SlideShare a Scribd company logo
1 of 53
Download to read offline
Revolutionizing the Cloud 
with Container Virtualization 
Imesh Gunaratne 
Technical Lead, WSO2 
Committer & PMC Member, Apache Stratos
About the Presenter 
Imesh Gunaratne 
Technical Lead, WSO2 
Committer & PMC Member, Apache Stratos 
Email: imesh@wso2.com 
Blog: http://imesh.gunaratne.org/blog 
1
Agenda 
2
3
Agenda 
● Virtualization 
● Linux Containers 
● LXC 
● Docker 
● CoreOS 
● Kubernetes
Virtualization
Virtualization 
In computing, virtualization refers to the act of 
creating a virtual version of resources, 
including but not limited to a virtual computer 
hardware platform, operating system (OS), 
storage device, or computer network 
resources. 
http://en.wikipedia.org/wiki/Virtualization
Hypervisor 
A hypervisor or virtual machine monitor (VMM) 
is a piece of computer software, firmware or 
hardware that creates and runs virtual 
machines. 
http://en.wikipedia.org/wiki/Hypervisor
Linux Containers
Linux Containers 
An operating system–level virtualization 
method for running multiple isolated Linux 
systems (containers) on a single control host. 
http://en.wikipedia.org/wiki/LXC
Linux Containers 
Linux Container Brief for IEEE WG P2302, Boden Russell
Linux Kernel Features used by 
Linux Containers 
● Namespaces 
● cgroups 
● AppArmor 
● SELinux 
● seccomp 
● chroot
Namespaces 
Wraps global system resources in an 
abstraction that makes it appear to the 
processes that they have their own isolated 
instance of the global resource. 
Included in Linux Kernel 2.4.19 
http://lwn.net/Articles/531114/
Namespaces 
Currently, Linux implements six different types 
of namespaces: 
1. mnt (mount points, filesystems) 
2. pid (processes) 
3. net (network stack) 
4. ipc (inter-process communication) 
5. uts (hostname) 
6. user (user ids) 
http://www.cs.ucsb.edu/~rich/class/cs290-cloud/papers/lxc-namespace.pdf
cgroups (Control Groups) 
A Linux kernel feature to limit, account, and 
isolate resource usage (CPU, memory, disk I/O, 
etc.) of process groups. 
Started by engineers at Google in 2007 and 
merged into the Linux Kernel 2.6.24 
http://en.wikipedia.org/wiki/Cgroups
cgroups Features 
● Access: which devices can be used per 
cgroup 
● Resource limiting: memory, CPU, device 
accessibility, block I/O, etc 
● Prioritization: who gets more of the CPU, 
memory, etc 
● Accounting: resource usage per cgroup 
● Control: freezing & checkpointing 
http://en.wikipedia.org/wiki/Cgroups
AppArmor 
AppArmor is a Linux security module 
implemented using the Linux Security Modules 
(LSM) kernel interface. 
It allows the system administrator to associate 
with each program a security profile that 
restricts the capabilities of that program. 
http://en.wikipedia.org/wiki/AppArmor
SELinux (Security Enhanced Linux) 
SELinux is a Linux kernel security module that 
provides a mechanism for supporting access 
control on security policies for programs. 
Originally developed by the United States 
National Security Agency (NSA). 
Included in Linux kernel 2.6.0-test3, released 
on 8 August 2003 
http://en.wikipedia.org/wiki/Security-Enhanced_Linux
SELinux - How it works 
● Compiled into the Linux kernel 
● Package security policies in the distribution 
● Policies in most distributions are applied 
only to system processes, not user 
processes 
● Checks database of rules on syscalls 
● Policies allows/denies what a daemon can 
access and how 
● Prevents daemons compromise affecting 
other files/users/etc (namespaces) 
SELinux for Everyday Users, PaulWay
AppArmor SELinux 
Pathname based system Attaches labels to all files, 
processes 
Auditable policies Complex policy language 
Integrated GUI/Console 
Lack of integrated tools, 
toolset 
hard to manage rules 
Proficiency with 1-2 days 
training 
Substantial training 
investment 
Usability is primary goal Hard to maintain 
https://www.suse.com/support/security/apparmor/features/selinux_comparison.html
seccomp (Secure Computing Mode) 
● seccomp is a secure-computing facility that 
provides an application sandboxing 
mechanism in the Linux kernel. 
● Provides computing virtualization 
● It allows a process to make a one-way 
transition into a "secure" state where it 
cannot make any system calls except exit(), 
sigreturn(), read() and write(). 
http://en.wikipedia.org/wiki/Seccomp
seccomp (Secure Computing Mode) 
