Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Containers: Under The Hood (Vincent Batts)


Published on

Despite the popularity and hype of containers, there is no need to regard containers as a block box. It is important to have an awareness of what's going on under the hood to help optimize your container requirements. In this session, we'll discuss: - Namespacing in the kernel - Copy-on-write storage choices - Portable container formats - Available container alternatives - Validation, trust, and content addressability with image verification See examples and options for your use-cases.

Published in: Software
  • check out the cool video of me training my dog on this page. ◆◆◆
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Containers: Under The Hood (Vincent Batts)

  1. 1. CONTAINERS: UNDER THE HOOD Vincent Batts @vbatts
  2. 2. $> finger $(whoami) Login: vbatts Name: Vincent Batts Directory: /home/vbatts Shell: /bin/bash Such mail. Plan: OHMAN $> id -Gn devel opencontainers docker appc redhat golang slackware
  3. 3. HAN D S- O N: capabilities Syscalls Copy-On-Write (CoW) Archives Namespaces p.s. Don't forget to fill out the surveys!
  4. 4. SO, WHY, CO NTAINERS? Single Application Full System But Not a VM Except Maybe a VM Pods of applications Labels of services Non-root Desktop Applications OMG AND CATS
  5. 5. But Wait, What does "container" mean to you?
  6. 6. CAPAB ILITIES (only on some versions of util-linux) capabilities(7) setpriv(1) capsh(1) proc(5) DEMO
  7. 7. GOOD IDEA: BAD IDEA: whistling while you work whistling while you eat
  8. 8. DEMO SYS CALLS seccomp(2) proc(5)
  9. 9. GOOD IDEA: BAD IDEA: feeding a stray kitten in the park feeding a stray kitten in the park to a bear
  10. 10. DEMO NAM ESPACES unshare(1) proc(5) lsns(8)
  11. 11. GOOD IDEA: BAD IDEA: playing catch with your grandpa playing catch with your grandpa
  12. 12. DEMO COPY-ON-WRITE ( COW ) lvmthin(7) btrfs-subvolume(8) overlayFS
  13. 13. GOOD IDEA: BAD IDEA: being served breakfast in bed being served tennis balls in bed
  14. 14. FS *MAG IC* shared subtree propogation
  15. 15. GOOD IDEA: BAD IDEA: ordering a chili dog to go ordering a chili dog that makes you go
  16. 16. TAR ARCH IVES format tar-split
  17. 17. GOOD IDEA: BAD IDEA: Dressing up at Halloween as a pirate Dressing up at Halloween as a piñata