SlideShare a Scribd company logo

Containers: The What, Why, and How

Sneha Inguva
Sneha Inguva

In this presentation, I will be presenting the what, why, and how of containers at the Digital Ocean in Hyderabad.

Engineering
1 of 34
Download to read offline
@snehainguva
digitalocean.com containers the what, why, and how
digitalocean.com about me software engineer @DigitalOcean delivery team kubernetes, prometheus, terraform
digitalocean.com
digitalocean.com the plan: ● Build your own container ● Containers vs. VMs ● Container ecosystem
digitalocean.com what is a container?
digitalocean.com what is a container? “a lightweight OS-level virtualization method” “stand-alone piece of executable software” “NOT a virtual machine”
digitalocean.com build your own container 1. run input commands with arguments 2. add hostname limitations 3. add process ID limitations 4. add mount point/filesystem limitations
digitalocean.com let’s start with a basic “container” func main() { switch os.Args[1] { case "run": run() default: panic("what?") } } func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(cmd.Run()) } func must(err error) { if err != nil { panic(err) } }
digitalocean.com let’s start with a basic “container”
digitalocean.com let’s start with a basic “container”
digitalocean.com how can we restrict hostname access?
digitalocean.com namespaces!!!
digitalocean.com func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS, } must(cmd.Run()) } UTS namespace
digitalocean.com what about PID access?
digitalocean.com UTS + PID namespace: attempt 1 func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID, } must(cmd.Run()) }
UTS + PID namespace: attempt 2 func run() { cmd := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID, } must(cmd.Run()) } func child() { fmt.Printf("running %v as pid %vn", os.Args[2:], os.Getpid()) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(cmd.Run()) }
UTS + PID namespace: attempt 2
UTS + PID + MNT namespace: attempt 1 func run() { md := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...) // link to currently running process cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS, } must(cmd.Run()) }
UTS + PID + MNT namespace: attempt 1 Initial mounts in MNT namespace inherited from creating namespace → filesystem same as host
next step: UTS + PID + MNT namespace + new root filesystem example func child() { fmt.Printf("running %v as pid%vn", os.Args[2:], os.Getpid()) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(syscall.Chroot("/home/rootfs")) must(os.Chdir("/")) must(syscall.Mount("proc", "proc", "proc", 0, "")) must(cmd.Run()) } TODO
digitalocean.com what is a container? process with isolation, shared resources, and layered filesystems
what is a container? namespace: linux kernel feature that isolates and virtualizes system resources for a collection of processes and their children ● PID: gives process own view of subset of system processes. ✔ ● MNT: gives process mount table and allows process to have own filesystem ✔ ● NET: gives process own network stack. (Container can have virtual ethernet pairs to link to host or other containers.) ● UTS: gives process own view of system hostname and domain name ✔ ● IPC: isolates inter-process communications (i.e. message queues) ● USER: newest namespace that maps process UIDs to different set of UIDs on host (can map containers root uid to unprivileged UID on host)
what is a container? cgroups: control groups collect set of process tasks IDS together and apply limits, such as for resource utilization ● Enforce fair/unfair resource sharing between processes ● Exposed by kernel as special file system to to mount ● Add a process or thread by adding process IDs to task file and read/configure values by editing subdirectory files
what is a container? layered filesystems: optimal way to make a copy of root filesystem for each container ● one of the reasons why it is easy to move containers around ● can “copy on write” (btrFS) ● can use “union mounts” (aufs, OverlayFS) - way of combining multiple directories
digitalocean.com Containers vs. VMs
digitalocean.com containers vs. VMS Source: http://electronicdesign.com/dev-tools/what-s-difference-between-containers-and-virtual-machines
digitalocean.com vms containers ● Hypervisors run software on physical servers to emulate a particular hardware system (aka a virtual machine) ● VM runs a fully copy of the operating system (OS) ● Hardware is also virtualized ● Can run multiple applications ● Run isolated process on a single server or host operating system (OS) ● Can migrate only to servers with compatiable OS kernels ● Best for a single application
digitalocean.com container ecosystem ● Container runtime ● Orchestration tools ● As-a-service
digitalocean.com Source: https://docs.docker.com/engine/understanding-docker/ https://coreos.com/rkt/docs/latest/rkt-vs-other-projects.html#rkt-vs-docker containers
digitalocean.com container orchestration Source: https://github.com/nkhare/container-orchestration/blob/master/kubernetes/README.md
digitalocean.com ___ as-a-service container service, managed clusters, etc. Source: https://coreos.com/tectonic/
sources ● Liz Rice: What is a Container, Really?, Liz Rice ● Building a Container in Less than a 100 Lines of Go, Julien Friedman ● My demo code
Containers: The What, Why, and How

