SlideShare a Scribd company logo

Understanding and building Your Own Docker

Motiejus Jakštys
Motiejus Jakštys

A lot of people use Docker/rkt, but very often we do not have time to actually understand how they work. So today in half-hour I will show you in a nutshell how that works. My hope is that even after you know how to build a container engine, I can still convince you that the existing tools are worth spending $MM to create and use.

Software
1 of 78
Download to read offline
1/22 Building blocks of Linux Containers Motiejus Jakˇstys motiejus@uber.com @mo kelione 2016-11-18 c 2016. Uber Technologies Inc. All rights reserved.
2/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details. c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. Make container engine in 30 minutes. c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. Make container engine in 30 minutes. Details! c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. Make container engine in 30 minutes. Details! → You will still pick existing tools. c 2016. Uber Technologies Inc. All rights reserved.
4/22 Why me My resume: oncall experience. 2009 − 2012 Telecom (Dev + Ops). 2012 − 2014 Online Gaming (Dev + Ops). 2014 − 2016 Amazon (Dev + Ops). 2016 − now Uber (Dev + Ops): From 2016.02: Dev. From 2016.11: SRE. c 2016. Uber Technologies Inc. All rights reserved.
4/22 Why me My resume: oncall experience. 2009 − 2012 Telecom (Dev + Ops). 2012 − 2014 Online Gaming (Dev + Ops). 2014 − 2016 Amazon (Dev + Ops). 2016 − now Uber (Dev + Ops): From 2016.02: Dev. From 2016.11: SRE. I had to understand how exactly infrastructure works. c 2016. Uber Technologies Inc. All rights reserved.
5/22 A container in Linux is ... c 2016. Uber Technologies Inc. All rights reserved.
5/22 A container in Linux is ... Fork/exec with bells & whistles: c 2016. Uber Technologies Inc. All rights reserved.
5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. c 2016. Uber Technologies Inc. All rights reserved.
5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. COW filesystem to make it start fast. c 2016. Uber Technologies Inc. All rights reserved.
5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. COW filesystem to make it start fast. Cgroups for fairness. c 2016. Uber Technologies Inc. All rights reserved.
5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. COW filesystem to make it start fast. Cgroups for fairness. Namespaces for isolation. c 2016. Uber Technologies Inc. All rights reserved.
6/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
7/22 We will cover c 2016. Uber Technologies Inc. All rights reserved.
7/22 We will cover User namespaces. c 2016. Uber Technologies Inc. All rights reserved.
7/22 We will cover User namespaces. Pid namespaces. c 2016. Uber Technologies Inc. All rights reserved.
7/22 We will cover User namespaces. Pid namespaces. Mount namespaces. c 2016. Uber Technologies Inc. All rights reserved.
7/22 We will cover User namespaces. Pid namespaces. Mount namespaces. Network namespaces. c 2016. Uber Technologies Inc. All rights reserved.
7/22 We will cover User namespaces. Pid namespaces. Mount namespaces. Network namespaces. There are more, but not today. c 2016. Uber Technologies Inc. All rights reserved.
8/22 User namespace Become container-local root. unshare --map-root-user c 2016. Uber Technologies Inc. All rights reserved.
9/22 Mount namespace Hide container mounts. unshare --mount c 2016. Uber Technologies Inc. All rights reserved.
10/22 Pid namespace Hide other pids. unshare --pid --mount-proc --fork c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. curl and ping. c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. curl and ping. lsof, bind on ports separately. c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. curl and ping. lsof, bind on ports separately. Ever wanted to run tcpdump on an application? c 2016. Uber Technologies Inc. All rights reserved.
12/22 Network namespace default lo 127.0.0.1 eth0 192.0.2.1 c 2016. Uber Technologies Inc. All rights reserved.
