SlideShare a Scribd company logo

Evoluation of Linux Container Virtualization

Imesh Gunaratne
Imesh Gunaratne

Hypervisors, Linux Containers, Linux Kernel features used by Containers, LXC Engine, Docker, CoreOS and Kubernetes

Technology
1 of 46
Download to read offline
Evolution of Linux Container Virtualization Imesh Gunaratne Technical Lead, WSO2 Committer & PMC Member, Apache Stratos
Agenda ● Virtualization ● Linux Containers ● LXC ● Docker ● CoreOS ● Kubernetes
Virtualization
Virtualization In computing, refers to the act of creating a virtual (rather than actual) version of something, including but not limited to a virtual computer hardware platform, operating system (OS), storage device, or computer network resources. http://en.wikipedia.org/wiki/Virtualization
Hypervisor A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or hardware that creates and runs virtual machines. http://en.wikipedia.org/wiki/Hypervisor
Linux Containers
Linux Containers Linux Container Brief for IEEE WG P2302, Boden Russell
Linux Containers An operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host. http://en.wikipedia.org/wiki/LXC
Linux Kernel Features used by Linux Containers ● Namespaces ● cgroups ● AppArmor ● SELinux ● seccomp ● chroot
Namespaces Wraps global system resources in an abstraction that makes it appear to the processes that they have their own isolated instance of the global resource. Included in Linux Kernel 2.4.19 http://lwn.net/Articles/531114/
Namespaces Currently, Linux implements six different types of namespaces: 1. mnt (mount points, filesystems) 2. pid (processes) 3. net (network stack) 4. ipc (inter-process communication) 5. uts (hostname) 6. user (user ids) http://www.cs.ucsb.edu/~rich/class/cs290-cloud/papers/lxc-namespace.pdf
cgroups (Control Groups) A Linux kernel feature to limit, account, and isolate resource usage (CPU, memory, disk I/O, etc.) of process groups. Started by engineers in Google in 2007 and merged into the Linux Kernel 2.6.24 http://en.wikipedia.org/wiki/Cgroups
cgroups (Control Groups) ● Access: which devices can be used per cgroup ● Resource limiting: memory, CPU, device accessibility, block I/O, etc ● Prioritization: who gets more of the CPU, memory, etc ● Accounting: resource usage per cgroup ● Control: freezing & checkpointing http://en.wikipedia.org/wiki/Cgroups
AppArmor AppArmor is a Linux security module implemented using the Linux Security Modules (LSM) kernel interface. It allows the system administrator to associate with each program a security profile that restricts the capabilities of that program. http://en.wikipedia.org/wiki/AppArmor
SELinux (Security Enhanced Linux) SELinux is a Linux kernel security module that provides a mechanism for supporting access control on security policies for programs. Originally developed by the United States National Security Agency (NSA). Included in Linux kernel 2.6.0-test3, released on 8 August 2003 http://en.wikipedia.org/wiki/Security-Enhanced_Linux
SELinux - How it works ● Compiled into the Linux kernel ● Package security policies in the distribution ● Policies in most distributions are applied only to system processes, not user processes ● Checks database of rules on syscalls ● Policies allows/denies what a daemon can access and how ● Prevents daemons compromise affecting other files/users/etc (namespaces) SELinux for Everyday Users, PaulWay
seccomp (Secure Computing Mode) ● seccomp is a secure-computing facility that provides an application sandboxing mechanism in the Linux kernel. ● Provides isolation for computing ● It allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write(). http://en.wikipedia.org/wiki/Seccomp
seccomp (Secure Computing Mode) It was merged into the Linux kernel mainline in version 2.6.12, released on March 8, 2005. http://en.wikipedia.org/wiki/Seccomp
chroot http://www.lorien.ch/server/chroot.html
chroot A chroot on Unix operating systems is an operation that changes the root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally not access) files outside the designated directory tree. http://en.wikipedia.org/wiki/Chroot
chroot The modified environment is called a "chroot jail" Introduced in version 7 Unix in 1979, and added to BSD by Bill Joy on 18 March 1982 http://en.wikipedia.org/wiki/Chroot
LXC A Hypervisor for Linux Containers
LXC Engine: A Hypervisor for Containers Linux Container Brief for IEEE WG P2302, Boden Russell
LXC (LinuX Containers) LXC is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host. ● From the inside it looks like a VM ● From the outside it looks like a normal process ● Provides lightweight virtualization
Kernel Features used by LXC ● Kernel namespaces (ipc, uts, mount, pid, network and user) ● Control groups (cgroups) ● Apparmor and SELinux profiles ● Seccomp policies ● Chroots (using pivot_root) ● Kernel capabilities
Docker Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. ● Initially developed by dotCloud ● Original version written in Python, now written in Go ● A very young project (started March, 2013), but with a huge community
Problem: Shipping Software Introduction to Docker, Jérôme Petazzoni
Solution: Linux Container Introduction to Docker, Jérôme Petazzoni
Solved Introduction to Docker, Jérôme Petazzoni
Virtual Machines Vs Docker
Docker Architecture Enterprise Docker, Adrien BLIND, Aurelien GABET, Arnaud MAZIN
Docker - Hello World # Get one base Docker image >docker pull ubuntu # List Docker images available >docker images # Run hello world >docker run ubuntu:14.04 echo "hello world" Docker Paris Meetup, Victor Vieux, dotCloud Inc
Detached mode # Run hello world in detached mode (-d) >docker run -d ubuntu sh -c "while true; do echo hello world; sleep 1; done" # Get container’s ID >docker ps # Attach to the container >docker attach <container-id> # Stop/start/restart the container >docker stop <container-id> Docker Paris Meetup, Victor Vieux, dotCloud Inc
CoreOS CoreOS is a new Linux distribution that has been re-architected to provide features needed to run modern infrastructure stacks.
CoreOS Architecture
CoreOS Architecture Fleet ties together systemd and etcd into a distributed init system
Kubernetes Kubernetes is an open source implementation of container cluster management.
Kubernetes High Level Architecture
Kubernetes High Level Architecture
Kubernetes Component Architecture
Kubernetes Terminology ● Pod - A group of Containers ● Labels - Labels for identifying pods ● Kubelet - Container Agent ● Proxy Service - A load balancer for Pods ● etcd - A metadata service ● cAdvisor - Container Advisor provides resource usage/performance statistics ● Replication Controller - Manages replication of pods ● Scheduler - Schedules pods in worker nodes ● API server - Kubernetes API server
References ● http://en.wikipedia.org/wiki/Virtualization ● http://en.wikipedia.org/wiki/Hypervisor ● http://en.wikipedia.org/wiki/LXC ● http://www.cs.ucsb.edu/~rich/class/cs290- cloud/papers/lxc-namespace.pdf ● http://en.wikipedia.org/wiki/Cgroups ● http://en.wikipedia.org/wiki/AppArmor ● http://en.wikipedia.org/wiki/Security- Enhanced_Linux ● http://www.lorien.ch/server/chroot.html
References ● SELinux for Everyday Users, PaulWay ● http://en.wikipedia.org/wiki/Seccomp ● http://en.wikipedia.org/wiki/Chroot ● Linux Container Brief for IEEE WG P2302, Boden Russell ● http://kubernetes.io/ ● https://coreos.com

