Containers provide isolation between processes using cgroups and namespaces to limit resource utilization and isolate processes. Containers run within a single operating system kernel and share the kernel with other containers, using fewer resources than virtual machines which run entire guest operating systems. Docker is the most common container platform and uses containerization to package applications and their dependencies into portable containers that can be run on any Linux server.

2. •
•
•
•
•

3. Network
Virtualization
(Calico, Flannel...)
Container
Virtualization
(Docker,...)

4. •
–
–
•
–
–
–
•

5. •
•

6. Container = Docker ?

7. •
•
•

8. APP A
Bins/Libs
APP B
Bins/Libs
Container Engine
HostOS
Hardware
● Based on LXC (Linux Container)
● LXC appears from kernel 2.6.29
● LXC driver must be activated

10. •
•
–
•
•
•
• sudo lxc-cgroup -n memroy.limit_in_bytes 256M

12. • allows us to isolate processes from each
other(process, network, IPC, file system, hostname)
• allows us to limit resource utilization
•
•

14. APP A
Bins/Libs
APP B
Bins/Libs
Guest
OS
Hypervisor
Host OS
Guest
OS
Hardware

16. APP A
Bins/Libs
APP B
Bins/Libs
Libcontainer
HostOS
HardwareHost OS

17. APP A
Bins/Libs
APP B
Bins/Libs
Libcontainer
Hypervisor
Hardware

18. •
…
•

19. •
•
•
•

20. 1. make pull. This pulls mato/rumprun-packages-hw-x86_64 which will take a
while. This image contains the prebuilt rumprun unikernels for mysql, nginx
and php.
2. make. This builds the unikernel containers.
3. make rundns. Runs a DNS server on docker0, using mgood/resolvable.
4. sudo ./docker-unikernel run -P --hostname nginx unikernel/nginx.
5. Browse to http://nginx/.
This will start a container with an Nginx unikernel, serving
static files.

21. •
–
•
•

22. •
•
–
–
–
•
–
–
–