12/22 Network namespace default lo 127.0.0.1 eth0 192.0.2.1 t1 lo c 2016. Uber Technologies Inc. All rights reserved.
12/22 Network namespace default lo 127.0.0.1 eth0 192.0.2.1 t1 lolo 127.0.0.1 c 2016. Uber Technologies Inc. All rights reserved.
12/22 Network namespace default lo 127.0.0.1 eth0 192.0.2.1 t1 lolo 127.0.0.1 veth1a veth1b c 2016. Uber Technologies Inc. All rights reserved.
12/22 Network namespace default lo 127.0.0.1 eth0 192.0.2.1 t1 lolo 127.0.0.1 veth1a veth1bveth1a 10.0.0.1 veth1b 10.0.0.2 c 2016. Uber Technologies Inc. All rights reserved.
13/22 What did we just do Created a container: c 2016. Uber Technologies Inc. All rights reserved.
13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. c 2016. Uber Technologies Inc. All rights reserved.
13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. c 2016. Uber Technologies Inc. All rights reserved.
13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. Isolated mounts e.g. for /tmp. c 2016. Uber Technologies Inc. All rights reserved.
13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. Isolated mounts e.g. for /tmp. Isolated network safely bind to :80. c 2016. Uber Technologies Inc. All rights reserved.
13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. Isolated mounts e.g. for /tmp. Isolated network safely bind to :80. An improvement over ”run and hope it doesn’t affect anything else”. c 2016. Uber Technologies Inc. All rights reserved.
14/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
15/22 File systems and COW A container: Needs a file system. c 2016. Uber Technologies Inc. All rights reserved.
15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. c 2016. Uber Technologies Inc. All rights reserved.
15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. Do not want to copy 1GB with every startup. c 2016. Uber Technologies Inc. All rights reserved.
15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. Do not want to copy 1GB with every startup. Copy On Write! c 2016. Uber Technologies Inc. All rights reserved.
15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. Do not want to copy 1GB with every startup. Copy On Write! lvm? zfs? btrfs? c 2016. Uber Technologies Inc. All rights reserved.
16/22 A quick demo Create tank/images/debian@latest Create tank/containers/t1 from @latest unshare --mount --pid --fork chroot . bash c 2016. Uber Technologies Inc. All rights reserved.
17/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. Collect zombie processes. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. Collect zombie processes. Image management. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. Collect zombie processes. Image management. Should someone else do it? c 2016. Uber Technologies Inc. All rights reserved.
19/22 We almost have a container engine c 2016. Uber Technologies Inc. All rights reserved.
19/22 We almost have a container engine But look at my conclusions again. c 2016. Uber Technologies Inc. All rights reserved.
19/22 We almost have a container engine But look at my conclusions again. Devil hides in the details. c 2016. Uber Technologies Inc. All rights reserved.
19/22 We almost have a container engine But look at my conclusions again. Devil hides in the details. Tooling companies (Docker, CoreOS, etc) raised > $108 . c 2016. Uber Technologies Inc. All rights reserved.
20/22 To recap Easy to understand kernel facilities. c 2016. Uber Technologies Inc. All rights reserved.
20/22 To recap Easy to understand kernel facilities. Devil hides in the details. c 2016. Uber Technologies Inc. All rights reserved.
20/22 To recap Easy to understand kernel facilities. Devil hides in the details. Either spend a lot of time and headache, or re-use existing tools. c 2016. Uber Technologies Inc. All rights reserved.
21/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
22/22 We’re hiring! Uber SRE locations: SF, NYC, Seattle, Vilnius. Check out join.uber.com Also, contact me at motiejus@uber.com c 2016. Uber Technologies Inc. All rights reserved.

