SlideShare a Scribd company logo

Tech talk Introduction to containers

V
ViliamPucik

The document discusses containers and their building blocks. It explains that containers use Linux kernel features like namespaces and control groups to isolate programs and their view of processes, networking, storage and more. This allows multiple containers to safely share the same computer resources while having independent, isolated environments. Key components that enable containers include chroot, union mounts, namespaces, secure computing mode, and control groups.

1 of 11
Download to read offline
www.zoomint.com TechTalk: Introduction to Containers 2019 June 7th | Kernel Team
www.zoomint.com Containers ▪ Linux kernel allows the existence of multiple isolated user-space instances - containers. Program running on an ordinary OS can see all resources (all devices, all files and folders, all network interfaces) of that computer. ▪ However, programs running inside of a container can only see the container's contents and devices assigned to the container. ▪ Containers isolate software from its surroundings, for example differences between development and staging environments and help reduce conflicts between teams running different software on the same computer.
www.zoomint.com VMs vs Containers
www.zoomint.com Container Building Blocks ▪ Chroot • 1982 (BSD) ▪ Union Mount • 1993 ▪ Linux Namespaces • 2002, 2006, 2013 ▪ Secure Computing Mode (seccomp) • 2005 ▪ Control Groups (cgroups) • 2007
www.zoomint.com Chroot ▪ A chroot is an operation that changes the apparent root directory for the current running process and its children. ▪ A program that is run in such a modified environment cannot see and access files outside the designated directory tree.
www.zoomint.com Union Mount ▪ Union mounting is a way of combining multiple directories into one that appears to contain their combined contents. ▪ aufs, OverlayFS, Btrfs, ZFS
www.zoomint.com Linux Namespaces ▪ Provide processes with their own system view of: ▪ Mount (Mount points) ▪ PID (Process IDs ) ▪ Network (Network devices, stacks, ports, etc.) ▪ UTS (Hostname and NIS domain name ) ▪ User (User and group IDs ) ▪ IPC (System V IPC, POSIX message queues) ▪ Cgroup (Cgroup root directory)
www.zoomint.com seccomp ▪ Secure computing mode (seccomp) is a Linux kernel feature. It can be used to restrict the actions available within the container. ▪ SECCOMP_SET_MODE_STRICT: A process can just read, write and exit, nothing more!
www.zoomint.com cgroups ▪ Resource Limiting (RAM) ▪ Prioritization (CPU) ▪ Accounting (Measures a group's resource usage) ▪ Control (Frees and restarts processes)
www.zoomint.com Thank you for your attention!
www.zoomint.com Container Image ▪ A container image is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings.

Recommended

LSA2 - PostgreSQL
LSA2 - PostgreSQLLSA2 - PostgreSQL
LSA2 - PostgreSQLMarian Marinov
 
Pc bsd-intro
Pc bsd-introPc bsd-intro
Pc bsd-introShteryana Shopova
 
LSA2 - 02 Namespaces
LSA2 - 02 NamespacesLSA2 - 02 Namespaces
LSA2 - 02 Namespaces
Marian Marinov
 
Restricting unix users
Restricting unix usersRestricting unix users
Restricting unix users
Muqthiyar Pasha
 
Setting up iSCSI Providers and Clients in openSUSE
Setting up iSCSI Providers and Clients in openSUSESetting up iSCSI Providers and Clients in openSUSE
Setting up iSCSI Providers and Clients in openSUSE
LeeDuncan16
 
Package Management Systems on GNU/Linux
Package Management Systems on GNU/LinuxPackage Management Systems on GNU/Linux
Package Management Systems on GNU/Linux
Wan Leung Wong
 
4. linux file systems
4. linux file systems4. linux file systems
4. linux file systems
Marian Marinov
 
The evolution of linux file system
The evolution of linux file systemThe evolution of linux file system
The evolution of linux file system
Gang He
 

