
next step: UTS + PID + MNT namespace + new root filesystem example func child() { fmt.Printf("running %v as pid%vn", os.Args[2:], os.Getpid()) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(syscall.Chroot("/home/rootfs")) must(os.Chdir("/")) must(syscall.Mount("proc", "proc", "proc", 0, "")) must(cmd.Run()) } TODO
digitalocean.com what is a container? process with isolation, shared resources, and layered filesystems
what is a container? namespace: linux kernel feature that isolates and virtualizes system resources for a collection of processes and their children ● PID: gives process own view of subset of system processes. ✔ ● MNT: gives process mount table and allows process to have own filesystem ✔ ● NET: gives process own network stack. (Container can have virtual ethernet pairs to link to host or other containers.) ● UTS: gives process own view of system hostname and domain name ✔ ● IPC: isolates inter-process communications (i.e. message queues) ● USER: newest namespace that maps process UIDs to different set of UIDs on host (can map containers root uid to unprivileged UID on host)
what is a container? cgroups: control groups collect set of process tasks IDS together and apply limits, such as for resource utilization ● Enforce fair/unfair resource sharing between processes ● Exposed by kernel as special file system to to mount ● Add a process or thread by adding process IDs to task file and read/configure values by editing subdirectory files
what is a container? layered filesystems: optimal way to make a copy of root filesystem for each container ● one of the reasons why it is easy to move containers around ● can “copy on write” (btrFS) ● can use “union mounts” (aufs, OverlayFS) - way of combining multiple directories
digitalocean.com Containers vs. VMs
digitalocean.com containers vs. VMS Source: http://electronicdesign.com/dev-tools/what-s-difference-between-containers-and-virtual-machines
digitalocean.com vms containers ● Hypervisors run software on physical servers to emulate a particular hardware system (aka a virtual machine) ● VM runs a fully copy of the operating system (OS) ● Hardware is also virtualized ● Can run multiple applications ● Run isolated process on a single server or host operating system (OS) ● Can migrate only to servers with compatiable OS kernels ● Best for a single application
digitalocean.com container ecosystem ● Container runtime ● Orchestration tools ● As-a-service
digitalocean.com Source: https://docs.docker.com/engine/understanding-docker/ https://coreos.com/rkt/docs/latest/rkt-vs-other-projects.html#rkt-vs-docker containers
digitalocean.com container orchestration Source: https://github.com/nkhare/container-orchestration/blob/master/kubernetes/README.md
digitalocean.com ___ as-a-service container service, managed clusters, etc. Source: https://coreos.com/tectonic/
sources ● Liz Rice: What is a Container, Really?, Liz Rice ● Building a Container in Less than a 100 Lines of Go, Julien Friedman ● My demo code
Containers: The What, Why, and How

More Related Content

PPTX
Containers and Docker
byDamian T. Gordon
 
PPTX
Docker introduction & benefits
byAmit Manwade
 
PPTX
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
bySimplilearn
 
PDF
Introduzione a Docker (Maggio 2017) [ITA]
byValerio Radice
 
PDF
Introduction to Docker storage, volume and image
byejlp12
 
PDF
Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...
byEdureka!
 
PDF
Dockerfile
byJeffrey Ellin
 
PPTX
Docker & Kubernetes intro
byArnon Rotem-Gal-Oz
 
Containers and Docker
byDamian T. Gordon
 
Docker introduction & benefits
byAmit Manwade
 
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
bySimplilearn
 
Introduzione a Docker (Maggio 2017) [ITA]
byValerio Radice
 
Introduction to Docker storage, volume and image
byejlp12
 
Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...
byEdureka!
 
Dockerfile
byJeffrey Ellin
 
Docker & Kubernetes intro
byArnon Rotem-Gal-Oz
 

What's hot

PDF
Intro to containerization
byBalint Pato
 
PPTX
Docker: From Zero to Hero
byfazalraja
 
PPT
Docker introduction
byPhuc Nguyen
 
PDF
Docker Introduction
byPeng Xiao
 
PDF
Introduction to Docker Compose
byAjeet Singh Raina
 
PPTX
What is Docker
byPavel Klimiankou
 
PDF
Introduction to docker
byInstruqt
 
PPTX
Docker 101 : Introduction to Docker and Containers
byYajushi Srivastava
 
PPTX
Dockers and containers basics
bySourabh Saxena
 
PPTX
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
bySimplilearn
 
PPTX
Introduction to Docker - 2017
byDocker, Inc.
 