Recommended

Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
Boden Russell
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)
Boden Russell
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Phil Estes
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Boden Russell
 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStack
Boden Russell
 
Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...
Boden Russell
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Jérôme Petazzoni
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
Jérôme Petazzoni
 

Recommended

Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
Boden Russell
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)
Boden Russell
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Phil Estes
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Boden Russell
 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStack
Boden Russell
 
Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...
Boden Russell
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Jérôme Petazzoni
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
Jérôme Petazzoni
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Jérôme Petazzoni
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101
inside-BigData.com
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
dotCloud
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
Phil Estes
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
Boden Russell
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolation
allingeek
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
Google
 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?
Jérôme Petazzoni
 
Understanding LXC & Docker
Understanding LXC & DockerUnderstanding LXC & Docker
Understanding LXC & Docker
Comprinno Technologies
 
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
Boden Russell
 
Docker internals
Docker internalsDocker internals
Docker internals
Rohit Jnagal
 
LXC
LXCLXC
LXC
Wu Fan-Cheng
 
Lightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFSLightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFS
Jérôme Petazzoni
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016
Phil Estes
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
rajdeep
 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Jérôme Petazzoni
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
dotCloud
 
Docker
DockerDocker
Docker
Mutlu Okuducu
 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization
Sim Janghoon
 
Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?
Docker, Inc.
 
