tinyurl.com/containers101
Containers:
What you need to know
So you know what you need to know.
Ell Marquez
Community Architect
- Jupiter Broadcasting
- Technology Evangelist
-
Training Architect
- Docker Quickstart
- Essential Container Concepts
- OpenStack Mentorship Co-lead
Ell Marquez
Professional Noob
- Breaks things
-
Tries to fix them
- Breaks them again
- Asks for help
- Rekicks/Reimages
ellopunk.com
Agenda
- What's a container?
-
What's a container made of?
- Chroot
- Namespaces/Cgroups
-
Why containers?
- LXC/LXD
- Docker
- Questions?
Agenda
- What's a container?
What's a container?
What's a Container?
What's a Container?
According to Docker, a container is a standard unit of software that packages code and all of its dependencies, allowing the application to run quickly and reliably from one computing environment to another.
P1
What's a container?
P2
P3
P1
What's a container?
A sandbox for a process.
P2
P3
Chroot
Chroot
-
Chroot = Change root
- Changes the apparent root directory.
- A new “root” directory becomes the root directory for both the current running process and all of the children processes.
- A new “root” directory is known as a jailed directory or a “Chroot jail”.
- Chroot must be run as a privileged user.
Chroot Demo
Bill Cheswick
Task #1
-
Ensure you understand:
- Linux File Hierarchy Structure
- Linux Process Tree
-
To do:
- Create a Chrooted Environment
- Read "An Evening with Bredford"
Agenda
- What's a Container?
-
What's a container made of?
- Namespaces
- Cgroups
NameSpaces
Containers:
No, not your mama's Tupperware.
Network Namespace
NameSpace Demo
Task #2
-
Ensure you understand:
- NameSpaces
- Cgroups
-
To do:
- Create your own demo using the PID namespace.
- Create demo using two network namespaces that can communicate with one another.
Agenda
- What's a container?
-
What's a container made of?
- Chroot
- Namespaces/Cgroups
- Why containers?
Why Containers?
Because they are so much easier!
Linux Containers
LXC
Agenda
- What's a container?
-
What's a container made of?
- Chroot
- Namespaces/Cgroups
-
Why containers?
- LXC/LXD
What's in a Name?
Linux Containers or LXC?
- The term "Linux Containers" can refer to containers on Linux or on LXC.
What's in a name?
Linux Containers or LXC?
- The term "Linux Containers" can refer to containers on Linux or on LXC:
- [L]inu[X] [C]ontainers
- Supercharged Chroot
- Allows you to isolate applications or entire operating system distros
What's in a name?
Linux Containers or LXC?
- The term "Linux Containers" can refer to containers on Linux or on LXC.
LXC is a userspace interface for the Linux kernel containment features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers.
Docker
Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications.
LXC
Docker
-VS-
LXC and Docker
LXC and Docker
- Portable Deployment Across Machines
- App Centric
- Sometimes referred to as machine containers and application containers.
LXC and Docker
- Portable Deployment Across Machines
- App Centric
-
Automatic Build
-
Versioning
-
Component re-use
-
Sharing
Docker Demo
Agenda
- What's a container?
-
What's a container made of?
- Chroot
- Namespaces/Cgroups
-
Why containers?
- LXC/LXD
- Docker
Docker:
Image Layers
Docker History
Wrap-Up Demo
Questions?
@ell_o_punk
ell.marquez@linuxacademy.com
- Containers provide an isolated environment for an application or Linux distribution.
- Linux containers are not native to the Linux Kernel but composed of many technologies.
- Container technology is always changing.
- It’s okay to be new.
- Create a Chrooted environment.
- Install LXC and create a few containers. Install packages and modify the container environment to make it different from your hosts.
- Install Docker and create the same environments as your LXC containers using docker hub images.
- Write your own Docker Image.
What You Should Know:
What to do Next:
Swarm
- Shipped with the Docker Engine.
- User-friendly and easy to get up and running.
- Works on both Linux and windows Nodes. *
Kubernetes
- Spun out of work done with Google and contributed to CNCF.
- More of a tool kit. Not as easy to get up and running.
- Configurable and extensible.
Security
- Expand your idea from DevOps to DevSecOps
- Security as Code
- Security from day one of script not an after thought
- Think of containers as a script.
- Trusted vendors.
- Patch the application / image not the container.
- Severity of vulnerability will determine down time.
Containers:
By Ell Marquez
Containers:
What you need to know; so you know what you need to know.
- 499