Containers:
What you need to know
So you know what you need to know.
https://slides.com/jupiterbroadcasting/containers101/
Ell Marquez
Community Architect
- Technology Evangelist
-
Training Architect
- Docker Quick Start
- Essential Container Concepts
- OpenStack Mentorship Co-lead
- OpenStack Diversity
ellopunk.com
Agenda
- What's a container?
-
What's a container made of?
- Chroot
- Namespaces/Cgroups
-
Why containers?
- LXC/LXD
- Docker
- Questions?
Agenda
- What's a container?
What's a container?
What's a Container?
What's a Container?
According to Docker, a container is a standard unit of software that packages code and all of its dependencies, allowing the application to run quickly and reliably from one computing environment to another.
P1
What's a container?
P2
P3
P1
What's a container?
A sandbox for a process.
P2
P3
Chroot
Chroot
-
Chroot = Change root
- Changes the apparent root directory.
- A new “root” directory becomes the root directory for both the current running process and all of the children processes.
- A new “root” directory is known as a jailed directory or a “Chroot jail”.
- Chroot must be run as a privileged user.
Chroot Demo
Bill Cheswick
Task #1
-
Ensure you understand:
- Linux File Hierarchy Structure
- Linux Process Tree
-
To do:
- Create a Chrooted Environment
- Read "An Evening with Bredford"
Agenda
- What's a container?
-
What's a container made of?
- Namespaces
- Cgroups
NameSpaces
Containers:
No, not your mama's Tupperware.
Network Namespace
NameSpace Demo
Task #2
-
Ensure you understand:
- NameSpaces
- Cgroups
-
To do:
- Create your own demo using the PID namespace.
- Create demo using two network namespaces that can communicate with one another.
Agenda
- What's a container?
-
What's a container made of?
- Chroot
- Namespaces/Cgroups
- Why containers?
Why Containers?
Because they are so much easier!
Linux Containers
LXC
Agenda
- What's a container?
-
What's a container made of?
- Chroot
- Namespaces/Cgroups
-
Why containers?
- LXC/LXD
What's in a Name?
Linux Containers or LXC?
- The term "Linux Containers" can refer to containers on Linux or on LXC.
What's in a name?
Linux Containers or LXC?
- The term "Linux Containers" can refer to containers on Linux or on LXC:
- [L]inu[X] [C]ontainers
- Supercharged Chroot
- Allows you to isolate applications or entire operating system distros
What's in a name?
Linux Containers or LXC?
- The term "Linux Containers" can refer to containers on Linux or on LXC.
LXC is a userspace interface for the Linux kernel containment features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers.
Chrome Books
https://discuss.linuxcontainers.org/t/using-lxd-on-your-chromebook/3823
Agenda
- What's a container?
-
What's a container made of?
- Chroot
- Namespaces/Cgroups
-
Why containers?
- LXC/LXD
- Docker
Docker
Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications.
LXC
Docker
-VS-
LXC and Docker
LXC and Docker
- Portable Deployment Across Machines
- App Centric
- Sometimes referred to as machine containers and application containers.
LXC and Docker
- Portable Deployment Across Machines
- App Centric
-
Automatic Build
-
Versioning
-
Component re-use
-
Sharing
Docker Demo
Docker:
Image Layers
Docker History
Wrap-Up Demo
Questions?
@ell_o_punk
ellopunk@linuxacademy.com
- Containers provide an isolated environment for an application or Linux distribution.
- Linux containers are not native to the Linux Kernel but composed of many technologies.
- Container technology is always changing.
- It’s okay to be new.
- Create a Chrooted environment.
- Install LXC and create a few containers. Install packages and modify the container environment to make it different from your hosts.
- Install Docker and create the same environments as your LXC containers using docker hub images.
- Write your own Docker Image.
What You Should Know:
What to do Next:
Swarm
- Shipped with the Docker Engine.
- User-friendly and easy to get up and running.
- Works on both Linux and windows Nodes. *
Kubernetes
- Spun out of work done with Google and contributed to CNCF.
- More of a tool kit. Not as easy to get up and running.
- Configurable and extensible.
Security
- Expand your idea from DevOps to DevSecOps
- Security as Code
- Security from day one of script not an after thought
- Think of containers as a script.
- Trusted vendors.
- Patch the application / image not the container.
- Severity of vulnerability will determine down time.
Containers101
By Jupiter Broadcasting
Containers101
50 min
- 1,194