It was merged into the Linux kernel mainline in 
version 2.6.12, released on March 8, 2005. 
http://en.wikipedia.org/wiki/Seccomp
chroot 
http://www.lorien.ch/server/chroot.html
chroot 
A chroot on Unix operating systems is an 
operation that changes the root directory for 
the current running process and its children. 
A program that is run in such a modified 
environment cannot name (and therefore 
normally not access) files outside the 
designated directory tree. 
Provides file system virtualization 
http://en.wikipedia.org/wiki/Chroot
chroot 
The modified environment is called a "chroot 
jail" 
Introduced in version 7 Unix in 1979, and added 
to BSD by Bill Joy on 18 March 1982 
http://en.wikipedia.org/wiki/Chroot
LXC 
A Hypervisor for Linux Containers
LXC Engine: A Hypervisor for 
Containers 
Linux Container Brief for IEEE WG P2302, Boden Russell
LXC (LinuX Containers) 
LXC is an operating system–level virtualization 
method for running multiple isolated Linux 
systems (containers) on a single control host. 
● From the inside it looks like a VM 
● From the outside it looks like a normal 
process 
● Provides lightweight virtualization
Kernel Features used by LXC 
● Kernel namespaces (ipc, uts, mount, pid, 
network and user) 
● Control groups (cgroups) 
● Apparmor and SELinux profiles 
● Seccomp policies 
● Chroots (using pivot_root) 
● Kernel capabilities
Revolutionizing the cloud with container virtualization
Docker 
Docker is an open platform for developers and 
sysadmins to build, ship, and run distributed 
applications. 
● Initially developed by dotCloud 
● Original version written in Python, now 
written in Go 
● A very young project (started March, 2013), 
but with a huge community
Docker Architecture 
Enterprise Docker, Adrien BLIND, Aurelien GABET, Arnaud MAZIN
Problem: Shipping Software 
Introduction to Docker, Jérôme Petazzoni
Solution: Linux Container 
Introduction to Docker, Jérôme Petazzoni
Solved 
Introduction to Docker, Jérôme Petazzoni
Virtual Machines Vs Docker
Docker - Hello World 
# Get one base Docker image 
>docker pull ubuntu 
# List Docker images available 
>docker images 
# Run hello world 
>docker run ubuntu:14.04 echo "hello world" 
Docker Paris Meetup, Victor Vieux, dotCloud Inc
Detached mode 
# Run hello world in detached mode (-d) 
>docker run -d ubuntu sh -c "while true; do echo 
hello world; sleep 1; done" 
# Get container’s ID 
>docker ps 
# Attach to the container 
>docker attach <container-id> 
# Stop/start/restart the container 
>docker stop <container-id> 
Docker Paris Meetup, Victor Vieux, dotCloud Inc
Revolutionizing the cloud with container virtualization
CoreOS 
CoreOS is a new Linux distribution that has 
been re-architected to provide features needed 
to run modern infrastructure stacks.
CoreOS Architecture
CoreOS Architecture 
Fleet ties together systemd and etcd into a distributed init 
system
Revolutionizing the cloud with container virtualization
Kubernetes 
Kubernetes is an open source implementation 
of container cluster management.
Kubernetes High Level 
Architecture
Kubernetes High Level 
Architecture
Kubernetes Component 
Architecture
Kubernetes Terminology 
● Pod - A group of Containers 
● Labels - Labels for identifying pods 
● Kubelet - Container Agent 
● Proxy Service - A load balancer for Pods 
● etcd - A metadata service 
● cAdvisor - Container Advisor provides resource 
usage/performance statistics 
● Replication Controller - Manages replication of 
pods 
● Scheduler - Schedules pods in worker nodes 
● API server - Kubernetes API server
Importance of containers for the 
cloud 
● Ability to run multiple OS-level isolated 
environments within a single host 
● Less startup time 
● Less resource consumption 
● Ultimately less expensive
References 
● http://en.wikipedia.org/wiki/Virtualization 
● http://en.wikipedia.org/wiki/Hypervisor 
● http://en.wikipedia.org/wiki/LXC 
● http://www.cs.ucsb.edu/~rich/class/cs290- 
cloud/papers/lxc-namespace.pdf 
● http://en.wikipedia.org/wiki/Cgroups 
● http://en.wikipedia.org/wiki/AppArmor 
● http://en.wikipedia.org/wiki/Security- 
Enhanced_Linux 
● http://www.lorien.ch/server/chroot.html
References 
● SELinux for Everyday Users, PaulWay 
● http://en.wikipedia.org/wiki/Seccomp 
● http://en.wikipedia.org/wiki/Chroot 
● Linux Container Brief for IEEE WG P2302, 
Boden Russell 
● http://kubernetes.io/ 
● https://coreos.com
3 6
Contact us !