Rkt Container Engine
Rkt Container EngineRkt Container Engine
Rkt Container Engine
Thuc Le Dong
 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratch
joshuasoundcloud
 

More Related Content

What's hot

Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Jérôme Petazzoni
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101
inside-BigData.com
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
dotCloud
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
Phil Estes
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
Boden Russell
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolation
allingeek
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
Google
 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?
Jérôme Petazzoni
 
Understanding LXC & Docker
Understanding LXC & DockerUnderstanding LXC & Docker
Understanding LXC & Docker
Comprinno Technologies
 
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
Boden Russell
 
Docker internals
Docker internalsDocker internals
Docker internals
Rohit Jnagal
 
LXC
LXCLXC
LXC
Wu Fan-Cheng
 
Lightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFSLightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFS
Jérôme Petazzoni
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016
Phil Estes
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
rajdeep
 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Jérôme Petazzoni
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
dotCloud
 
Docker
DockerDocker
Docker
Mutlu Okuducu
 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization
Sim Janghoon
 
Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?
Docker, Inc.
 

What's hot (20)

Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolation
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?
 
Understanding LXC & Docker
Understanding LXC & DockerUnderstanding LXC & Docker
Understanding LXC & Docker
 
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
 
Docker internals
Docker internalsDocker internals
Docker internals
 
LXC
LXCLXC
LXC
 
Lightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFSLightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFS
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
 
Docker
DockerDocker
Docker
 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization
 
Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?
 

Viewers also liked

Rkt Container Engine
Rkt Container EngineRkt Container Engine
Rkt Container Engine
Thuc Le Dong
 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratch
joshuasoundcloud
 
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Etsuji Nakai
 
Virtualization Vs. Containers
Virtualization Vs. ContainersVirtualization Vs. Containers
Virtualization Vs. Containers
actualtechmedia
 
Why Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS wayWhy Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS way
Ahmed Mekkawy
 
Sometimes you feel like a docker... sometimes you don't.
Sometimes you feel like a docker... sometimes you don't.Sometimes you feel like a docker... sometimes you don't.
Sometimes you feel like a docker... sometimes you don't.
bridgetkromhout
 
Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
Adrian Otto
 
Chingis Sandanov. Container virtualization
Chingis Sandanov. Container virtualizationChingis Sandanov. Container virtualization
Chingis Sandanov. Container virtualization
i20 Group
 
Docker
DockerDocker
Docker
Cary Gordon
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and Virtualization
Zubair Nabi
 
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStackReal World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Nati Shalom
 
A Performance Comparison of Container-based Virtualization Systems for MapRed...
A Performance Comparison of Container-based Virtualization Systems for MapRed...A Performance Comparison of Container-based Virtualization Systems for MapRed...
A Performance Comparison of Container-based Virtualization Systems for MapRed...Marcelo Veiga Neves
 
Namespace
NamespaceNamespace
Namespace
Luís Eduardo
 
Criação de ambientes em chroot
Criação de ambientes em chrootCriação de ambientes em chroot
Criação de ambientes em chroot
Rudá Moura
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerJim Yeh
 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on Kubernetes
Imesh Gunaratne
 
chroot and SELinux
chroot and SELinuxchroot and SELinux
chroot and SELinux
Shay Cohen
 
Virtualization
VirtualizationVirtualization
Virtualization
Shivam Singh
 
LSA2 - 02 chrooting
LSA2 - 02 chrootingLSA2 - 02 chrooting
LSA2 - 02 chrooting
Marian Marinov
 