Recommended

Containers 101
Containers 101Containers 101
Containers 101Black Duck by Synopsys
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with DockerRavindu Fernando
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionPeng Xiao
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with dockerBangladesh Network Operators Group
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerInstruqt
 
Docker introduction & benefits
Docker introduction & benefitsDocker introduction & benefits
Docker introduction & benefitsAmit Manwade
 
Docker intro
Docker introDocker intro
Docker introOleg Z
 

Recommended

Containers 101
Containers 101Containers 101
Containers 101Black Duck by Synopsys
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with DockerRavindu Fernando
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionPeng Xiao
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with dockerBangladesh Network Operators Group
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerInstruqt
 
Docker introduction & benefits
Docker introduction & benefitsDocker introduction & benefits
Docker introduction & benefitsAmit Manwade
 
Docker intro
Docker introDocker intro
Docker introOleg Z
 
Docker Basics
Docker BasicsDocker Basics
Docker BasicsDuckDuckGo
 
Docker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersDocker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersYajushi Srivastava
 
Intro To Docker
Intro To DockerIntro To Docker
Intro To DockerJessica Lucci
 
Intro to containerization
Intro to containerizationIntro to containerization
Intro to containerizationBalint Pato
 
Docker basics
Docker basicsDocker basics
Docker basicsAmanSoni129
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Herofazalraja
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT CampusAjeet Singh Raina
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionHao Fan
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionSparkbit
 
Dockers and containers basics
Dockers and containers basicsDockers and containers basics
Dockers and containers basicsSourabh Saxena
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerAditya Konarde
 
Docker introduction
Docker introductionDocker introduction
Docker introductiondotCloud
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container SecuritySuraj Khetani
 
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...Edureka!
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerPubudu Jayawardana
 
docker installation and basics
docker installation and basicsdocker installation and basics
docker installation and basicsWalid Ashraf
 
Docker introduction for the beginners
Docker introduction for the beginnersDocker introduction for the beginners
Docker introduction for the beginnersJuneyoung Oh
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionJeffrey Ellin
 
Docker
DockerDocker
DockerSangtongPeesing
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionMANAOUIL Karim
 
Prometheus Everything, Observing Kubernetes in the Cloud
Prometheus Everything, Observing Kubernetes in the CloudPrometheus Everything, Observing Kubernetes in the Cloud
Prometheus Everything, Observing Kubernetes in the CloudSneha Inguva
 
Observability in a Dynamically Scheduled World
Observability in a Dynamically Scheduled WorldObservability in a Dynamically Scheduled World
Observability in a Dynamically Scheduled WorldSneha Inguva
 

More Related Content

What's hot

Docker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersDocker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersYajushi Srivastava
 
Intro to containerization
Intro to containerizationIntro to containerization
Intro to containerizationBalint Pato
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Herofazalraja
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT CampusAjeet Singh Raina
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionHao Fan
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionSparkbit
 
Dockers and containers basics
Dockers and containers basicsDockers and containers basics
Dockers and containers basicsSourabh Saxena
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerAditya Konarde
 
Docker introduction
Docker introductionDocker introduction
Docker introductiondotCloud
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container SecuritySuraj Khetani
 
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...Edureka!
 
docker installation and basics
docker installation and basicsdocker installation and basics
docker installation and basicsWalid Ashraf
 
Docker introduction for the beginners
Docker introduction for the beginnersDocker introduction for the beginners
Docker introduction for the beginnersJuneyoung Oh
 

What's hot (20)

Docker Basics
Docker BasicsDocker Basics
Docker Basics
 
Docker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersDocker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and Containers
 
Intro To Docker
Intro To DockerIntro To Docker
Intro To Docker
 
Intro to containerization
Intro to containerizationIntro to containerization
Intro to containerization
 
Docker basics
Docker basicsDocker basics
Docker basics
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Hero
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT Campus
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Dockers and containers basics
Dockers and containers basicsDockers and containers basics
Dockers and containers basics
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container Security
 