PDF
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
byEdureka!
 
PDF
Introduction to container based virtualization with docker
byBangladesh Network Operators Group
 
PDF
Kubernetes Basics
byEueung Mulyana
 
PDF
How to write a Dockerfile
byKnoldus Inc.
 
PPT
Containers 101
byBlack Duck by Synopsys
 
PPTX
Gitlab CI/CD
byJEMLI Fathi
 
PDF
CICD with Jenkins
byVietnam Open Infrastructure User Group
 
PDF
Kubernetes 101
byWinton Winton
 
PDF
Introduction to docker
byJohn Willis
 
Intro to containerization
byBalint Pato
 
Docker: From Zero to Hero
byfazalraja
 
Docker introduction
byPhuc Nguyen
 
Docker Introduction
byPeng Xiao
 
Introduction to Docker Compose
byAjeet Singh Raina
 
What is Docker
byPavel Klimiankou
 
Introduction to docker
byInstruqt
 
Docker 101 : Introduction to Docker and Containers
byYajushi Srivastava
 
Dockers and containers basics
bySourabh Saxena
 
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
bySimplilearn
 
Introduction to Docker - 2017
byDocker, Inc.
 
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
byEdureka!
 
Introduction to container based virtualization with docker
byBangladesh Network Operators Group
 
Kubernetes Basics
byEueung Mulyana
 
How to write a Dockerfile
byKnoldus Inc.
 
Containers 101
byBlack Duck by Synopsys
 
Gitlab CI/CD
byJEMLI Fathi
 
CICD with Jenkins
byVietnam Open Infrastructure User Group
 
Kubernetes 101
byWinton Winton
 
Introduction to docker
byJohn Willis
 

Viewers also liked

PDF
Introduction to Docker
byAditya Konarde
 
PPTX
Docker introduction
bydotCloud
 
PDF
Docker Birthday #3 - Intro to Docker Slides
byDocker, Inc.
 
PDF
Docker 101: Introduction to Docker
byDocker, Inc.
 
PPTX
Why Docker
bydotCloud
 
PPTX
Docker 101 - Nov 2016
byDocker, Inc.
 
PDF
Prometheus Everything, Observing Kubernetes in the Cloud
bySneha Inguva
 
PDF
A Gentle Introduction To Docker And All Things Containers
byJérôme Petazzoni
 
PDF
Docker introduction
byJulien Maitrehenry
 
PPTX
Academy PRO: Docker. Part 4
byBinary Studio
 
PDF
Observability in a Dynamically Scheduled World
bySneha Inguva
 
PPTX
{code} and containers
by{code} by Dell EMC
 
PDF
Docker 101 - Intro to Docker
byAdrian Otto
 
PPTX
DockerCon 2017 - General Session Day 1 - Ben Golub
byDocker, Inc.
 
Introduction to Docker
byAditya Konarde
 
Docker introduction
bydotCloud
 
Docker Birthday #3 - Intro to Docker Slides
byDocker, Inc.
 
Docker 101: Introduction to Docker
byDocker, Inc.
 
Why Docker
bydotCloud
 
Docker 101 - Nov 2016
byDocker, Inc.
 
Prometheus Everything, Observing Kubernetes in the Cloud
bySneha Inguva
 
A Gentle Introduction To Docker And All Things Containers
byJérôme Petazzoni
 
Docker introduction
byJulien Maitrehenry
 
Academy PRO: Docker. Part 4
byBinary Studio
 
Observability in a Dynamically Scheduled World
bySneha Inguva
 
{code} and containers
by{code} by Dell EMC
 
Docker 101 - Intro to Docker
byAdrian Otto
 
DockerCon 2017 - General Session Day 1 - Ben Golub
byDocker, Inc.
 