Chw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsChw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutions
Positive Hack Days
 

Viewers also liked (20)

Rkt Container Engine
Rkt Container EngineRkt Container Engine
Rkt Container Engine
 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratch
 
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
 
Virtualization Vs. Containers
Virtualization Vs. ContainersVirtualization Vs. Containers
Virtualization Vs. Containers
 
Why Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS wayWhy Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS way
 
Sometimes you feel like a docker... sometimes you don't.
Sometimes you feel like a docker... sometimes you don't.Sometimes you feel like a docker... sometimes you don't.
Sometimes you feel like a docker... sometimes you don't.
 
Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
 
Chingis Sandanov. Container virtualization
Chingis Sandanov. Container virtualizationChingis Sandanov. Container virtualization
Chingis Sandanov. Container virtualization
 
Docker
DockerDocker
Docker
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and Virtualization
 
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStackReal World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
 
A Performance Comparison of Container-based Virtualization Systems for MapRed...
A Performance Comparison of Container-based Virtualization Systems for MapRed...A Performance Comparison of Container-based Virtualization Systems for MapRed...
A Performance Comparison of Container-based Virtualization Systems for MapRed...
 
Namespace
NamespaceNamespace
Namespace
 
Criação de ambientes em chroot
Criação de ambientes em chrootCriação de ambientes em chroot
Criação de ambientes em chroot
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on Kubernetes
 
chroot and SELinux
chroot and SELinuxchroot and SELinux
chroot and SELinux
 
Virtualization
VirtualizationVirtualization
Virtualization
 
LSA2 - 02 chrooting
LSA2 - 02 chrootingLSA2 - 02 chrooting
LSA2 - 02 chrooting
 
Chw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsChw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutions
 

Similar to Evoluation of Linux Container Virtualization

Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationWSO2
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
kanedafromparis
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 
Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015
Mustafa AKIN
 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
Stephane Woillez
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
All Things Open
 
Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker Fundamentals
Anshul Patel
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
Fabio Fumarola
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Patrick Chanezon
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
Nicolas De Loof
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
Henryk Konsek
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
Phil Estes
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
kanedafromparis
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Imesh Gunaratne
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
Marc Cortinas Val
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Phil Estes
 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container Platform
All Things Open
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
Andrey Hristov
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
Andrey Hristov
 

Similar to Evoluation of Linux Container Virtualization (20)

Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualization
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015
 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
 
Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker Fundamentals
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container Platform
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 

More from Imesh Gunaratne

Planning WSO2 Deployments on Pivotal Cloud Foundry
Planning WSO2 Deployments on Pivotal Cloud FoundryPlanning WSO2 Deployments on Pivotal Cloud Foundry
Planning WSO2 Deployments on Pivotal Cloud Foundry
Imesh Gunaratne
 
Planning WSO2 Deployments on DC/OS
Planning WSO2 Deployments on DC/OSPlanning WSO2 Deployments on DC/OS
Planning WSO2 Deployments on DC/OS
Imesh Gunaratne
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
Imesh Gunaratne
 
Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1
Imesh Gunaratne
 
WSO2 Container Strategy
WSO2 Container StrategyWSO2 Container Strategy
WSO2 Container Strategy
Imesh Gunaratne
 
WSO2 API Manager Reference Architecture for DC/OS
WSO2 API Manager Reference Architecture for DC/OSWSO2 API Manager Reference Architecture for DC/OS
WSO2 API Manager Reference Architecture for DC/OS
Imesh Gunaratne
 
WSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
WSO2 API Manager Reference Architecture for Pivotal Cloud FoundryWSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
WSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
Imesh Gunaratne
 
WSO2 Kubernetes Reference Architecture - Nov 2017
WSO2 Kubernetes Reference Architecture - Nov 2017WSO2 Kubernetes Reference Architecture - Nov 2017
WSO2 Kubernetes Reference Architecture - Nov 2017
Imesh Gunaratne
 
WSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service StrategyWSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service Strategy
Imesh Gunaratne
 
Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud Strategy
Imesh Gunaratne
 
Deploying WSO2 Middleware on Containers
Deploying WSO2 Middleware on ContainersDeploying WSO2 Middleware on Containers
Deploying WSO2 Middleware on Containers
Imesh Gunaratne
 
Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)
Imesh Gunaratne
 
Deploying WSO2 Middleware on Mesos
Deploying WSO2 Middleware on MesosDeploying WSO2 Middleware on Mesos
Deploying WSO2 Middleware on Mesos
Imesh Gunaratne
 
Service Oriented Architecture & Beyond
Service Oriented Architecture & BeyondService Oriented Architecture & Beyond
Service Oriented Architecture & Beyond
Imesh Gunaratne
 
Docker for Java Developers
Docker for Java DevelopersDocker for Java Developers
Docker for Java Developers
Imesh Gunaratne
 
WSO2 Cloud Strategy Update
WSO2 Cloud Strategy UpdateWSO2 Cloud Strategy Update
WSO2 Cloud Strategy Update
Imesh Gunaratne
 
An Introduction to Go
An Introduction to GoAn Introduction to Go
An Introduction to Go
Imesh Gunaratne
 
Scale into Multi-Cloud with Containers
Scale into Multi-Cloud with ContainersScale into Multi-Cloud with Containers
Scale into Multi-Cloud with Containers
Imesh Gunaratne
 
Making a Better World with Technology Innovations
Making a Better World with Technology InnovationsMaking a Better World with Technology Innovations
Making a Better World with Technology Innovations
Imesh Gunaratne
 
Introduction to WSO2 Private PaaS 4.1.0
Introduction to WSO2 Private PaaS 4.1.0Introduction to WSO2 Private PaaS 4.1.0
Introduction to WSO2 Private PaaS 4.1.0
Imesh Gunaratne
 

More from Imesh Gunaratne (20)

Planning WSO2 Deployments on Pivotal Cloud Foundry
Planning WSO2 Deployments on Pivotal Cloud FoundryPlanning WSO2 Deployments on Pivotal Cloud Foundry
Planning WSO2 Deployments on Pivotal Cloud Foundry
 
Planning WSO2 Deployments on DC/OS
Planning WSO2 Deployments on DC/OSPlanning WSO2 Deployments on DC/OS
Planning WSO2 Deployments on DC/OS
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
 
Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1
 
WSO2 Container Strategy
WSO2 Container StrategyWSO2 Container Strategy
WSO2 Container Strategy
 
WSO2 API Manager Reference Architecture for DC/OS
WSO2 API Manager Reference Architecture for DC/OSWSO2 API Manager Reference Architecture for DC/OS
WSO2 API Manager Reference Architecture for DC/OS
 
WSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
WSO2 API Manager Reference Architecture for Pivotal Cloud FoundryWSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
WSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
 
WSO2 Kubernetes Reference Architecture - Nov 2017
WSO2 Kubernetes Reference Architecture - Nov 2017WSO2 Kubernetes Reference Architecture - Nov 2017
WSO2 Kubernetes Reference Architecture - Nov 2017
 
WSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service StrategyWSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service Strategy
 
Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud Strategy
 
Deploying WSO2 Middleware on Containers
Deploying WSO2 Middleware on ContainersDeploying WSO2 Middleware on Containers
Deploying WSO2 Middleware on Containers
 
Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)
 
Deploying WSO2 Middleware on Mesos
Deploying WSO2 Middleware on MesosDeploying WSO2 Middleware on Mesos
Deploying WSO2 Middleware on Mesos
 
Service Oriented Architecture & Beyond
Service Oriented Architecture & BeyondService Oriented Architecture & Beyond
Service Oriented Architecture & Beyond
 
Docker for Java Developers
Docker for Java DevelopersDocker for Java Developers
Docker for Java Developers
 
WSO2 Cloud Strategy Update
WSO2 Cloud Strategy UpdateWSO2 Cloud Strategy Update
WSO2 Cloud Strategy Update
 
An Introduction to Go
An Introduction to GoAn Introduction to Go
An Introduction to Go
 
