containers - what are they and atomic
TRANSCRIPT
ContainersHosts and lxc, docker..
@RedHatNordics@sshaaf
Containment , always been ...
Zones
LXC
Namespaces
namespace wraps a particular global system resource in an abstraction that tells the processes within the namespace that they have their own isolated instance of the global resource
Namespaces
Mount - CLONE_NEWNS, Linux 2.4.19
IPC - CLONE_NEWIPC, Linux 2.6.19
PID - CLONE_NEWPID, Linux 2.6.24
UTS - CLONE_NEWUTS, Linux 2.6.19
Network - CLONE_NEWNET, started in Linux 2.6.24
User - CLONE_NEWUSER, started in Linux 2.6.23
Cgroups
Control Groups provide a mechanism for aggregating/partitioning sets oftasks, and all their future children, into hierarchical groups withspecialized behaviour.
Ref: Kernel.org
CgroupsSubsystems, hierarchies.
Parameters: Memory, disk, cpu ..
CPU Set
Mem
CPU
Top Set
I got containerized
Software packaging concept that typically includes an application and all of its runtime dependencies.● Easy to deploy and portable
across host systems● Isolates applications on a
host operating system. In RHEL,this is done through:● Control Groups (cgroups)● kernel namespaces● SELinux, sVirt
What is?
Loose 1 not all
...and compromised, there is far less exposure. Only the container process is lost – lose the process not the system.
Overview
Containers in RHEL
Image based containers
Virt and containers