Recommended

The End of the world as we know it - AKA your last NullPointerException $1B b...
The End of the world as we know it - AKA your last NullPointerException $1B b...The End of the world as we know it - AKA your last NullPointerException $1B b...
The End of the world as we know it - AKA your last NullPointerException $1B b...Michael Vorburger
 
Meet the Eclipse SmartHome powered Mars Rover
Meet the Eclipse SmartHome powered Mars RoverMeet the Eclipse SmartHome powered Mars Rover
Meet the Eclipse SmartHome powered Mars RoverMichael Vorburger
 
Hacking for Fun and Profit
Hacking for Fun and ProfitHacking for Fun and Profit
Hacking for Fun and ProfitApkudo
 
Who Needs Thumbs? Reverse Engineering Scramble With Friends
Who Needs Thumbs? Reverse Engineering Scramble With FriendsWho Needs Thumbs? Reverse Engineering Scramble With Friends
Who Needs Thumbs? Reverse Engineering Scramble With FriendsApkudo
 
A Modest Introduction to Swift
A Modest Introduction to SwiftA Modest Introduction to Swift
A Modest Introduction to SwiftJohn Anderson
 
Introduction to Mercurial
Introduction to MercurialIntroduction to Mercurial
Introduction to Mercurialdigitalspaghetti
 
Dependency Management with Composer
Dependency Management with ComposerDependency Management with Composer
Dependency Management with ComposerJordi Boggiano
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonPhilip Tellis
 

Recommended

The End of the world as we know it - AKA your last NullPointerException $1B b...
The End of the world as we know it - AKA your last NullPointerException $1B b...The End of the world as we know it - AKA your last NullPointerException $1B b...
The End of the world as we know it - AKA your last NullPointerException $1B b...Michael Vorburger
 
Meet the Eclipse SmartHome powered Mars Rover
Meet the Eclipse SmartHome powered Mars RoverMeet the Eclipse SmartHome powered Mars Rover
Meet the Eclipse SmartHome powered Mars RoverMichael Vorburger
 
Hacking for Fun and Profit
Hacking for Fun and ProfitHacking for Fun and Profit
Hacking for Fun and ProfitApkudo
 
Who Needs Thumbs? Reverse Engineering Scramble With Friends
Who Needs Thumbs? Reverse Engineering Scramble With FriendsWho Needs Thumbs? Reverse Engineering Scramble With Friends
Who Needs Thumbs? Reverse Engineering Scramble With FriendsApkudo
 
A Modest Introduction to Swift
A Modest Introduction to SwiftA Modest Introduction to Swift
A Modest Introduction to SwiftJohn Anderson
 
Introduction to Mercurial
Introduction to MercurialIntroduction to Mercurial
Introduction to Mercurialdigitalspaghetti
 
Dependency Management with Composer
Dependency Management with ComposerDependency Management with Composer
Dependency Management with ComposerJordi Boggiano
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonPhilip Tellis
 
Frontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxFrontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxPhilip Tellis
 
Massive applications in node.js
Massive applications in node.jsMassive applications in node.js
Massive applications in node.jsJan Jongboom
 
Frontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonFrontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonPhilip Tellis
 
Using software modules welcome to hell!
Using software modules welcome to hell!Using software modules welcome to hell!
Using software modules welcome to hell!Baruch Sadogursky
 
Gotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineGotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineAnton Babenko
 
Composer (PHP Usergroup Karlsruhe)
Composer (PHP Usergroup Karlsruhe)Composer (PHP Usergroup Karlsruhe)
Composer (PHP Usergroup Karlsruhe)Nils Adermann
 
Composer
ComposerComposer
ComposerNils Adermann
 
Modern Perl for the Unfrozen Paleolithic Perl Programmer
Modern Perl for the Unfrozen Paleolithic Perl ProgrammerModern Perl for the Unfrozen Paleolithic Perl Programmer
Modern Perl for the Unfrozen Paleolithic Perl ProgrammerJohn Anderson
 
Eclipse 3.7 : Tips and tricks
Eclipse 3.7 : Tips and tricksEclipse 3.7 : Tips and tricks
Eclipse 3.7 : Tips and tricksTomasz Zarna
 
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...Zohar Babin
 
Improving DroidBox
Improving DroidBoxImproving DroidBox
Improving DroidBoxKelwin Yang
 
