Containers:

What you need to know

So you know what you need to know.

Ell Marquez 

Community Architect

  • Technology Evangelist
  • Training Architect
    • Docker Quickstart
    • Essential Container Concepts
  • OpenStack Mentorship Co-lead
  • OpenStack Diversity

ellopunk.com

Agenda 

  • What's a container?
  • What's a container made of?
    • Chroot
    • Namespaces/Cgroups
  • Why containers?
    • LXC/LXD
    • Docker
  • Questions?

Agenda 

  • What's a container?

What's a container? 

What's a Container? 

What's a Container? 

According to Docker, a container is a standard unit of software that packages code and all of its dependencies, allowing the application to run quickly and reliably from one computing environment to another.

P1

What's a container? 

P2

P3

P1

What's a container? 

A sandbox for a process.

P2

P3

Chroot

Chroot

  • Chroot = Change root
    • Changes the apparent root directory.
    • A new “root” directory becomes the root directory for both the current running process and all of the children processes.
    • A new “root” directory is known as a jailed directory or a “Chroot jail”.
    • Chroot must be run as a privileged user.

Chroot Demo

Bill Cheswick

Task #1

  • Ensure you understand:
    • Linux File Hierarchy Structure
    • Linux Process Tree
  • To do:
    • Create a Chrooted Environment
    • Read "An Evening with Bredford"

Agenda 

  • What's a Container?
  • What's a container made of?
    • Namespaces
    • Cgroups

NameSpaces

Containers: 

No, not your mama's Tupperware.

Network Namespace

NameSpace Demo

Task #2

  • Ensure you understand:
    • NameSpaces
    • Cgroups
  • To do:
    • Create your own demo using the PID namespace.
    • Create demo using two network namespaces that can communicate with one another.

Agenda 

  • What's a container?
  • What's a container made of?
    • Chroot
    • Namespaces/Cgroups
  • Why containers?

Why Containers? 

Because they are so much easier! 

Linux Containers

LXC

Agenda 

  • What's a container?
  • What's a container made of?
    • Chroot
    • Namespaces/Cgroups
  • Why containers?
    • LXC/LXD

What's in a Name?

Linux Containers or LXC?

  • The term "Linux Containers" can refer to containers on Linux or on LXC.

What's in a name?

Linux Containers or LXC?

  • The term "Linux Containers" can refer to containers on Linux or on LXC:
    • [L]inu[X] [C]ontainers
    • Supercharged Chroot
    • Allows you to isolate applications or entire operating system distros

 

What's in a name?

Linux Containers or LXC?

  • The term "Linux Containers" can refer to containers on Linux or on LXC.

LXC is a userspace interface for the Linux kernel containment features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers.

 

Docker

Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications.

LXC

Docker

-VS-

LXC and Docker

LXC and Docker

  • Portable Deployment Across Machines
  • App Centric
    • Sometimes referred to as machine containers and application containers.

LXC and Docker

  • Portable Deployment Across Machines
  • App Centric

  • Automatic Build

  • Versioning

  • Component re-use 

  • Sharing 

Docker Demo

Agenda 

  • What's a container?
  • What's a container made of?
    • Chroot
    • Namespaces/Cgroups
  • Why containers?
    • LXC/LXD
    • Docker

Docker:

Image Layers

Docker History

Wrap-Up Demo

Questions?

@ell_o_punk

ell.marquez@linuxacademy.com

  1. Containers provide an isolated environment for an application or Linux distribution.
  2. Linux containers are not native to the Linux Kernel but composed of many technologies.
  3. Container technology is always changing.
  4. It’s okay to be new.
  1. Create a Chrooted environment.
  2. Install LXC and create a few containers. Install packages and modify the container environment to make it different from your hosts.
  3. Install Docker and create the same environments as your LXC containers using docker hub images.
  4. Write your own Docker Image.

What You Should Know:

What to do Next: 

Swarm

  • Shipped with the Docker Engine.
  • User-friendly and easy to get up and running.
  • Works on both Linux and windows Nodes. *

Kubernetes

  • Spun out of work done with Google and contributed to CNCF.
  • More of a tool kit. Not as easy to get up and running.
  • Configurable and extensible. 

Security

  • Expand your idea from DevOps to DevSecOps
  • Security as Code
    • Security from day one of script not an after thought
  • Think of containers as a script.
    • Trusted vendors.
  • Patch the application / image not the container.
    • Severity of vulnerability will determine down time.