Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

How Containers Work in Linux
An Introduction to Namespaces and Cgroups

James Bottomley
About Me

 

Container evangelist

Open Source Advocate

  • Converting Business to Open Source

Kernel Developer

  • SCSI Subsystem Maintainer
  • PA-RISC architecture Maintainer
Container Basics

Hypervisors are based on emulating hardware

Containers are about virtualizing the Operating System subsystems

Containers: Single Kernel; Hypervisors: multiple kernels.

Immediate Advantage: single kernel update, all guests benefit

Other container advantages: elasticity

|

|

|

Gigabytes

|

|

|

Megabytes

Just the lightness of containers makes them far more dense and elastic

But there's more: containers can be scaled instantly up or down (instant vertical scaling)

Sharing the same kernel makes container resource decisions much more efficiently than hypervisors

Sharing and Granularity key container Differentiators

But they're not really exposed by orchestration systems (VZ, LXC, Docker ...)

Linux Containers API

Kernel API is the same for all containers

Came from an Agreement at the Kernel Summit in 2011

Caused container interests to converge on a unified, upstream API

No repeat of Xen/KVM split

Led directly to the ability of Docker to run on upstream containers

 

Block I/O

CPU

Devices

Memory

Network

Freezer

Network NS

IPC NS

Mount NS

PID NS

UTS NS

User NS

Demo

nsenter, unshare - linux-utils

ip netns - iproute2
Conclusions
Thanks to a lot of upstream Kernel Work, Containers are here to stay
Native Kernel Control plane is excruciatingly complex
But that's not an excuse for not using them
Go forth and find interesting applications of container technology
Presented using impress.js by Bartek Szopka


Web Developer!
Thank You!
Questions?