Scale into Multi-Cloud with Containers
Scale into Multi-Cloud with ContainersScale into Multi-Cloud with Containers
Scale into Multi-Cloud with Containers
 
Making a Better World with Technology Innovations
Making a Better World with Technology InnovationsMaking a Better World with Technology Innovations
Making a Better World with Technology Innovations
 
Introduction to WSO2 Private PaaS 4.1.0
Introduction to WSO2 Private PaaS 4.1.0Introduction to WSO2 Private PaaS 4.1.0
Introduction to WSO2 Private PaaS 4.1.0
 

Recently uploaded

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 

Recently uploaded (20)

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 

Evoluation of Linux Container Virtualization

  • 1. Evolution of Linux Container Virtualization Imesh Gunaratne Technical Lead, WSO2 Committer & PMC Member, Apache Stratos
  • 2. Agenda ● Virtualization ● Linux Containers ● LXC ● Docker ● CoreOS ● Kubernetes
  • 4. Virtualization In computing, refers to the act of creating a virtual (rather than actual) version of something, including but not limited to a virtual computer hardware platform, operating system (OS), storage device, or computer network resources. http://en.wikipedia.org/wiki/Virtualization
  • 5. Hypervisor A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or hardware that creates and runs virtual machines. http://en.wikipedia.org/wiki/Hypervisor
  • 7. Linux Containers Linux Container Brief for IEEE WG P2302, Boden Russell
  • 8. Linux Containers An operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host. http://en.wikipedia.org/wiki/LXC
  • 9. Linux Kernel Features used by Linux Containers ● Namespaces ● cgroups ● AppArmor ● SELinux ● seccomp ● chroot
  • 10. Namespaces Wraps global system resources in an abstraction that makes it appear to the processes that they have their own isolated instance of the global resource. Included in Linux Kernel 2.4.19 http://lwn.net/Articles/531114/
  • 11. Namespaces Currently, Linux implements six different types of namespaces: 1. mnt (mount points, filesystems) 2. pid (processes) 3. net (network stack) 4. ipc (inter-process communication) 5. uts (hostname) 6. user (user ids) http://www.cs.ucsb.edu/~rich/class/cs290-cloud/papers/lxc-namespace.pdf
  • 12. cgroups (Control Groups) A Linux kernel feature to limit, account, and isolate resource usage (CPU, memory, disk I/O, etc.) of process groups. Started by engineers in Google in 2007 and merged into the Linux Kernel 2.6.24 http://en.wikipedia.org/wiki/Cgroups
  • 13. cgroups (Control Groups) ● Access: which devices can be used per cgroup ● Resource limiting: memory, CPU, device accessibility, block I/O, etc ● Prioritization: who gets more of the CPU, memory, etc ● Accounting: resource usage per cgroup ● Control: freezing & checkpointing http://en.wikipedia.org/wiki/Cgroups
  • 14. AppArmor AppArmor is a Linux security module implemented using the Linux Security Modules (LSM) kernel interface. It allows the system administrator to associate with each program a security profile that restricts the capabilities of that program. http://en.wikipedia.org/wiki/AppArmor
  • 15. SELinux (Security Enhanced Linux) SELinux is a Linux kernel security module that provides a mechanism for supporting access control on security policies for programs. Originally developed by the United States National Security Agency (NSA). Included in Linux kernel 2.6.0-test3, released on 8 August 2003 http://en.wikipedia.org/wiki/Security-Enhanced_Linux
  • 16. SELinux - How it works ● Compiled into the Linux kernel ● Package security policies in the distribution ● Policies in most distributions are applied only to system processes, not user processes ● Checks database of rules on syscalls ● Policies allows/denies what a daemon can access and how ● Prevents daemons compromise affecting other files/users/etc (namespaces) SELinux for Everyday Users, PaulWay
