Linux Container Internals

Transcript

1. Linux Container Internals Was makes them possible? How they really

   work

2. - SRE, DevOps @TCI - Linux Fanboy - I talk

   about the Linux Kernel and Containers - I love to eat chicken and chips with late night walks - Generally funny and weird Meet Great (@0xgreat) Umegbewe Great Nwebedu

3. CONTAINERS DON’T RUN ON DOCKER! Docker is one of several

   container engines that interact with container runtimes which in turn asks the kernel to set up containers Others include Crio-O, Podman.

4. Outline ➢ Containers ➢ Build blocks (Cgroups, Namespaces, Copy on

   Write) ➢ Container Runtimes (Docker, Runc, Systemd-nspwan) ➢ Little demo

5. What are containers?

6. Containers is a form of operating system virtualization and isolation

   that allows you package your application code together with its dependencies. Which makes it easy to run between environments (Dev, test, Prod etc.). Containers are run as processes on the Operating System. Containers

7. Control Groups (Cgroups) Subsystems BLKIO CPU Memory CPU_SET Devices PID

   NET_PRIO Freezer

8. Namespaces NET USER MNT UTS IPC PID Cgroups

9. Clone()

10. Copy-On-Write AUFS DeviceMapper BTRFS VFS

11. Other Stuffs Capabilities SELinux

12. Container Runtimes LXC Docker Engine Containerd Open VZ Open VZ

13. Demo

14. THANKS