Containers 101

Container?

resources limitation and prioritization

• cgroups (since Linux 2.6.24 - 2008)
• resource limiting -  memory limit
• prioritization - share of CPU utilization or disk I/O throughput
• accounting - measures a group's resource usage
• control - freezing groups of processes, their checkpointing and restarting

isolation of an applications view of the operating environment

• Namespace isolation
• since Linux 2.4.19 kernel (2002) - mount namespace
• 'containers' support since Linux 3.8 (2013) - user namespace
• Since kernel version 4.10, there are 7 kinds of namespaces (2016):

7 kinds of namespaces

• Mount (mnt)
• Process ID (pid)
• Network (net)
• Interprocess Communication (ipc)
• UTS
• User ID (user)
• Control group (cgroup)

Docker?

Docker history

• dotCloud - 2010
• docker - 2013
• initially lxc based
• libcontainer
• runc, containerd (Docker 1.11, 2016)

kudos from @jluk #devops-sig

Container Runtime Interface (CRI) in Kubernetes

Not only Docker

• LXC - in Linux since 2008
• OpenVZ - since 2005 (mainline Linux kernel)
• FreeBSD jail - since BSD 4.0 (2000)
• rkt - since 2014 (initially part of CoreOS)
• Windows Containers - since Windows Server 2016
• AIX Workload Partitions - since AIX 6.1 (2007)

Kubernetes 101

observe, orient, decide, and act

Pod lifecycle