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
docker installation and basics
docker installation and basicsdocker installation and basics
docker installation and basics
 
Docker introduction for the beginners
Docker introduction for the beginnersDocker introduction for the beginners
Docker introduction for the beginners
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Docker
DockerDocker
Docker
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 

Viewers also liked

Prometheus Everything, Observing Kubernetes in the Cloud
Prometheus Everything, Observing Kubernetes in the CloudPrometheus Everything, Observing Kubernetes in the Cloud
Prometheus Everything, Observing Kubernetes in the CloudSneha Inguva
 
Observability in a Dynamically Scheduled World
Observability in a Dynamically Scheduled WorldObservability in a Dynamically Scheduled World
Observability in a Dynamically Scheduled WorldSneha Inguva
 
DockerCon 2017 - General Session Day 1 - Ben Golub
DockerCon 2017 - General Session Day 1 - Ben GolubDockerCon 2017 - General Session Day 1 - Ben Golub
DockerCon 2017 - General Session Day 1 - Ben GolubDocker, Inc.
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker, Inc.
 
Docker 101 - Intro to Docker
Docker 101 - Intro to DockerDocker 101 - Intro to Docker
Docker 101 - Intro to DockerAdrian Otto
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker, Inc.
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
 
Why Docker
Why DockerWhy Docker
Why DockerdotCloud
 
Academy PRO: Docker. Part 4
Academy PRO: Docker. Part 4Academy PRO: Docker. Part 4
Academy PRO: Docker. Part 4Binary Studio
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker, Inc.
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017Docker, Inc.
 

Viewers also liked (13)

Prometheus Everything, Observing Kubernetes in the Cloud
Prometheus Everything, Observing Kubernetes in the CloudPrometheus Everything, Observing Kubernetes in the Cloud
Prometheus Everything, Observing Kubernetes in the Cloud
 
Observability in a Dynamically Scheduled World
Observability in a Dynamically Scheduled WorldObservability in a Dynamically Scheduled World
Observability in a Dynamically Scheduled World
 
DockerCon 2017 - General Session Day 1 - Ben Golub
DockerCon 2017 - General Session Day 1 - Ben GolubDockerCon 2017 - General Session Day 1 - Ben Golub
DockerCon 2017 - General Session Day 1 - Ben Golub
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016
 
Docker 101 - Intro to Docker
Docker 101 - Intro to DockerDocker 101 - Intro to Docker
Docker 101 - Intro to Docker
 
{code} and containers
{code} and containers{code} and containers
{code} and containers
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker Slides
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
 
Why Docker
Why DockerWhy Docker
Why Docker
 
Academy PRO: Docker. Part 4
Academy PRO: Docker. Part 4Academy PRO: Docker. Part 4
Academy PRO: Docker. Part 4
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to Docker
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017
 

Similar to Containers: The What, Why, and How

Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Jérôme Petazzoni
 
Windows Remote Management - EN
Windows Remote Management - ENWindows Remote Management - EN
Windows Remote Management - ENKirill Nikolaev
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Neeraj Shrimali
 
Introduction to PowerShell
Introduction to PowerShellIntroduction to PowerShell
Introduction to PowerShellBoulos Dib
 
How Secure Are Docker Containers?
How Secure Are Docker Containers?How Secure Are Docker Containers?
How Secure Are Docker Containers?Ben Hall
 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container PlatformAll Things Open
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetesTed Jung
 
PuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into OperationsPuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into Operationsgrim_radical
 
Linux container internals
Linux container internalsLinux container internals
Linux container internalsAshwin Bilgi
 
Declarative Infrastructure Tools
Declarative Infrastructure Tools Declarative Infrastructure Tools
Declarative Infrastructure Tools Yulia Shcherbachova
 
Java in containers
Java in containersJava in containers
Java in containersMartin Baez
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Sysdig
 
Tech talk Introduction to containers
Tech talk Introduction to containersTech talk Introduction to containers
Tech talk Introduction to containersViliamPucik
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
Secure .NET programming
Secure .NET programmingSecure .NET programming
Secure .NET programmingAnte Gulam
 

Similar to Containers: The What, Why, and How (20)

Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
 
Windows Remote Management - EN
Windows Remote Management - ENWindows Remote Management - EN
Windows Remote Management - EN
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
 
Dev ops meetup
Dev ops meetupDev ops meetup
Dev ops meetup
 
Introduction to PowerShell
Introduction to PowerShellIntroduction to PowerShell
Introduction to PowerShell
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
 
Activity 5
Activity 5Activity 5
Activity 5
 
How Secure Are Docker Containers?
How Secure Are Docker Containers?How Secure Are Docker Containers?
How Secure Are Docker Containers?
 