Similar to Containers: The What, Why, and How

PPTX
Docker and kubernetes
byDongwon Kim
 
PDF
The internals and the latest trends of container runtimes
byAkihiro Suda
 
PDF
The ABC of Docker: The Absolute Best Compendium of Docker
byAniekan Akpaffiong
 
PPTX
07 Docker of emerging of emerging ETCS.pptx
byMaulikSidana
 
PDF
GDG Cloud Iasi - Docker For The Busy Developer.pdf
byathlonica
 
PPTX
Introduction to containers
byNitish Jadia
 
PDF
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
byDocker, Inc.
 
PDF
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
bydotCloud
 
PDF
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
byYandex
 
PDF
Docker Dojo
byHugo González Labrador
 
PDF
State of Linux Containers for HPC
byinside-BigData.com
 
PPTX
Container & kubernetes
byTed Jung
 
PDF
Docker Introduction + what is new in 0.9
byJérôme Petazzoni
 
PDF
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
byJérôme Petazzoni
 
PDF
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
PDF
Docker and-containers-for-development-and-deployment-scale12x
byrkr10
 
PDF
Docker and Containers for Development and Deployment — SCALE12X
byJérôme Petazzoni
 
PDF
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
bydotCloud
 
PDF
A Gentle Introduction to Docker and Containers
byDocker, Inc.
 
PDF
Docker handons-workshop-for-charity
byYusuf Hadiwinata Sutandar
 
Docker and kubernetes
byDongwon Kim
 
The internals and the latest trends of container runtimes
byAkihiro Suda
 
The ABC of Docker: The Absolute Best Compendium of Docker
byAniekan Akpaffiong
 
07 Docker of emerging of emerging ETCS.pptx
byMaulikSidana
 
GDG Cloud Iasi - Docker For The Busy Developer.pdf
byathlonica
 
Introduction to containers
byNitish Jadia
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
byDocker, Inc.
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
bydotCloud
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
byYandex
 
Docker Dojo
byHugo González Labrador
 
State of Linux Containers for HPC
byinside-BigData.com
 
Container & kubernetes
byTed Jung
 
Docker Introduction + what is new in 0.9
byJérôme Petazzoni
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
byJérôme Petazzoni
 
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
Docker and-containers-for-development-and-deployment-scale12x
byrkr10
 
Docker and Containers for Development and Deployment — SCALE12X
byJérôme Petazzoni
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
bydotCloud
 
A Gentle Introduction to Docker and Containers
byDocker, Inc.
 
Docker handons-workshop-for-charity
byYusuf Hadiwinata Sutandar
 

More from Sneha Inguva

PDF
Containers: What are they, Really?
bySneha Inguva
 
PDF
observability pre-release: using prometheus to test and fix new software
bySneha Inguva
 
PDF
Observability and Product Release
bySneha Inguva
 
PDF
Networking and Go: An Engineer's Journey (Strangeloop 2019)
bySneha Inguva
 
PDF
Networking and Go: An Epic Journey
bySneha Inguva
 
PDF
Handy Networking Tools and How to Use Them
bySneha Inguva
 
PDF
MicroCPH: Observability and Product Release
bySneha Inguva
 
PDF
[Power To Fly Webinar] Observability at a Cloud Provider
bySneha Inguva
 
Containers: What are they, Really?
bySneha Inguva
 
observability pre-release: using prometheus to test and fix new software
bySneha Inguva
 
Observability and Product Release
bySneha Inguva
 
Networking and Go: An Engineer's Journey (Strangeloop 2019)
bySneha Inguva
 
Networking and Go: An Epic Journey
bySneha Inguva
 
Handy Networking Tools and How to Use Them
bySneha Inguva
 
MicroCPH: Observability and Product Release
bySneha Inguva
 
[Power To Fly Webinar] Observability at a Cloud Provider
bySneha Inguva
 

Recently uploaded

PDF
Module-5_Deep Learning_22ISE74A_ISE_.pdf
byDr. Shivashankar
 
PPTX
SOFTWARE CONSTRUCTION AND CODING PRINCIPLES.pptx
byOnenBobocan
 
PDF
application of matrix in computer science
byankitberamath
 
PDF
Workshop practice theory course (Unit-1) By Varun Pratap Singh.pdf
byVarun Pratap Singh
 
PDF
Modularity In Lyra - A new studio's experiences building their prototype on U...
bypatrickcastillo41
 
PPTX
Introduction to IoT Unit DATA ANALYTICS AND SUPPORTING SERVICES- IV.pptx
bygirishgandhi4
 