More Related Content

What's hot

An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 
Containers: The What, Why, and How
Containers: The What, Why, and HowContainers: The What, Why, and How
Containers: The What, Why, and HowSneha Inguva
 
Container Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingContainer Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingPhil Estes
 
CLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grepCLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grepAll Things Open
 
Performance comparison between Linux Containers and Virtual Machines
Performance comparison between Linux Containers and Virtual MachinesPerformance comparison between Linux Containers and Virtual Machines
Performance comparison between Linux Containers and Virtual MachinesSoheila Dehghanzadeh
 
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Zach Hill
 
Docker Security and Content Trust
Docker Security and Content TrustDocker Security and Content Trust
Docker Security and Content Trustehazlett
 
Leverage LXC/LXD with Kubernetes
Leverage LXC/LXD with KubernetesLeverage LXC/LXD with Kubernetes
Leverage LXC/LXD with KubernetesLin Sun
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesHelder Klemp
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with SysdigSreenivas Makam
 
Docker introduction
Docker introductionDocker introduction
Docker introductionLayne Peng
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeDocker, Inc.
 
Docker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerDocker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerRonak Kogta
 
Container Performance Analysis
Container Performance AnalysisContainer Performance Analysis
Container Performance AnalysisBrendan Gregg
 
Swarm docker bangalore_meetup
Swarm docker bangalore_meetupSwarm docker bangalore_meetup
Swarm docker bangalore_meetupArunan Rabindran
 

What's hot (20)

An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Containers: The What, Why, and How
Containers: The What, Why, and HowContainers: The What, Why, and How
Containers: The What, Why, and How
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
Container Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're GoingContainer Security: How We Got Here and Where We're Going
Container Security: How We Got Here and Where We're Going
 
CLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grepCLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grep
 
Performance comparison between Linux Containers and Virtual Machines
Performance comparison between Linux Containers and Virtual MachinesPerformance comparison between Linux Containers and Virtual Machines
Performance comparison between Linux Containers and Virtual Machines
 
Docker practical solutions
Docker practical solutionsDocker practical solutions
Docker practical solutions
 
Project Atomic-Nulecule
Project Atomic-NuleculeProject Atomic-Nulecule
Project Atomic-Nulecule
 
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
 
Docker Security and Content Trust
Docker Security and Content TrustDocker Security and Content Trust
Docker Security and Content Trust
 
Leverage LXC/LXD with Kubernetes
Leverage LXC/LXD with KubernetesLeverage LXC/LXD with Kubernetes
Leverage LXC/LXD with Kubernetes
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
An introduction to k8 s.pptx
An introduction to k8 s.pptxAn introduction to k8 s.pptx
An introduction to k8 s.pptx
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to Practice
 