Docker practical solutions
Docker practical solutionsDocker practical solutions
Docker practical solutions
 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container Platform
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetes
 
PuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into OperationsPuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into Operations
 
Docker dDessi november 2015
Docker dDessi november 2015Docker dDessi november 2015
Docker dDessi november 2015
 
Linux container internals
Linux container internalsLinux container internals
Linux container internals
 
Declarative Infrastructure Tools
Declarative Infrastructure Tools Declarative Infrastructure Tools
Declarative Infrastructure Tools
 
Java in containers
Java in containersJava in containers
Java in containers
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
 
Tech talk Introduction to containers
Tech talk Introduction to containersTech talk Introduction to containers
Tech talk Introduction to containers
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containers
 
Secure .NET programming
Secure .NET programmingSecure .NET programming
Secure .NET programming
 

More from Sneha Inguva

Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemSneha Inguva
 
Networking and Go: An Engineer's Journey (Strangeloop 2019)
Networking and Go: An Engineer's Journey (Strangeloop 2019)Networking and Go: An Engineer's Journey (Strangeloop 2019)
Networking and Go: An Engineer's Journey (Strangeloop 2019)Sneha Inguva
 
MicroCPH: Observability and Product Release
MicroCPH: Observability and Product ReleaseMicroCPH: Observability and Product Release
MicroCPH: Observability and Product ReleaseSneha Inguva
 
[Power To Fly Webinar] Observability at a Cloud Provider
[Power To Fly Webinar] Observability at a Cloud Provider[Power To Fly Webinar] Observability at a Cloud Provider
[Power To Fly Webinar] Observability at a Cloud ProviderSneha Inguva
 
Containers: What are they, Really?
Containers: What are they, Really?Containers: What are they, Really?
Containers: What are they, Really?Sneha Inguva
 
Networking and Go: An Epic Journey
Networking and Go: An Epic JourneyNetworking and Go: An Epic Journey
Networking and Go: An Epic JourneySneha Inguva
 
observability pre-release: using prometheus to test and fix new software
observability pre-release: using prometheus to test and fix new softwareobservability pre-release: using prometheus to test and fix new software
observability pre-release: using prometheus to test and fix new softwareSneha Inguva
 
Observability and Product Release
Observability and Product ReleaseObservability and Product Release
Observability and Product ReleaseSneha Inguva
 

More from Sneha Inguva (8)

Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use Them
 
Networking and Go: An Engineer's Journey (Strangeloop 2019)
Networking and Go: An Engineer's Journey (Strangeloop 2019)Networking and Go: An Engineer's Journey (Strangeloop 2019)
Networking and Go: An Engineer's Journey (Strangeloop 2019)
 
MicroCPH: Observability and Product Release
MicroCPH: Observability and Product ReleaseMicroCPH: Observability and Product Release
MicroCPH: Observability and Product Release
 
[Power To Fly Webinar] Observability at a Cloud Provider
[Power To Fly Webinar] Observability at a Cloud Provider[Power To Fly Webinar] Observability at a Cloud Provider
[Power To Fly Webinar] Observability at a Cloud Provider
 
Containers: What are they, Really?
Containers: What are they, Really?Containers: What are they, Really?
Containers: What are they, Really?
 
Networking and Go: An Epic Journey
Networking and Go: An Epic JourneyNetworking and Go: An Epic Journey
Networking and Go: An Epic Journey
 
observability pre-release: using prometheus to test and fix new software
observability pre-release: using prometheus to test and fix new softwareobservability pre-release: using prometheus to test and fix new software
observability pre-release: using prometheus to test and fix new software
 
Observability and Product Release
Observability and Product ReleaseObservability and Product Release
Observability and Product Release
 

Recently uploaded

2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edgePaco Orozco
 
AI for workflow automation Use cases applications benefits and development.pdf
AI for workflow automation Use cases applications benefits and development.pdfAI for workflow automation Use cases applications benefits and development.pdf
AI for workflow automation Use cases applications benefits and development.pdfmahaffeycheryld
 