Recommended

LSA2 - PostgreSQL
LSA2 - PostgreSQLLSA2 - PostgreSQL
LSA2 - PostgreSQLMarian Marinov
 
Pc bsd-intro
Pc bsd-introPc bsd-intro
Pc bsd-introShteryana Shopova
 
LSA2 - 02 Namespaces
LSA2 - 02 NamespacesLSA2 - 02 Namespaces
LSA2 - 02 Namespaces
Marian Marinov
 
Restricting unix users
Restricting unix usersRestricting unix users
Restricting unix users
Muqthiyar Pasha
 
Setting up iSCSI Providers and Clients in openSUSE
Setting up iSCSI Providers and Clients in openSUSESetting up iSCSI Providers and Clients in openSUSE
Setting up iSCSI Providers and Clients in openSUSE
LeeDuncan16
 
Package Management Systems on GNU/Linux
Package Management Systems on GNU/LinuxPackage Management Systems on GNU/Linux
Package Management Systems on GNU/Linux
Wan Leung Wong
 
4. linux file systems
4. linux file systems4. linux file systems
4. linux file systems
Marian Marinov
 
The evolution of linux file system
The evolution of linux file systemThe evolution of linux file system
The evolution of linux file system
Gang He
 
Scale9x sun
Scale9x sunScale9x sun
Scale9x sun
Dru Lavigne
 
LSA2 - 02 Control Groups
LSA2 - 02 Control GroupsLSA2 - 02 Control Groups
LSA2 - 02 Control Groups
Marian Marinov
 
Install Archlinux in 10 Steps (Sort of) :)
Install Archlinux in 10 Steps (Sort of) :)Install Archlinux in 10 Steps (Sort of) :)
Install Archlinux in 10 Steps (Sort of) :)
Sian Lerk Lau
 
Asiabsdcon14
Asiabsdcon14Asiabsdcon14
Asiabsdcon14
Dru Lavigne
 
Linux
LinuxLinux
Linux
Giridaran Manivannan
 
Comparison between OCFS2 and GFS2
Comparison between OCFS2 and GFS2Comparison between OCFS2 and GFS2
Comparison between OCFS2 and GFS2
Gang He
 
Asiabsdcon2013
Asiabsdcon2013Asiabsdcon2013
Asiabsdcon2013
krispcbsd
 
olf10
olf10olf10
olf10
Dru Lavigne
 
Local file systems update
Local file systems updateLocal file systems update
Local file systems update
Lukáš Czerner
 
Ilf2011
Ilf2011Ilf2011
Ilf2011
Dru Lavigne
 
My First BCC
My First BCCMy First BCC
My First BCC
Naoto MATSUMOTO
 
Vfs
VfsVfs
Vfs
Waqas !!!!
 
Linux networking
Linux networkingLinux networking
Linux networking
sbmguys
 
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswiftmacOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
Tomohiro Kumagai
 
Redis, a 2 minutes introduction
Redis, a 2 minutes introductionRedis, a 2 minutes introduction
Redis, a 2 minutes introduction
Mirko Calvaresi
 
Asiabsdcon15
Asiabsdcon15Asiabsdcon15
Asiabsdcon15
Dru Lavigne
 
Overview of linux kernel development
Overview of linux kernel developmentOverview of linux kernel development
Overview of linux kernel development
Pushkar Pashupat
 
Linux cmd
Linux cmdLinux cmd
Linux cmdReka
 
Bacula Overview
Bacula OverviewBacula Overview
Bacula Overview
sambismo
 
Self2013
Self2013Self2013
Self2013
Dru Lavigne
 
Introduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & ContainersIntroduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & Containers
Vaibhav Sharma
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
Marc Cortinas Val
 

More Related Content

What's hot

Scale9x sun
Scale9x sunScale9x sun
Scale9x sun
Dru Lavigne
 
LSA2 - 02 Control Groups
LSA2 - 02 Control GroupsLSA2 - 02 Control Groups
LSA2 - 02 Control Groups
Marian Marinov
 