Docker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerDocker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your container
 
Container Performance Analysis
Container Performance AnalysisContainer Performance Analysis
Container Performance Analysis
 
Swarm docker bangalore_meetup
Swarm docker bangalore_meetupSwarm docker bangalore_meetup
Swarm docker bangalore_meetup
 

Similar to Revolutionizing the cloud with container virtualization

Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization WSO2
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationImesh Gunaratne
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019kanedafromparis
 
Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Mustafa AKIN
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Patrick Chanezon
 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container PlatformAll Things Open
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_kanedafromparis
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Phil Estes
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and dockerFabio Fumarola
 
Linux container & docker
Linux container & dockerLinux container & docker
Linux container & dockerejlp12
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryImesh Gunaratne
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformAll Things Open
 
Academy PRO: Docker. Lecture 1
Academy PRO: Docker. Lecture 1Academy PRO: Docker. Lecture 1
Academy PRO: Docker. Lecture 1Binary Studio
 
Containers and workload security an overview
Containers and workload security an overview Containers and workload security an overview
Containers and workload security an overview Krishna-Kumar
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesRohman Muhamad
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Henryk Konsek
 

Similar to Revolutionizing the cloud with container virtualization (20)

Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
 
Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container Platform
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
 
Linux container & docker
Linux container & dockerLinux container & docker
Linux container & docker
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
 
Academy PRO: Docker. Lecture 1
Academy PRO: Docker. Lecture 1Academy PRO: Docker. Lecture 1
Academy PRO: Docker. Lecture 1
 
Containers and workload security an overview
Containers and workload security an overview Containers and workload security an overview
Containers and workload security an overview
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
 

More from WSO2

Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
 A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
 Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 
API Revisions - WSO2 API Manager Community Call (10/27/2021)
API Revisions - WSO2 API Manager Community Call (10/27/2021)API Revisions - WSO2 API Manager Community Call (10/27/2021)
API Revisions - WSO2 API Manager Community Call (10/27/2021)WSO2
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...WSO2
 
[ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It!
[ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It![ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It!
[ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It!WSO2
 
[EIC 2021] Securing the Digital Double - The Path to a Trusted Digital Ecosystem
[EIC 2021] Securing the Digital Double - The Path to a Trusted Digital Ecosystem[EIC 2021] Securing the Digital Double - The Path to a Trusted Digital Ecosystem
[EIC 2021] Securing the Digital Double - The Path to a Trusted Digital EcosystemWSO2
 
[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAM[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAMWSO2
 

More from WSO2 (20)

Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
 A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
 Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 
API Revisions - WSO2 API Manager Community Call (10/27/2021)
API Revisions - WSO2 API Manager Community Call (10/27/2021)API Revisions - WSO2 API Manager Community Call (10/27/2021)
API Revisions - WSO2 API Manager Community Call (10/27/2021)
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
 
[ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It!
[ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It![ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It!
[ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It!
 
[EIC 2021] Securing the Digital Double - The Path to a Trusted Digital Ecosystem
[EIC 2021] Securing the Digital Double - The Path to a Trusted Digital Ecosystem[EIC 2021] Securing the Digital Double - The Path to a Trusted Digital Ecosystem
[EIC 2021] Securing the Digital Double - The Path to a Trusted Digital Ecosystem
 
[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAM[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAM
 

Recently uploaded

How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIVijayananda Mohire
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Alkin Tezuysal
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechProduct School
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and businessFrancesco Corti
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfTejal81
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024Brian Pichman
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdfThe Good Food Institute
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applicationsnooralam814309
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveIES VE
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptxHansamali Gamage
 

Recently uploaded (20)

How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAI
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and business
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx
 