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsRS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsAtif Razi
 
Hall booking system project report .pdf
Hall booking system project report .pdfHall booking system project report .pdf
Hall booking system project report .pdfKamal Acharya
 
Electrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission lineElectrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission lineJulioCesarSalazarHer1
 
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWINGBRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWINGKOUSTAV SARKAR
 
Online blood donation management system project.pdf
Online blood donation management system project.pdfOnline blood donation management system project.pdf
Online blood donation management system project.pdfKamal Acharya
 
Scaling in conventional MOSFET for constant electric field and constant voltage
Scaling in conventional MOSFET for constant electric field and constant voltageScaling in conventional MOSFET for constant electric field and constant voltage
Scaling in conventional MOSFET for constant electric field and constant voltageRCC Institute of Information Technology
 
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical EngineeringIntroduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical EngineeringC Sai Kiran
 
Digital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfDigital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfAbrahamGadissa
 
School management system project report.pdf
School management system project report.pdfSchool management system project report.pdf
School management system project report.pdfKamal Acharya
 
Pharmacy management system project report..pdf
Pharmacy management system project report..pdfPharmacy management system project report..pdf
Pharmacy management system project report..pdfKamal Acharya
 
Quality defects in TMT Bars, Possible causes and Potential Solutions.
Quality defects in TMT Bars, Possible causes and Potential Solutions.Quality defects in TMT Bars, Possible causes and Potential Solutions.
Quality defects in TMT Bars, Possible causes and Potential Solutions.PrashantGoswami42
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationRobbie Edward Sayers
 
Laundry management system project report.pdf
Laundry management system project report.pdfLaundry management system project report.pdf
Laundry management system project report.pdfKamal Acharya
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfAhmedHussein950959
 
shape functions of 1D and 2 D rectangular elements.pptx
shape functions of 1D and 2 D rectangular elements.pptxshape functions of 1D and 2 D rectangular elements.pptx
shape functions of 1D and 2 D rectangular elements.pptxVishalDeshpande27
 
Explosives Industry manufacturing process.pdf
Explosives Industry manufacturing process.pdfExplosives Industry manufacturing process.pdf
Explosives Industry manufacturing process.pdf884710SadaqatAli
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfPipe Restoration Solutions
 

Recently uploaded (20)

2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge
 
AI for workflow automation Use cases applications benefits and development.pdf
AI for workflow automation Use cases applications benefits and development.pdfAI for workflow automation Use cases applications benefits and development.pdf
AI for workflow automation Use cases applications benefits and development.pdf
 
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsRS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
 
Hall booking system project report .pdf
Hall booking system project report .pdfHall booking system project report .pdf
Hall booking system project report .pdf
 
Electrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission lineElectrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission line
 
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWINGBRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
 
Online blood donation management system project.pdf
Online blood donation management system project.pdfOnline blood donation management system project.pdf
Online blood donation management system project.pdf
 
Scaling in conventional MOSFET for constant electric field and constant voltage
Scaling in conventional MOSFET for constant electric field and constant voltageScaling in conventional MOSFET for constant electric field and constant voltage
Scaling in conventional MOSFET for constant electric field and constant voltage
 
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical EngineeringIntroduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
 
Digital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfDigital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdf
 
School management system project report.pdf
School management system project report.pdfSchool management system project report.pdf
School management system project report.pdf
 
Pharmacy management system project report..pdf
Pharmacy management system project report..pdfPharmacy management system project report..pdf
Pharmacy management system project report..pdf
 
Quality defects in TMT Bars, Possible causes and Potential Solutions.
Quality defects in TMT Bars, Possible causes and Potential Solutions.Quality defects in TMT Bars, Possible causes and Potential Solutions.
Quality defects in TMT Bars, Possible causes and Potential Solutions.
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
 
Laundry management system project report.pdf
Laundry management system project report.pdfLaundry management system project report.pdf
Laundry management system project report.pdf
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 
shape functions of 1D and 2 D rectangular elements.pptx
shape functions of 1D and 2 D rectangular elements.pptxshape functions of 1D and 2 D rectangular elements.pptx
shape functions of 1D and 2 D rectangular elements.pptx
 