P2 Introduction
P2 IntroductionP2 Introduction
P2 Introductionirbull
 
Java Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJava Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJeff Prestes
 
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPANCPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPANMike Friedman
 
ZN-2015
ZN-2015ZN-2015
ZN-2015Ivan Elkin
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonPhilip Tellis
 
Minko - Scripting 3D apps with Lua and C++
Minko - Scripting 3D apps with Lua and C++Minko - Scripting 3D apps with Lua and C++
Minko - Scripting 3D apps with Lua and C++Minko3D
 
21st Century CPAN Testing: CPANci
21st Century CPAN Testing: CPANci21st Century CPAN Testing: CPANci
21st Century CPAN Testing: CPANciMike Friedman
 
A Modest Introduction to Swift
A Modest Introduction to SwiftA Modest Introduction to Swift
A Modest Introduction to SwiftJohn Anderson
 
Bringing choas to order in your node.js app
Bringing choas to order in your node.js appBringing choas to order in your node.js app
Bringing choas to order in your node.js appDan Jenkins
 
Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作kao kuo-tung
 
LSA2 - 02 Namespaces
LSA2 - 02 NamespacesLSA2 - 02 Namespaces
LSA2 - 02 NamespacesMarian Marinov
 

More Related Content

What's hot

Frontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxFrontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxPhilip Tellis
 
Massive applications in node.js
Massive applications in node.jsMassive applications in node.js
Massive applications in node.jsJan Jongboom
 
Frontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonFrontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonPhilip Tellis
 
Using software modules welcome to hell!
Using software modules welcome to hell!Using software modules welcome to hell!
Using software modules welcome to hell!Baruch Sadogursky
 
Gotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineGotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineAnton Babenko
 
Composer (PHP Usergroup Karlsruhe)
Composer (PHP Usergroup Karlsruhe)Composer (PHP Usergroup Karlsruhe)
Composer (PHP Usergroup Karlsruhe)Nils Adermann
 
Modern Perl for the Unfrozen Paleolithic Perl Programmer
Modern Perl for the Unfrozen Paleolithic Perl ProgrammerModern Perl for the Unfrozen Paleolithic Perl Programmer
Modern Perl for the Unfrozen Paleolithic Perl ProgrammerJohn Anderson
 
Eclipse 3.7 : Tips and tricks
Eclipse 3.7 : Tips and tricksEclipse 3.7 : Tips and tricks
Eclipse 3.7 : Tips and tricksTomasz Zarna
 
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...Zohar Babin
 
Improving DroidBox
Improving DroidBoxImproving DroidBox
Improving DroidBoxKelwin Yang
 
P2 Introduction
P2 IntroductionP2 Introduction
P2 Introductionirbull
 
Java Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJava Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJeff Prestes
 
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPANCPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPANMike Friedman
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonPhilip Tellis
 
Minko - Scripting 3D apps with Lua and C++
Minko - Scripting 3D apps with Lua and C++Minko - Scripting 3D apps with Lua and C++
Minko - Scripting 3D apps with Lua and C++Minko3D
 
21st Century CPAN Testing: CPANci
21st Century CPAN Testing: CPANci21st Century CPAN Testing: CPANci
21st Century CPAN Testing: CPANciMike Friedman
 
A Modest Introduction to Swift
A Modest Introduction to SwiftA Modest Introduction to Swift
A Modest Introduction to SwiftJohn Anderson
 
Bringing choas to order in your node.js app
Bringing choas to order in your node.js appBringing choas to order in your node.js app
Bringing choas to order in your node.js appDan Jenkins
 

What's hot (20)

Frontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxFrontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou Furieux
 
Massive applications in node.js
Massive applications in node.jsMassive applications in node.js
Massive applications in node.js
 
Frontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonFrontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy Person
 
Using software modules welcome to hell!
Using software modules welcome to hell!Using software modules welcome to hell!
Using software modules welcome to hell!
 
Gotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineGotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipeline
 
Composer (PHP Usergroup Karlsruhe)
Composer (PHP Usergroup Karlsruhe)Composer (PHP Usergroup Karlsruhe)
Composer (PHP Usergroup Karlsruhe)
 
Composer
ComposerComposer
Composer
 
Modern Perl for the Unfrozen Paleolithic Perl Programmer
Modern Perl for the Unfrozen Paleolithic Perl ProgrammerModern Perl for the Unfrozen Paleolithic Perl Programmer
Modern Perl for the Unfrozen Paleolithic Perl Programmer
 
Eclipse 3.7 : Tips and tricks
Eclipse 3.7 : Tips and tricksEclipse 3.7 : Tips and tricks
Eclipse 3.7 : Tips and tricks
 
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
 
Improving DroidBox
Improving DroidBoxImproving DroidBox
Improving DroidBox
 
P2 Introduction
P2 IntroductionP2 Introduction
P2 Introduction
 
Java Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJava Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending Machine
 
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPANCPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPAN
 
ZN-2015
ZN-2015ZN-2015
ZN-2015
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
 
Minko - Scripting 3D apps with Lua and C++
Minko - Scripting 3D apps with Lua and C++Minko - Scripting 3D apps with Lua and C++
Minko - Scripting 3D apps with Lua and C++
 
21st Century CPAN Testing: CPANci
21st Century CPAN Testing: CPANci21st Century CPAN Testing: CPANci
21st Century CPAN Testing: CPANci
 
A Modest Introduction to Swift
A Modest Introduction to SwiftA Modest Introduction to Swift
A Modest Introduction to Swift
 
Bringing choas to order in your node.js app
Bringing choas to order in your node.js appBringing choas to order in your node.js app
Bringing choas to order in your node.js app
 

Viewers also liked

Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作kao kuo-tung
 
Обзор Linux Control Groups
Обзор Linux Control GroupsОбзор Linux Control Groups
Обзор Linux Control GroupsOSLL
 
Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces)Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces)OSLL
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 

Viewers also liked (8)

Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作
 
LSA2 - 02 Namespaces
LSA2 - 02 NamespacesLSA2 - 02 Namespaces
LSA2 - 02 Namespaces
 
Обзор Linux Control Groups
Обзор Linux Control GroupsОбзор Linux Control Groups
Обзор Linux Control Groups
 
Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces)Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces)
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containers
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
 

Similar to Understanding and building Your Own Docker

stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraftstackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with UnikraftNETWAYS
 
DockerCon SF 2015: Keynote Day 1
DockerCon SF 2015: Keynote Day 1DockerCon SF 2015: Keynote Day 1
DockerCon SF 2015: Keynote Day 1Docker, Inc.
 
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
2016 - Easing Your Way Into Docker: Lessons From a Journey to Productiondevopsdaysaustin
 
AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0CTruncer
 
DockerDay2015: Keynote
DockerDay2015: KeynoteDockerDay2015: Keynote
DockerDay2015: KeynoteDocker-Hanoi
 
Programming the world with Docker
Programming the world with DockerProgramming the world with Docker
Programming the world with DockerPatrick Chanezon
 
Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015
Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015
Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015Chef
 
PHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpPHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpAhmed Abdou
 
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07Jorge Hidalgo
 
The Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To KnowThe Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To KnowAll Things Open
 
Boyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) GeekfestBoyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) GeekfestW2O Group
 
Interstella GTC: Monolith to Microservices with ECS
Interstella GTC: Monolith to Microservices with ECSInterstella GTC: Monolith to Microservices with ECS
Interstella GTC: Monolith to Microservices with ECSAmazon Web Services
 
Apt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stageApt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stageAlessandro Cinelli (cirpo)
 
StackEngine Problem Space Demo
StackEngine Problem Space DemoStackEngine Problem Space Demo
StackEngine Problem Space DemoBoyd Hemphill
 
Javascript State of the Union 2015 - English
Javascript State of the Union 2015 - EnglishJavascript State of the Union 2015 - English
Javascript State of the Union 2015 - EnglishHuge
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
 