Install Archlinux in 10 Steps (Sort of) :)
Install Archlinux in 10 Steps (Sort of) :)Install Archlinux in 10 Steps (Sort of) :)
Install Archlinux in 10 Steps (Sort of) :)
Sian Lerk Lau
 
Asiabsdcon14
Asiabsdcon14Asiabsdcon14
Asiabsdcon14
Dru Lavigne
 
Linux
LinuxLinux
Linux
Giridaran Manivannan
 
Comparison between OCFS2 and GFS2
Comparison between OCFS2 and GFS2Comparison between OCFS2 and GFS2
Comparison between OCFS2 and GFS2
Gang He
 
Asiabsdcon2013
Asiabsdcon2013Asiabsdcon2013
Asiabsdcon2013
krispcbsd
 
olf10
olf10olf10
olf10
Dru Lavigne
 
Local file systems update
Local file systems updateLocal file systems update
Local file systems update
Lukáš Czerner
 
Ilf2011
Ilf2011Ilf2011
Ilf2011
Dru Lavigne
 
My First BCC
My First BCCMy First BCC
My First BCC
Naoto MATSUMOTO
 
Vfs
VfsVfs
Vfs
Waqas !!!!
 
Linux networking
Linux networkingLinux networking
Linux networking
sbmguys
 
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswiftmacOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
Tomohiro Kumagai
 
Redis, a 2 minutes introduction
Redis, a 2 minutes introductionRedis, a 2 minutes introduction
Redis, a 2 minutes introduction
Mirko Calvaresi
 
Asiabsdcon15
Asiabsdcon15Asiabsdcon15
Asiabsdcon15
Dru Lavigne
 
Overview of linux kernel development
Overview of linux kernel developmentOverview of linux kernel development
Overview of linux kernel development
Pushkar Pashupat
 
Linux cmd
Linux cmdLinux cmd
Linux cmdReka
 
Bacula Overview
Bacula OverviewBacula Overview
Bacula Overview
sambismo
 
Self2013
Self2013Self2013
Self2013
Dru Lavigne
 

What's hot (20)

Scale9x sun
Scale9x sunScale9x sun
Scale9x sun
 
LSA2 - 02 Control Groups
LSA2 - 02 Control GroupsLSA2 - 02 Control Groups
LSA2 - 02 Control Groups
 
Install Archlinux in 10 Steps (Sort of) :)
Install Archlinux in 10 Steps (Sort of) :)Install Archlinux in 10 Steps (Sort of) :)
Install Archlinux in 10 Steps (Sort of) :)
 
Asiabsdcon14
Asiabsdcon14Asiabsdcon14
Asiabsdcon14
 
Linux
LinuxLinux
Linux
 
Comparison between OCFS2 and GFS2
Comparison between OCFS2 and GFS2Comparison between OCFS2 and GFS2
Comparison between OCFS2 and GFS2
 
Asiabsdcon2013
Asiabsdcon2013Asiabsdcon2013
Asiabsdcon2013
 
olf10
olf10olf10
olf10
 
Local file systems update
Local file systems updateLocal file systems update
Local file systems update
 
Ilf2011
Ilf2011Ilf2011
Ilf2011
 
My First BCC
My First BCCMy First BCC
My First BCC
 
Vfs
VfsVfs
Vfs
 
Linux networking
Linux networkingLinux networking
Linux networking
 
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswiftmacOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
 
Redis, a 2 minutes introduction
Redis, a 2 minutes introductionRedis, a 2 minutes introduction
Redis, a 2 minutes introduction
 
Asiabsdcon15
Asiabsdcon15Asiabsdcon15
Asiabsdcon15
 
Overview of linux kernel development
Overview of linux kernel developmentOverview of linux kernel development
Overview of linux kernel development
 