Explosives Industry manufacturing process.pdf
Explosives Industry manufacturing process.pdfExplosives Industry manufacturing process.pdf
Explosives Industry manufacturing process.pdf
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
 

Containers: The What, Why, and How

  • 3. digitalocean.com about me software engineer @DigitalOcean delivery team kubernetes, prometheus, terraform
  • 5. digitalocean.com the plan: ● Build your own container ● Containers vs. VMs ● Container ecosystem
  • 7. digitalocean.com what is a container? “a lightweight OS-level virtualization method” “stand-alone piece of executable software” “NOT a virtual machine”
  • 8. digitalocean.com build your own container 1. run input commands with arguments 2. add hostname limitations 3. add process ID limitations 4. add mount point/filesystem limitations
  • 9. digitalocean.com let’s start with a basic “container” func main() { switch os.Args[1] { case "run": run() default: panic("what?") } } func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(cmd.Run()) } func must(err error) { if err != nil { panic(err) } }
  • 10. digitalocean.com let’s start with a basic “container”
  • 11. digitalocean.com let’s start with a basic “container”
  • 12. digitalocean.com how can we restrict hostname access?
  • 14. digitalocean.com func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS, } must(cmd.Run()) } UTS namespace
  • 16. digitalocean.com UTS + PID namespace: attempt 1 func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID, } must(cmd.Run()) }
  • 17. UTS + PID namespace: attempt 2 func run() { cmd := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID, } must(cmd.Run()) } func child() { fmt.Printf("running %v as pid %vn", os.Args[2:], os.Getpid()) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(cmd.Run()) }
  • 18. UTS + PID namespace: attempt 2
  • 19. UTS + PID + MNT namespace: attempt 1 func run() { md := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...) // link to currently running process cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS, } must(cmd.Run()) }
  • 20. UTS + PID + MNT namespace: attempt 1 Initial mounts in MNT namespace inherited from creating namespace → filesystem same as host
  • 21. next step: UTS + PID + MNT namespace + new root filesystem example func child() { fmt.Printf("running %v as pid%vn", os.Args[2:], os.Getpid()) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(syscall.Chroot("/home/rootfs")) must(os.Chdir("/")) must(syscall.Mount("proc", "proc", "proc", 0, "")) must(cmd.Run()) } TODO
  • 22. digitalocean.com what is a container? process with isolation, shared resources, and layered filesystems
  • 23. what is a container? namespace: linux kernel feature that isolates and virtualizes system resources for a collection of processes and their children ● PID: gives process own view of subset of system processes. ✔ ● MNT: gives process mount table and allows process to have own filesystem ✔ ● NET: gives process own network stack. (Container can have virtual ethernet pairs to link to host or other containers.) ● UTS: gives process own view of system hostname and domain name ✔ ● IPC: isolates inter-process communications (i.e. message queues) ● USER: newest namespace that maps process UIDs to different set of UIDs on host (can map containers root uid to unprivileged UID on host)
  • 24. what is a container? cgroups: control groups collect set of process tasks IDS together and apply limits, such as for resource utilization ● Enforce fair/unfair resource sharing between processes ● Exposed by kernel as special file system to to mount ● Add a process or thread by adding process IDs to task file and read/configure values by editing subdirectory files
  • 25. what is a container? layered filesystems: optimal way to make a copy of root filesystem for each container ● one of the reasons why it is easy to move containers around ● can “copy on write” (btrFS) ● can use “union mounts” (aufs, OverlayFS) - way of combining multiple directories
  • 27. digitalocean.com containers vs. VMS Source: http://electronicdesign.com/dev-tools/what-s-difference-between-containers-and-virtual-machines
  • 28. digitalocean.com vms containers ● Hypervisors run software on physical servers to emulate a particular hardware system (aka a virtual machine) ● VM runs a fully copy of the operating system (OS) ● Hardware is also virtualized ● Can run multiple applications ● Run isolated process on a single server or host operating system (OS) ● Can migrate only to servers with compatiable OS kernels ● Best for a single application
  • 29. digitalocean.com container ecosystem ● Container runtime ● Orchestration tools ● As-a-service
  • 32. digitalocean.com ___ as-a-service container service, managed clusters, etc. Source: https://coreos.com/tectonic/
  • 33. sources ● Liz Rice: What is a Container, Really?, Liz Rice ● Building a Container in Less than a 100 Lines of Go, Julien Friedman ● My demo code