Modern Release Engineering in a Nutshell - Why Researchers should Care!
Modern Release Engineering in a Nutshell - Why Researchers should Care!Modern Release Engineering in a Nutshell - Why Researchers should Care!
Modern Release Engineering in a Nutshell - Why Researchers should Care!Bram Adams
 

Similar to Understanding and building Your Own Docker (20)

stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraftstackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
 
DockerCon SF 2015: Keynote Day 1
DockerCon SF 2015: Keynote Day 1DockerCon SF 2015: Keynote Day 1
DockerCon SF 2015: Keynote Day 1
 
7+1 myths of the new os
7+1 myths of the new os7+1 myths of the new os
7+1 myths of the new os
 
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
 
AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0
 
DockerDay2015: Keynote
DockerDay2015: KeynoteDockerDay2015: Keynote
DockerDay2015: Keynote
 
Programming the world with Docker
Programming the world with DockerProgramming the world with Docker
Programming the world with Docker
 
Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015
Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015
Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015
 
PHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpPHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in php
 
MongoSV 2011
MongoSV 2011MongoSV 2011
MongoSV 2011
 
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
 
The Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To KnowThe Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To Know
 
Boyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) GeekfestBoyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) Geekfest
 
Interstella GTC: Monolith to Microservices with ECS
Interstella GTC: Monolith to Microservices with ECSInterstella GTC: Monolith to Microservices with ECS
Interstella GTC: Monolith to Microservices with ECS
 
Apt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stageApt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stage
 
StackEngine Problem Space Demo
StackEngine Problem Space DemoStackEngine Problem Space Demo
StackEngine Problem Space Demo
 
Javascript State of the Union 2015 - English
Javascript State of the Union 2015 - EnglishJavascript State of the Union 2015 - English
Javascript State of the Union 2015 - English
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
 
Modern Release Engineering in a Nutshell - Why Researchers should Care!
Modern Release Engineering in a Nutshell - Why Researchers should Care!Modern Release Engineering in a Nutshell - Why Researchers should Care!
Modern Release Engineering in a Nutshell - Why Researchers should Care!
 
Don't screw it up! How to build durable API
Don't screw it up! How to build durable API Don't screw it up! How to build durable API
Don't screw it up! How to build durable API
 

Recently uploaded

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 

Recently uploaded (20)