PPTX
Modularity In Lyra - A new studio's experiences building their prototype on U...
byiamscottcstevens
 
PPTX
Introduction to Relational Algebra Advance Database Part three.pptx
bywilliamsmareh
 
PDF
Japanese Question Answering Datasets .
byNABLAS株式会社
 
PPTX
Planning and selection of equipment for different mining conditions. Equipmen...
bygugulothuakhil728
 
PDF
Fluid-Mechanics with question and answer.pdf
bysparunkumar1
 
PDF
ANPARA THERMAL POWER STATION[1] sangam.pdf
bysangamkumar993613
 
PPTX
TRAY DRYER by Gulshan Athbhaiya.pptx
byGulshan Athbhaiya
 
PDF
Programming in Java- on operators types and usage
byPrabhaDevi33
 
PDF
Highway Construction and Pavement design.pdf
byVinayVitekari
 
PDF
HYDRAULIC TURBINES with question and answer.pdf
bysparunkumar1
 
PPTX
thermal_design_project_work_internship(updated)-1.pptx
byshahveer210504
 
PPTX
OPERATION & MAINTENANCE OF TURBINE.pptx OPERATING PROCEDURE
byPradipChanda5
 
PPTX
hydrology and unit hydrograph presents.pptx
byp26335566
 
PPTX
Meghon se Sakshatkar Google Cloud Workshop.pptx
byvanshikaprakash05
 
Module-5_Deep Learning_22ISE74A_ISE_.pdf
byDr. Shivashankar
 
SOFTWARE CONSTRUCTION AND CODING PRINCIPLES.pptx
byOnenBobocan
 
application of matrix in computer science
byankitberamath
 
Workshop practice theory course (Unit-1) By Varun Pratap Singh.pdf
byVarun Pratap Singh
 
Modularity In Lyra - A new studio's experiences building their prototype on U...
bypatrickcastillo41
 
Introduction to IoT Unit DATA ANALYTICS AND SUPPORTING SERVICES- IV.pptx
bygirishgandhi4
 
Modularity In Lyra - A new studio's experiences building their prototype on U...
byiamscottcstevens
 
Introduction to Relational Algebra Advance Database Part three.pptx
bywilliamsmareh
 
Japanese Question Answering Datasets .
byNABLAS株式会社
 
Planning and selection of equipment for different mining conditions. Equipmen...
bygugulothuakhil728
 
Fluid-Mechanics with question and answer.pdf
bysparunkumar1
 
ANPARA THERMAL POWER STATION[1] sangam.pdf
bysangamkumar993613
 
TRAY DRYER by Gulshan Athbhaiya.pptx
byGulshan Athbhaiya
 
Programming in Java- on operators types and usage
byPrabhaDevi33
 
Highway Construction and Pavement design.pdf
byVinayVitekari
 
HYDRAULIC TURBINES with question and answer.pdf
bysparunkumar1
 
thermal_design_project_work_internship(updated)-1.pptx
byshahveer210504
 
OPERATION & MAINTENANCE OF TURBINE.pptx OPERATING PROCEDURE
byPradipChanda5
 
hydrology and unit hydrograph presents.pptx
byp26335566
 
Meghon se Sakshatkar Google Cloud Workshop.pptx
byvanshikaprakash05
 
In this document
Powered by AI

Overview of the presentation, plan outlines including building containers, comparison with VMs, and the container ecosystem.

Definition and explanation of containers, emphasizing their lightweight nature, differences from VMs, and the process to build a basic container.

Details on restricting hostname, PID access, and MNT namespace in containers, showcasing technical implementations with Go examples.

In-depth exploration of container features like namespaces, cgroups for resource limits, and layered filesystems critical to container technology.

Comparison between containers and VMs, highlighting architecture, operational differences, and container ecosystem components.

Overview of container orchestration tools and as-a-service models related to containers.

List of sources and further reading materials on containers.