  • 17. seccomp (Secure Computing Mode) ● seccomp is a secure-computing facility that provides an application sandboxing mechanism in the Linux kernel. ● Provides isolation for computing ● It allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write(). http://en.wikipedia.org/wiki/Seccomp
  • 18. seccomp (Secure Computing Mode) It was merged into the Linux kernel mainline in version 2.6.12, released on March 8, 2005. http://en.wikipedia.org/wiki/Seccomp
  • 20. chroot A chroot on Unix operating systems is an operation that changes the root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally not access) files outside the designated directory tree. http://en.wikipedia.org/wiki/Chroot
  • 21. chroot The modified environment is called a "chroot jail" Introduced in version 7 Unix in 1979, and added to BSD by Bill Joy on 18 March 1982 http://en.wikipedia.org/wiki/Chroot
  • 22. LXC A Hypervisor for Linux Containers
  • 23. LXC Engine: A Hypervisor for Containers Linux Container Brief for IEEE WG P2302, Boden Russell
  • 24. LXC (LinuX Containers) LXC is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host. ● From the inside it looks like a VM ● From the outside it looks like a normal process ● Provides lightweight virtualization
  • 25. Kernel Features used by LXC ● Kernel namespaces (ipc, uts, mount, pid, network and user) ● Control groups (cgroups) ● Apparmor and SELinux profiles ● Seccomp policies ● Chroots (using pivot_root) ● Kernel capabilities
  • 26.
  • 27. Docker Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. ● Initially developed by dotCloud ● Original version written in Python, now written in Go ● A very young project (started March, 2013), but with a huge community
  • 28. Problem: Shipping Software Introduction to Docker, Jérôme Petazzoni
  • 29. Solution: Linux Container Introduction to Docker, Jérôme Petazzoni
  • 30. Solved Introduction to Docker, Jérôme Petazzoni
  • 32. Docker Architecture Enterprise Docker, Adrien BLIND, Aurelien GABET, Arnaud MAZIN
  • 33. Docker - Hello World # Get one base Docker image >docker pull ubuntu # List Docker images available >docker images # Run hello world >docker run ubuntu:14.04 echo "hello world" Docker Paris Meetup, Victor Vieux, dotCloud Inc
  • 34. Detached mode # Run hello world in detached mode (-d) >docker run -d ubuntu sh -c "while true; do echo hello world; sleep 1; done" # Get container’s ID >docker ps # Attach to the container >docker attach <container-id> # Stop/start/restart the container >docker stop <container-id> Docker Paris Meetup, Victor Vieux, dotCloud Inc
  • 35.
  • 36. CoreOS CoreOS is a new Linux distribution that has been re-architected to provide features needed to run modern infrastructure stacks.
  • 38. CoreOS Architecture Fleet ties together systemd and etcd into a distributed init system
  • 39.
  • 40. Kubernetes Kubernetes is an open source implementation of container cluster management.
  • 41. Kubernetes High Level Architecture
  • 42. Kubernetes High Level Architecture
  • 44. Kubernetes Terminology ● Pod - A group of Containers ● Labels - Labels for identifying pods ● Kubelet - Container Agent ● Proxy Service - A load balancer for Pods ● etcd - A metadata service ● cAdvisor - Container Advisor provides resource usage/performance statistics ● Replication Controller - Manages replication of pods ● Scheduler - Schedules pods in worker nodes ● API server - Kubernetes API server
  • 45. References ● http://en.wikipedia.org/wiki/Virtualization ● http://en.wikipedia.org/wiki/Hypervisor ● http://en.wikipedia.org/wiki/LXC ● http://www.cs.ucsb.edu/~rich/class/cs290- cloud/papers/lxc-namespace.pdf ● http://en.wikipedia.org/wiki/Cgroups ● http://en.wikipedia.org/wiki/AppArmor ● http://en.wikipedia.org/wiki/Security- Enhanced_Linux ● http://www.lorien.ch/server/chroot.html
  • 46. References ● SELinux for Everyday Users, PaulWay ● http://en.wikipedia.org/wiki/Seccomp ● http://en.wikipedia.org/wiki/Chroot ● Linux Container Brief for IEEE WG P2302, Boden Russell ● http://kubernetes.io/ ● https://coreos.com