Docker

Docker

  • Linux containers
  • User-friendly CLI tool
  • Image generation
  • Cloud image hosting

What's a CONTAINER?

  • Not a virtual machine
  • System sandboxing
  • Isolated kernel resources

LXC: KERNEL NAMESPACES

  • Kernel resources isolated in namespaces
  • Hierarchical namespace structure

PID NAMESPACES

  • Each namespace has its own init
  • Multiple PIDs per process
  • System calls are not propagated 

               across parent namespace boundaries

PID NAMESPACES

Mnt namespaceS

  • chroot on steroids
  • one root mountpoint per namespace
  • mountpoints visible for namespace members only

NET namespaces

  • Network interfaces/ports mapped per namespace
  • Multiple '8080' ports, one per namespace

MORE...

  • cgroups
  • ipc namespace (Deprecated in favor of POSIX)
  • uts namespace (Host info)

AUFS

  • Union filesystem
  • Multiple mountpoints mapped into the same filesystem
  • Read-only, write-only layers

RUNC (libcontainer)

  • Standarized interface for container manipulation
  • The interface is abstracted from implementation
  • Features designed with app deployment in mind

Docker

By Manu Sánchez

Made with Slides.com

Docker

  • 680

More from Manu Sánchez