Containerization

presented by:

[Hamid Salehian]

Familiar with Virtualization?

Virtualization: what is?

Software that manipulates hardware.

Virtualization: what is?

• The Kernel no longer gets direct access to hardware
• A hypervisor gets access instead
• A Specialized SW called as hypervisor emulates the PC’s CPU, Memory, HDD, network and other resources completely, enabling virtual machine to share the resources.  

Type 1 vs Type 2:

Hardware

Hardware

VMM (Hypervisor)

VMM (Hypervisor)

Host
OS

Guest OS

Guest OS

Guest OS

Guest OS

Guest OS

Application

Application

Application

Application

Application

Type-1

Type-2

Bare metal architecture
Xen, VMware ESX server, Hyper-V
Mostly for server, but not limited
OS-independent VMM

Hosted architecture
VMware Workstation, VirtualBox
Mostly for client devices, but not limited
OS-dependent VMM

bin/libs

bin/libs

bin/libs

bin/libs

bin/libs

Linux Container

Container

• Lightweight virtualization.
• OS-level virtualization
• Allow single host to operate multiple isolated & resource-controlled Linux instances

UNIX V7 1997
Developed chroot system call, which provided process isolation. Chroot was added to BSD in 1982

FREEBSD JAILS 2000
Introduced jails, early container technology

LINUX VSERVER  2001
Operating System virtualization implemented by patching the Linux kernel

ORACLE SOLARIS ZONES 2004
Similar to jails, but Zones were able to leverage features like snapshots and cloning from ZFS.

OPEN VIRTUZZO (OPENVZ)  2005
Released by Parallels (formerly SWsoft), code was not released as part of the official Linux kernel, but offered a wide array of features include resource managements and live migration.

PROCESS CONTAINERS 2006
Developed by Google (primarily Paul Menage and Rohit Seth) to aggregate processes within the Linux kernel for resource management.

HISTORY

• started by Google in 2006

• merged into kernel version 2.6 in 2007

• many improvements since

• stable since kernel version 3.8 in 2013

Goal

• offer the same level of isolation and control as a VM
• without the downside of running a guest OS

Linux Container

Hardware

VMM (Hypervisor)

Host OS

Application

Application

Application

Hardware

VMM (Hypervisor)

Host OS

Guest OS

Guest OS

Application

Application

bin/libs

bin/libs

Guest OS

Application

bin/libs

bin/libs

 • From the inside it looks like a VM

• From the outside, it looks like normal processes

Linux Container

•  LXC (LinuX Containers) let you run a Linux system within another Linux system.
• A container is a group of processes on a Linux box, put together in an isolated environment.
• This is "chroot() on steroids"

How it Works?

How it Works?

Hardware

Linux Kernel

Containers

Containers

Containers

Containers

Containers

SELinux

cgroups

namespaces

Drivers

Management Interface

• namespace
• cgroups
• SELinux

namespaceS

Isolate processes from one another

• process
• filesystem
• networking

1

2

3

4

5

6

7,1

8

8,2

9,3

10,4

namespace​

Cgroups

(control group)

Control resource allocation to processes

2

• I/O: limit reads / writes
• CPU: limit CPU usage
• Memory: limit total memory available

SElinux

Security-Enhanced Linux (SELinux) provides
secure separation of containers by applying
SELinux policy and labels.

2

Docker

dOCKER: What IS?

Docker is a platform for developing, shipping & running application using container based virtualization technology.

Lets Get  Hands Dirty

Question!?

Thanks

powered by: slides.com

see more: https://slides.com/hsarena