Docker
Docker
- Linux containers
- User-friendly CLI tool
- Image generation
- Cloud image hosting
What's a CONTAINER?
- Not a virtual machine
- System sandboxing
- Isolated kernel resources
LXC: KERNEL NAMESPACES
- Kernel resources isolated in namespaces
- Hierarchical namespace structure
PID NAMESPACES
- Each namespace has its own init
- Multiple PIDs per process
- System calls are not propagated
across parent namespace boundaries
PID NAMESPACES
Mnt namespaceS
- chroot on steroids
- one root mountpoint per namespace
- mountpoints visible for namespace members only
NET namespaces
- Network interfaces/ports mapped per namespace
- Multiple '8080' ports, one per namespace
MORE...
- cgroups
- ipc namespace (Deprecated in favor of POSIX)
- uts namespace (Host info)
AUFS
- Union filesystem
- Multiple mountpoints mapped into the same filesystem
- Read-only, write-only layers
RUNC (libcontainer)
- Standarized interface for container manipulation
- The interface is abstracted from implementation
- Features designed with app deployment in mind