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 

Understanding and building Your Own Docker

  • 1. 1/22 Building blocks of Linux Containers Motiejus Jakˇstys motiejus@uber.com @mo kelione 2016-11-18 c 2016. Uber Technologies Inc. All rights reserved.
  • 2. 2/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
  • 3. 3/22 Conclusion! c 2016. Uber Technologies Inc. All rights reserved.
  • 4. 3/22 Conclusion! Devil Hides in The Details. c 2016. Uber Technologies Inc. All rights reserved.
  • 5. 3/22 Conclusion! Devil Hides in The Details? c 2016. Uber Technologies Inc. All rights reserved.
  • 6. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. c 2016. Uber Technologies Inc. All rights reserved.
  • 7. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. c 2016. Uber Technologies Inc. All rights reserved.
  • 8. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. c 2016. Uber Technologies Inc. All rights reserved.
  • 9. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. c 2016. Uber Technologies Inc. All rights reserved.
  • 10. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. Make container engine in 30 minutes. c 2016. Uber Technologies Inc. All rights reserved.
  • 11. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. Make container engine in 30 minutes. Details! c 2016. Uber Technologies Inc. All rights reserved.
  • 12. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. Make container engine in 30 minutes. Details! → You will still pick existing tools. c 2016. Uber Technologies Inc. All rights reserved.
  • 13. 4/22 Why me My resume: oncall experience. 2009 − 2012 Telecom (Dev + Ops). 2012 − 2014 Online Gaming (Dev + Ops). 2014 − 2016 Amazon (Dev + Ops). 2016 − now Uber (Dev + Ops): From 2016.02: Dev. From 2016.11: SRE. c 2016. Uber Technologies Inc. All rights reserved.
  • 14. 4/22 Why me My resume: oncall experience. 2009 − 2012 Telecom (Dev + Ops). 2012 − 2014 Online Gaming (Dev + Ops). 2014 − 2016 Amazon (Dev + Ops). 2016 − now Uber (Dev + Ops): From 2016.02: Dev. From 2016.11: SRE. I had to understand how exactly infrastructure works. c 2016. Uber Technologies Inc. All rights reserved.
  • 15. 5/22 A container in Linux is ... c 2016. Uber Technologies Inc. All rights reserved.
  • 16. 5/22 A container in Linux is ... Fork/exec with bells & whistles: c 2016. Uber Technologies Inc. All rights reserved.
  • 17. 5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. c 2016. Uber Technologies Inc. All rights reserved.
  • 18. 5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. COW filesystem to make it start fast. c 2016. Uber Technologies Inc. All rights reserved.
  • 19. 5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. COW filesystem to make it start fast. Cgroups for fairness. c 2016. Uber Technologies Inc. All rights reserved.
  • 20. 5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. COW filesystem to make it start fast. Cgroups for fairness. Namespaces for isolation. c 2016. Uber Technologies Inc. All rights reserved.
  • 21. 6/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
  • 22. 7/22 We will cover c 2016. Uber Technologies Inc. All rights reserved.
  • 23. 7/22 We will cover User namespaces. c 2016. Uber Technologies Inc. All rights reserved.
  • 24. 7/22 We will cover User namespaces. Pid namespaces. c 2016. Uber Technologies Inc. All rights reserved.
  • 25. 7/22 We will cover User namespaces. Pid namespaces. Mount namespaces. c 2016. Uber Technologies Inc. All rights reserved.
  • 26. 7/22 We will cover User namespaces. Pid namespaces. Mount namespaces. Network namespaces. c 2016. Uber Technologies Inc. All rights reserved.
  • 27. 7/22 We will cover User namespaces. Pid namespaces. Mount namespaces. Network namespaces. There are more, but not today. c 2016. Uber Technologies Inc. All rights reserved.
  • 28. 8/22 User namespace Become container-local root. unshare --map-root-user c 2016. Uber Technologies Inc. All rights reserved.
  • 29. 9/22 Mount namespace Hide container mounts. unshare --mount c 2016. Uber Technologies Inc. All rights reserved.
  • 30. 10/22 Pid namespace Hide other pids. unshare --pid --mount-proc --fork c 2016. Uber Technologies Inc. All rights reserved.
  • 31. 11/22 Network namespace Demonstrate this: c 2016. Uber Technologies Inc. All rights reserved.
  • 32. 11/22 Network namespace Demonstrate this: Create namespace. c 2016. Uber Technologies Inc. All rights reserved.
  • 33. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). c 2016. Uber Technologies Inc. All rights reserved.
  • 34. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: c 2016. Uber Technologies Inc. All rights reserved.
  • 35. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. c 2016. Uber Technologies Inc. All rights reserved.
  • 36. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. c 2016. Uber Technologies Inc. All rights reserved.
  • 37. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. c 2016. Uber Technologies Inc. All rights reserved.
  • 38. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. curl and ping. c 2016. Uber Technologies Inc. All rights reserved.