Revolutionizing the cloud with container virtualization

  • 1. Revolutionizing the Cloud with Container Virtualization Imesh Gunaratne Technical Lead, WSO2 Committer & PMC Member, Apache Stratos
  • 2. About the Presenter Imesh Gunaratne Technical Lead, WSO2 Committer & PMC Member, Apache Stratos Email: imesh@wso2.com Blog: http://imesh.gunaratne.org/blog 1
  • 4. 3
  • 5. Agenda ● Virtualization ● Linux Containers ● LXC ● Docker ● CoreOS ● Kubernetes
  • 7. Virtualization In computing, virtualization refers to the act of creating a virtual version of resources, including but not limited to a virtual computer hardware platform, operating system (OS), storage device, or computer network resources. http://en.wikipedia.org/wiki/Virtualization
  • 8. Hypervisor A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or hardware that creates and runs virtual machines. http://en.wikipedia.org/wiki/Hypervisor
  • 10. Linux Containers An operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host. http://en.wikipedia.org/wiki/LXC
  • 11. Linux Containers Linux Container Brief for IEEE WG P2302, Boden Russell
  • 12. Linux Kernel Features used by Linux Containers ● Namespaces ● cgroups ● AppArmor ● SELinux ● seccomp ● chroot
  • 13. Namespaces Wraps global system resources in an abstraction that makes it appear to the processes that they have their own isolated instance of the global resource. Included in Linux Kernel 2.4.19 http://lwn.net/Articles/531114/
  • 14. Namespaces Currently, Linux implements six different types of namespaces: 1. mnt (mount points, filesystems) 2. pid (processes) 3. net (network stack) 4. ipc (inter-process communication) 5. uts (hostname) 6. user (user ids) http://www.cs.ucsb.edu/~rich/class/cs290-cloud/papers/lxc-namespace.pdf
  • 15. cgroups (Control Groups) A Linux kernel feature to limit, account, and isolate resource usage (CPU, memory, disk I/O, etc.) of process groups. Started by engineers at Google in 2007 and merged into the Linux Kernel 2.6.24 http://en.wikipedia.org/wiki/Cgroups
  • 16. cgroups Features ● Access: which devices can be used per cgroup ● Resource limiting: memory, CPU, device accessibility, block I/O, etc ● Prioritization: who gets more of the CPU, memory, etc ● Accounting: resource usage per cgroup ● Control: freezing & checkpointing http://en.wikipedia.org/wiki/Cgroups
  • 17. AppArmor AppArmor is a Linux security module implemented using the Linux Security Modules (LSM) kernel interface. It allows the system administrator to associate with each program a security profile that restricts the capabilities of that program. http://en.wikipedia.org/wiki/AppArmor
  • 18. SELinux (Security Enhanced Linux) SELinux is a Linux kernel security module that provides a mechanism for supporting access control on security policies for programs. Originally developed by the United States National Security Agency (NSA). Included in Linux kernel 2.6.0-test3, released on 8 August 2003 http://en.wikipedia.org/wiki/Security-Enhanced_Linux
  • 19. SELinux - How it works ● Compiled into the Linux kernel ● Package security policies in the distribution ● Policies in most distributions are applied only to system processes, not user processes ● Checks database of rules on syscalls ● Policies allows/denies what a daemon can access and how ● Prevents daemons compromise affecting other files/users/etc (namespaces) SELinux for Everyday Users, PaulWay
  • 20. AppArmor SELinux Pathname based system Attaches labels to all files, processes Auditable policies Complex policy language Integrated GUI/Console Lack of integrated tools, toolset hard to manage rules Proficiency with 1-2 days training Substantial training investment Usability is primary goal Hard to maintain https://www.suse.com/support/security/apparmor/features/selinux_comparison.html
  • 21. seccomp (Secure Computing Mode) ● seccomp is a secure-computing facility that provides an application sandboxing mechanism in the Linux kernel. ● Provides computing virtualization ● It allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write(). http://en.wikipedia.org/wiki/Seccomp
