COEP FOSSMeet’18 is the first edition of College of Engineering, Pune’s own Free and Open Source Software event. This meet has a vision to promote the culture of openness,innovation, and freedom. The meet intends to bring togetherFOSS developers, academicians, researchers, students and all those who love the FOSS movement. The meet intends to participate in the FOSS development and adoption process through hands-on sessions, discussions and lectures.
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Build, Ship, and Run Any App, Anywhere using Docker
1. Build, Ship, and Run Any App, Anywhere
COEP FOSSMeet'18
Rahulkrishnan R A
2. About Me
» Consultant @ Capgemini
» Debian Contributor
» Gopher
» Organizer of kubernetes Meetup, Chennai
Docker 101
LinkedIn linkedin.com/in/rahulkrishnanra/
Github https://github.com/rahulkrishnanfs
Twitter https://twitter.com/rahulkrishnanra
3. 3What is namespace?
» Feature of the Linux kernel that partitions kernel resources
» Limits what you can see
» Namespaces are the fundamental aspect of containers on Linux
4. 4
Types of namespace
o pid (processes)
o net (network stack)
o mnt (mount points, filesystems)
o uts (hostname)
o ipc (System V IPC)
o user (UIDs)
o cgroups
5. 5
What are they ?
root@ip-172-31-43-99:/# ls -la /proc/4015/ns/
total 0
lrwxrwxrwx 1 cgroup -> cgroup:[4026531835]
lrwxrwxrwx 1 ipc -> ipc:[4026531839]
lrwxrwxrwx 1 mnt -> mnt:[4026531840]
lrwxrwxrwx 1 net -> net:[4026531993]
lrwxrwxrwx 1 pid -> pid:[4026531836]
lrwxrwxrwx 1 user -> user:[4026531837]
lrwxrwxrwx 1 uts -> uts:[4026531838]
6. 6
PID namespace
» Processes within a PID namespace only see processes in the same PID
namespace
» Each PID has its own numbering
» Namespace will be killed if PID one goes away
» Behavior like the “init” process
» PID namespace can be nested, up to 32 nesting levels
8. Network Namespace
» Logical copy of the network stack
It has its own:
routes
firewall rules
network devices
IP address
» It helps to separate application/process networking
» You can move network interface across netns
» Newly created network namespace includes only the loopback device
9. Child net namespace
Child net namespace
Global net namespace
InterfaceInterface
routing
NetworkInterface
10. Mount namespace
» Processes can have their own rootfs
» Mounts can be totally private or shared
» In the new mount namespace, all previous mounts will be visible
» Mounts/unmounts in the global namespace are visible in that
namespace
11. UTS namespace
» Appears to have different host and domain names to different
processes.
» UTS namespace provides a way to get information about the system
with commands like uname or hostname
» Simple one to implement
17. Interest on Docker – Google trends
https://trends.google.co.in/trends/explore?date=today%205-y&q=docker
18. Docker Engine
Docker Engine is a client-server application with these major components:
» A REST API which specifies interfaces that programs can use to talk to the daemon and instruct
it what to do
» A command line interface (CLI) client ( the docker command)
» A server which is a type of long-running program called a daemon process (the dockerd
command)
21. Docker Images vs Containers
Images
» Lightweight, stand-alone, executable package
» Includes everything needed to run a piece of software, including the
code, a runtime, libraries, environment variables, and config files.
Container
» Runtime instance of an image—what the image becomes in memory
when actually executed.