  • 39. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. curl and ping. lsof, bind on ports separately. c 2016. Uber Technologies Inc. All rights reserved.
  • 40. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. curl and ping. lsof, bind on ports separately. Ever wanted to run tcpdump on an application? c 2016. Uber Technologies Inc. All rights reserved.
  • 41. 12/22 Network namespace default lo 127.0.0.1 eth0 192.0.2.1 c 2016. Uber Technologies Inc. All rights reserved.
  • 46. 13/22 What did we just do Created a container: c 2016. Uber Technologies Inc. All rights reserved.
  • 47. 13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. c 2016. Uber Technologies Inc. All rights reserved.
  • 48. 13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. c 2016. Uber Technologies Inc. All rights reserved.
  • 49. 13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. Isolated mounts e.g. for /tmp. c 2016. Uber Technologies Inc. All rights reserved.
  • 50. 13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. Isolated mounts e.g. for /tmp. Isolated network safely bind to :80. c 2016. Uber Technologies Inc. All rights reserved.
  • 51. 13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. Isolated mounts e.g. for /tmp. Isolated network safely bind to :80. An improvement over ”run and hope it doesn’t affect anything else”. c 2016. Uber Technologies Inc. All rights reserved.
  • 52. 14/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
  • 53. 15/22 File systems and COW A container: Needs a file system. c 2016. Uber Technologies Inc. All rights reserved.
  • 54. 15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. c 2016. Uber Technologies Inc. All rights reserved.
  • 55. 15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. Do not want to copy 1GB with every startup. c 2016. Uber Technologies Inc. All rights reserved.
  • 56. 15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. Do not want to copy 1GB with every startup. Copy On Write! c 2016. Uber Technologies Inc. All rights reserved.
  • 57. 15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. Do not want to copy 1GB with every startup. Copy On Write! lvm? zfs? btrfs? c 2016. Uber Technologies Inc. All rights reserved.
  • 58. 16/22 A quick demo Create tank/images/debian@latest Create tank/containers/t1 from @latest unshare --mount --pid --fork chroot . bash c 2016. Uber Technologies Inc. All rights reserved.
  • 59. 17/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
  • 60. 18/22 Leftover elephants in the room c 2016. Uber Technologies Inc. All rights reserved.
  • 61. 18/22 Leftover elephants in the room Trivial to escape this ”container”. c 2016. Uber Technologies Inc. All rights reserved.
  • 62. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. c 2016. Uber Technologies Inc. All rights reserved.
  • 63. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. c 2016. Uber Technologies Inc. All rights reserved.
  • 64. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. c 2016. Uber Technologies Inc. All rights reserved.
  • 65. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. c 2016. Uber Technologies Inc. All rights reserved.
  • 66. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. c 2016. Uber Technologies Inc. All rights reserved.
  • 67. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. Collect zombie processes. c 2016. Uber Technologies Inc. All rights reserved.
  • 68. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. Collect zombie processes. Image management. c 2016. Uber Technologies Inc. All rights reserved.
  • 69. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. Collect zombie processes. Image management. Should someone else do it? c 2016. Uber Technologies Inc. All rights reserved.
  • 70. 19/22 We almost have a container engine c 2016. Uber Technologies Inc. All rights reserved.
  • 71. 19/22 We almost have a container engine But look at my conclusions again. c 2016. Uber Technologies Inc. All rights reserved.
  • 72. 19/22 We almost have a container engine But look at my conclusions again. Devil hides in the details. c 2016. Uber Technologies Inc. All rights reserved.
  • 73. 19/22 We almost have a container engine But look at my conclusions again. Devil hides in the details. Tooling companies (Docker, CoreOS, etc) raised > $108 . c 2016. Uber Technologies Inc. All rights reserved.
  • 74. 20/22 To recap Easy to understand kernel facilities. c 2016. Uber Technologies Inc. All rights reserved.
  • 75. 20/22 To recap Easy to understand kernel facilities. Devil hides in the details. c 2016. Uber Technologies Inc. All rights reserved.
  • 76. 20/22 To recap Easy to understand kernel facilities. Devil hides in the details. Either spend a lot of time and headache, or re-use existing tools. c 2016. Uber Technologies Inc. All rights reserved.
  • 77. 21/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
  • 78. 22/22 We’re hiring! Uber SRE locations: SF, NYC, Seattle, Vilnius. Check out join.uber.com Also, contact me at motiejus@uber.com c 2016. Uber Technologies Inc. All rights reserved.