  • 22. seccomp (Secure Computing Mode) It was merged into the Linux kernel mainline in version 2.6.12, released on March 8, 2005. http://en.wikipedia.org/wiki/Seccomp
  • 24. chroot A chroot on Unix operating systems is an operation that changes the root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally not access) files outside the designated directory tree. Provides file system virtualization http://en.wikipedia.org/wiki/Chroot
  • 25. chroot The modified environment is called a "chroot jail" Introduced in version 7 Unix in 1979, and added to BSD by Bill Joy on 18 March 1982 http://en.wikipedia.org/wiki/Chroot
  • 26. LXC A Hypervisor for Linux Containers
  • 27. LXC Engine: A Hypervisor for Containers Linux Container Brief for IEEE WG P2302, Boden Russell
  • 28. LXC (LinuX Containers) LXC is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host. ● From the inside it looks like a VM ● From the outside it looks like a normal process ● Provides lightweight virtualization
  • 29. Kernel Features used by LXC ● Kernel namespaces (ipc, uts, mount, pid, network and user) ● Control groups (cgroups) ● Apparmor and SELinux profiles ● Seccomp policies ● Chroots (using pivot_root) ● Kernel capabilities
  • 31. Docker Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. ● Initially developed by dotCloud ● Original version written in Python, now written in Go ● A very young project (started March, 2013), but with a huge community
  • 32. Docker Architecture Enterprise Docker, Adrien BLIND, Aurelien GABET, Arnaud MAZIN
  • 33. Problem: Shipping Software Introduction to Docker, Jérôme Petazzoni
  • 34. Solution: Linux Container Introduction to Docker, Jérôme Petazzoni
  • 35. Solved Introduction to Docker, Jérôme Petazzoni
  • 37. Docker - Hello World # Get one base Docker image >docker pull ubuntu # List Docker images available >docker images # Run hello world >docker run ubuntu:14.04 echo "hello world" Docker Paris Meetup, Victor Vieux, dotCloud Inc
  • 38. Detached mode # Run hello world in detached mode (-d) >docker run -d ubuntu sh -c "while true; do echo hello world; sleep 1; done" # Get container’s ID >docker ps # Attach to the container >docker attach <container-id> # Stop/start/restart the container >docker stop <container-id> Docker Paris Meetup, Victor Vieux, dotCloud Inc
  • 40. CoreOS CoreOS is a new Linux distribution that has been re-architected to provide features needed to run modern infrastructure stacks.
  • 42. CoreOS Architecture Fleet ties together systemd and etcd into a distributed init system
  • 44. Kubernetes Kubernetes is an open source implementation of container cluster management.
  • 45. Kubernetes High Level Architecture
  • 46. Kubernetes High Level Architecture
  • 48. Kubernetes Terminology ● Pod - A group of Containers ● Labels - Labels for identifying pods ● Kubelet - Container Agent ● Proxy Service - A load balancer for Pods ● etcd - A metadata service ● cAdvisor - Container Advisor provides resource usage/performance statistics ● Replication Controller - Manages replication of pods ● Scheduler - Schedules pods in worker nodes ● API server - Kubernetes API server
  • 49. Importance of containers for the cloud ● Ability to run multiple OS-level isolated environments within a single host ● Less startup time ● Less resource consumption ● Ultimately less expensive
  • 50. References ● http://en.wikipedia.org/wiki/Virtualization ● http://en.wikipedia.org/wiki/Hypervisor ● http://en.wikipedia.org/wiki/LXC ● http://www.cs.ucsb.edu/~rich/class/cs290- cloud/papers/lxc-namespace.pdf ● http://en.wikipedia.org/wiki/Cgroups ● http://en.wikipedia.org/wiki/AppArmor ● http://en.wikipedia.org/wiki/Security- Enhanced_Linux ● http://www.lorien.ch/server/chroot.html
  • 51. References ● SELinux for Everyday Users, PaulWay ● http://en.wikipedia.org/wiki/Seccomp ● http://en.wikipedia.org/wiki/Chroot ● Linux Container Brief for IEEE WG P2302, Boden Russell ● http://kubernetes.io/ ● https://coreos.com
  • 52. 3 6