Containers: The What, Why, and How

  • 1.
  • 2.
  • 3.
    digitalocean.com about me software engineer@DigitalOcean delivery team kubernetes, prometheus, terraform
  • 4.
  • 5.
    digitalocean.com the plan: ● Buildyour own container ● Containers vs. VMs ● Container ecosystem
  • 6.
  • 7.
    digitalocean.com what is acontainer? “a lightweight OS-level virtualization method” “stand-alone piece of executable software” “NOT a virtual machine”
  • 8.
    digitalocean.com build your owncontainer 1. run input commands with arguments 2. add hostname limitations 3. add process ID limitations 4. add mount point/filesystem limitations
  • 9.
    digitalocean.com let’s start witha basic “container” func main() { switch os.Args[1] { case "run": run() default: panic("what?") } } func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(cmd.Run()) } func must(err error) { if err != nil { panic(err) } }
  • 10.
    digitalocean.com let’s start witha basic “container”
  • 11.
    digitalocean.com let’s start witha basic “container”
  • 12.
    digitalocean.com how can werestrict hostname access?
  • 13.
  • 14.
    digitalocean.com func run() { fmt.Printf("running%vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS, } must(cmd.Run()) } UTS namespace
  • 15.
  • 16.
    digitalocean.com UTS + PIDnamespace: attempt 1 func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID, } must(cmd.Run()) }
  • 17.
    UTS + PIDnamespace: attempt 2 func run() { cmd := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID, } must(cmd.Run()) } func child() { fmt.Printf("running %v as pid %vn", os.Args[2:], os.Getpid()) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(cmd.Run()) }
  • 18.
    UTS + PIDnamespace: attempt 2
  • 19.
    UTS + PID+ MNT namespace: attempt 1 func run() { md := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...) // link to currently running process cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS, } must(cmd.Run()) }
  • 20.
    UTS + PID+ MNT namespace: attempt 1 Initial mounts in MNT namespace inherited from creating namespace → filesystem same as host
  • 21.
    next step: UTS+ PID + MNT namespace + new root filesystem example func child() { fmt.Printf("running %v as pid%vn", os.Args[2:], os.Getpid()) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(syscall.Chroot("/home/rootfs")) must(os.Chdir("/")) must(syscall.Mount("proc", "proc", "proc", 0, "")) must(cmd.Run()) } TODO
  • 22.
    digitalocean.com what is acontainer? process with isolation, shared resources, and layered filesystems
  • 23.
    what is acontainer? namespace: linux kernel feature that isolates and virtualizes system resources for a collection of processes and their children ● PID: gives process own view of subset of system processes. ✔ ● MNT: gives process mount table and allows process to have own filesystem ✔ ● NET: gives process own network stack. (Container can have virtual ethernet pairs to link to host or other containers.) ● UTS: gives process own view of system hostname and domain name ✔ ● IPC: isolates inter-process communications (i.e. message queues) ● USER: newest namespace that maps process UIDs to different set of UIDs on host (can map containers root uid to unprivileged UID on host)
  • 24.
    what is acontainer? cgroups: control groups collect set of process tasks IDS together and apply limits, such as for resource utilization ● Enforce fair/unfair resource sharing between processes ● Exposed by kernel as special file system to to mount ● Add a process or thread by adding process IDs to task file and read/configure values by editing subdirectory files
  • 25.
    what is acontainer? layered filesystems: optimal way to make a copy of root filesystem for each container ● one of the reasons why it is easy to move containers around ● can “copy on write” (btrFS) ● can use “union mounts” (aufs, OverlayFS) - way of combining multiple directories
  • 26.
  • 27.
    digitalocean.com containers vs. VMS Source:http://electronicdesign.com/dev-tools/what-s-difference-between-containers-and-virtual-machines
  • 28.
    digitalocean.com vms containers ● Hypervisorsrun software on physical servers to emulate a particular hardware system (aka a virtual machine) ● VM runs a fully copy of the operating system (OS) ● Hardware is also virtualized ● Can run multiple applications ● Run isolated process on a single server or host operating system (OS) ● Can migrate only to servers with compatiable OS kernels ● Best for a single application
  • 29.
    digitalocean.com container ecosystem ● Containerruntime ● Orchestration tools ● As-a-service
  • 30.
  • 31.
  • 32.
    digitalocean.com ___ as-a-service container service,managed clusters, etc. Source: https://coreos.com/tectonic/
  • 33.
    sources ● Liz Rice:What is a Container, Really?, Liz Rice ● Building a Container in Less than a 100 Lines of Go, Julien Friedman ● My demo code