$30 off During Our Annual Pro Sale. View Details »

Linux Container Internals

Linux Container Internals

Deep dive into Linux Kernel features leveraged my container runtimes to setup containers.

Umegbewe

July 08, 2022
Tweet

More Decks by Umegbewe

Other Decks in Technology

Transcript

  1. Linux Container
    Internals
    Was makes them possible?
    How they really work

    View Slide

  2. - SRE, DevOps @TCI
    - Linux Fanboy
    - I talk about the Linux Kernel and Containers
    - I love to eat chicken and chips with late night
    walks
    - Generally funny and weird
    Meet Great (@0xgreat)
    Umegbewe Great Nwebedu

    View Slide

  3. CONTAINERS DON’T RUN ON
    DOCKER!
    Docker is one of several container engines that interact with container runtimes
    which in turn asks the kernel to set up containers
    Others include Crio-O, Podman.

    View Slide

  4. Outline
    ➢ Containers
    ➢ Build blocks (Cgroups, Namespaces, Copy on Write)
    ➢ Container Runtimes (Docker, Runc, Systemd-nspwan)
    ➢ Little demo

    View Slide

  5. What are containers?

    View Slide

  6. Containers is a form of operating system virtualization and
    isolation that allows you package your application code together
    with its dependencies. Which makes it easy to run between
    environments (Dev, test, Prod etc.). Containers are run as
    processes on the Operating System.
    Containers

    View Slide

  7. Control Groups (Cgroups) Subsystems
    BLKIO
    CPU
    Memory
    CPU_SET
    Devices
    PID
    NET_PRIO
    Freezer

    View Slide

  8. Namespaces
    NET
    USER
    MNT
    UTS
    IPC
    PID
    Cgroups

    View Slide

  9. Clone()

    View Slide

  10. Copy-On-Write
    AUFS
    DeviceMapper
    BTRFS
    VFS

    View Slide

  11. Other Stuffs
    Capabilities
    SELinux

    View Slide

  12. Container Runtimes
    LXC
    Docker Engine
    Containerd
    Open VZ
    Open VZ

    View Slide

  13. Demo

    View Slide

  14. THANKS

    View Slide