Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Corwin on Containers
Who Am I
●
○
●
○
■
■
■
●
What are we Talking About Today
Containers!
●
●
●
●
●
○
○
●
Definition of DevOps
“DevOps is about
recognizing that
the backing
infrastructure is
not separate from
your application,
but a vital part of
it...
Linux Crash Course
Everything is a File
●
●
●
●
●
●
●
○ …
User Space and Kernel Space
●
●
●
Fork and Exec
●
○ fork(2) exec(2).
● fork(2)
○
● exec(2)
Let's talk about Containers!
What is Containerization?
●
○
○
●
●
Can be Very Similar to Virtual Machines
●
○
■
○
■
○
■
Tend to be lighter weight than VMs
●
○
●
○
○
The History of Containers
Chroot
●
●
●
○
●
○ chroot(2)
●
FreeBSD Jails and Solaris Zones
●
●
●
●
LXC
●
●
●
○
●
○
●
●
Docker
●
●
○
●
○
●
RKT
●
●
●
○
●
●
●
How do Containers Work?
Two Primary Kernel Features
●
●
Process Namespaces
●
●
○
○
●
Process Namespaces
●
●
●
●
●
●
●
Creating a New Process Namespace
●
unshare --fork --net /bin/bash
Creating a New Process Namespace
●
$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFA...
Creating a New Process Namespace
●
$ ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default ...
Creating a New Process Namespace
static int child_exec(void *parent_args) {
printf("New Namespace:n");
system("ip link");
...
Creating a New Process Namespace
int clone_flags = SIGCHLD | CLONE_NEWNET;
pid_t child_pid = clone(
child_exec,
child_stac...
Creating a New Process Namespace
● clone(2) fork(2)
○ clone(2) fork(2)
○ fork(2) clone(2)
○
○
Control Groups
●
○
●
●
●
○
●
○
●
○
●
○
Control Groups
●
● /sys/fs/cgroup
Control Groups Implementation
Create a New Control Group
cgcreate -g memory:test_group
mkdir /sys/fs/cgroup/memory/test_group
New Group!!!
Add a Process to “test_group”
cgclassify -g memory:test_group $PID
echo $PID > /sys/fs/cgroup/memory/test_group/tasks
In Summary
● …
● …
Further Reading
●
○
●
○
●
○
How Does this Help Me?
Testing New Technologies
Dependency Requirements
Developer Onboarding
End to End Testing
Building
FROM node:8.5.0
RUN mkdir -p /usr/app/src
WORKDIR /usr/app
ADD package.json package.json
ADD gulpfile.js gulpfile...
Future
●
○
○
●
○
●
○
Questions?
Corwin on containers
Corwin on containers
Corwin on containers
Próxima SlideShare
Cargando en…5
×

Corwin on containers

531 visualizaciones

Publicado el

A deep dive into the history of containers as well as an introduction to how they work under the covers. This includes a discussion around Control Groups and Process Namespaces, as well as touching on some underlying syscalls, such as Fork and Clone.

Publicado en: Tecnología
  • Sé el primero en comentar

Corwin on containers

  1. 1. Corwin on Containers
  2. 2. Who Am I ● ○ ● ○ ■ ■ ■ ●
  3. 3. What are we Talking About Today
  4. 4. Containers! ● ● ● ● ● ○ ○ ●
  5. 5. Definition of DevOps
  6. 6. “DevOps is about recognizing that the backing infrastructure is not separate from your application, but a vital part of it.”
  7. 7. Linux Crash Course
  8. 8. Everything is a File ● ● ● ● ● ● ● ○ …
  9. 9. User Space and Kernel Space ● ● ●
  10. 10. Fork and Exec ● ○ fork(2) exec(2). ● fork(2) ○ ● exec(2)
  11. 11. Let's talk about Containers!
  12. 12. What is Containerization? ● ○ ○ ● ●
  13. 13. Can be Very Similar to Virtual Machines ● ○ ■ ○ ■ ○ ■
  14. 14. Tend to be lighter weight than VMs ● ○ ● ○ ○
  15. 15. The History of Containers
  16. 16. Chroot ● ● ● ○ ● ○ chroot(2) ●
  17. 17. FreeBSD Jails and Solaris Zones ● ● ● ●
  18. 18. LXC ● ● ● ○ ● ○ ● ●
  19. 19. Docker ● ● ○ ● ○ ●
  20. 20. RKT ● ● ● ○ ● ● ●
  21. 21. How do Containers Work?
  22. 22. Two Primary Kernel Features ● ●
  23. 23. Process Namespaces ● ● ○ ○ ●
  24. 24. Process Namespaces ● ● ● ● ● ● ●
  25. 25. Creating a New Process Namespace ● unshare --fork --net /bin/bash
  26. 26. Creating a New Process Namespace ● $ ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 02:f4:7c:c4:3b:a3 brd ff:ff:ff:ff:ff:ff
  27. 27. Creating a New Process Namespace ● $ ip link 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 ●
  28. 28. Creating a New Process Namespace static int child_exec(void *parent_args) { printf("New Namespace:n"); system("ip link"); return(0); } int main(int argc, char **argv) { printf("Host: n"); system("ip link"); printf("n----nn"); int clone_flags = SIGCHLD | CLONE_NEWNET; pid_t child_pid = clone(child_exec, child_stack + STACKSIZE, clone_flags, NULL); waitpid(child_pid, NULL, 0); exit(EXIT_SUCCESS); }
  29. 29. Creating a New Process Namespace int clone_flags = SIGCHLD | CLONE_NEWNET; pid_t child_pid = clone( child_exec, child_stack + STACKSIZE, clone_flags, NULL );
  30. 30. Creating a New Process Namespace ● clone(2) fork(2) ○ clone(2) fork(2) ○ fork(2) clone(2) ○ ○
  31. 31. Control Groups ● ○ ● ●
  32. 32. ● ○ ● ○ ● ○ ● ○ Control Groups
  33. 33. ● ● /sys/fs/cgroup Control Groups Implementation
  34. 34. Create a New Control Group cgcreate -g memory:test_group mkdir /sys/fs/cgroup/memory/test_group
  35. 35. New Group!!!
  36. 36. Add a Process to “test_group” cgclassify -g memory:test_group $PID echo $PID > /sys/fs/cgroup/memory/test_group/tasks
  37. 37. In Summary ● … ● …
  38. 38. Further Reading ● ○ ● ○ ● ○
  39. 39. How Does this Help Me?
  40. 40. Testing New Technologies
  41. 41. Dependency Requirements
  42. 42. Developer Onboarding
  43. 43. End to End Testing
  44. 44. Building FROM node:8.5.0 RUN mkdir -p /usr/app/src WORKDIR /usr/app ADD package.json package.json ADD gulpfile.js gulpfile.js ADD webpack.*.js /usr/app/ RUN npm install && gulp build.prod
  45. 45. Future ● ○ ○ ● ○ ● ○
  46. 46. Questions?

×