Linux cmd
Linux cmdLinux cmd
Linux cmd
 
Bacula Overview
Bacula OverviewBacula Overview
Bacula Overview
 
Self2013
Self2013Self2013
Self2013
 

Similar to Tech talk Introduction to containers

Introduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & ContainersIntroduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & Containers
Vaibhav Sharma
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
Marc Cortinas Val
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
Neeraj Shrimali
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
Boden Russell
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
All Things Open
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
WSO2
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
Imesh Gunaratne
 
Operating System
Operating SystemOperating System
Operating System
Bini Menon
 
Java in containers
Java in containersJava in containers
Java in containers
Martin Baez
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in Linux
Sadegh Dorri N.
 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container Platform
All Things Open
 
The building blocks of docker.
The building blocks of docker.The building blocks of docker.
The building blocks of docker.
Chafik Belhaoues
 
Evolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave ProbertEvolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave Probert
yang
 
Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationWSO2
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
All Things Open
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
Boden Russell
 

Similar to Tech talk Introduction to containers (20)

Introduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & ContainersIntroduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & Containers
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
 
Operating System
Operating SystemOperating System
Operating System
 
Java in containers
Java in containersJava in containers
Java in containers
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in Linux
 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container Platform
 
The building blocks of docker.
The building blocks of docker.The building blocks of docker.
The building blocks of docker.
 
2337610
23376102337610
2337610
 
Evolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave ProbertEvolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave Probert
 
Oct2009
Oct2009Oct2009
Oct2009
 
Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualization
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
 
Lecture 4 Cluster Computing
Lecture 4 Cluster ComputingLecture 4 Cluster Computing
Lecture 4 Cluster Computing
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
 

Recently uploaded

Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 

Recently uploaded (20)

Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 

Tech talk Introduction to containers

  • 2. www.zoomint.com Containers ▪ Linux kernel allows the existence of multiple isolated user-space instances - containers. Program running on an ordinary OS can see all resources (all devices, all files and folders, all network interfaces) of that computer. ▪ However, programs running inside of a container can only see the container's contents and devices assigned to the container. ▪ Containers isolate software from its surroundings, for example differences between development and staging environments and help reduce conflicts between teams running different software on the same computer.
  • 4. www.zoomint.com Container Building Blocks ▪ Chroot • 1982 (BSD) ▪ Union Mount • 1993 ▪ Linux Namespaces • 2002, 2006, 2013 ▪ Secure Computing Mode (seccomp) • 2005 ▪ Control Groups (cgroups) • 2007
  • 5. www.zoomint.com Chroot ▪ A chroot is an operation that changes the apparent root directory for the current running process and its children. ▪ A program that is run in such a modified environment cannot see and access files outside the designated directory tree.
  • 6. www.zoomint.com Union Mount ▪ Union mounting is a way of combining multiple directories into one that appears to contain their combined contents. ▪ aufs, OverlayFS, Btrfs, ZFS
  • 7. www.zoomint.com Linux Namespaces ▪ Provide processes with their own system view of: ▪ Mount (Mount points) ▪ PID (Process IDs ) ▪ Network (Network devices, stacks, ports, etc.) ▪ UTS (Hostname and NIS domain name ) ▪ User (User and group IDs ) ▪ IPC (System V IPC, POSIX message queues) ▪ Cgroup (Cgroup root directory)
  • 8. www.zoomint.com seccomp ▪ Secure computing mode (seccomp) is a Linux kernel feature. It can be used to restrict the actions available within the container. ▪ SECCOMP_SET_MODE_STRICT: A process can just read, write and exit, nothing more!
  • 9. www.zoomint.com cgroups ▪ Resource Limiting (RAM) ▪ Prioritization (CPU) ▪ Accounting (Measures a group's resource usage) ▪ Control (Frees and restarts processes)
  • 10. www.zoomint.com Thank you for your attention!
  • 11. www.zoomint.com Container Image ▪ A container image is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings.