Containers 101
Container?
resources limitation and prioritization
cgroups (since Linux 2.6.24 - 2008)
resource limiting - memory limit
prioritization - share of CPU utilization or disk I/O throughput
accounting - measures a group's resource usage
control - freezing groups of processes, their checkpointing and restarting
isolation of an applications view of the operating environment
Namespace isolation
since Linux 2.4.19 kernel (2002) - mount namespace
'containers' support since Linux 3.8 (2013) - user namespace
Since kernel version 4.10, there are 7 kinds of namespaces (2016):
7 kinds of namespaces
Mount (mnt)
Process ID (pid)
Network (net)
Interprocess Communication (ipc)
UTS
User ID (user)
Control group (cgroup)
Docker?
Docker history
dotCloud - 2010
docker - 2013
initially lxc based
libcontainer
runc, containerd (Docker 1.11, 2016)
kudos from @jluk #devops-sig
Container Runtime Interface (CRI) in Kubernetes
Not only Docker
LXC - in Linux since 2008
OpenVZ - since 2005 (mainline Linux kernel)
FreeBSD jail - since BSD 4.0 (2000)
rkt - since 2014 (initially part of CoreOS)
Windows Containers - since Windows Server 2016
AIX Workload Partitions - since AIX 6.1 (2007)
Kubernetes 101
observe, orient, decide, and act
Pod lifecycle