SlideShare a Scribd company logo

Build, Ship, and Run Any App, Anywhere using Docker

Rahulkrishnan R A, profile picture
Rahulkrishnan R A

The document discusses the concept of namespaces in Linux, which are essential for containerization by partitioning kernel resources. It covers various types of namespaces such as PID, network, mount, UTS, IPC, and user namespaces, explaining their functionalities and significance in managing processes and resources. Additionally, it touches on Docker's architecture and the distinction between Docker images and containers.

Technology
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Build, Ship, and Run Any App, Anywhere COEP FOSSMeet'18 Rahulkrishnan R A
About Me » Consultant @ Capgemini » Debian Contributor » Gopher » Organizer of kubernetes Meetup, Chennai Docker 101 LinkedIn linkedin.com/in/rahulkrishnanra/ Github https://github.com/rahulkrishnanfs Twitter https://twitter.com/rahulkrishnanra
3What is namespace? » Feature of the Linux kernel that partitions kernel resources » Limits what you can see » Namespaces are the fundamental aspect of containers on Linux
4 Types of namespace o pid (processes) o net (network stack) o mnt (mount points, filesystems) o uts (hostname) o ipc (System V IPC) o user (UIDs) o cgroups
5 What are they ? root@ip-172-31-43-99:/# ls -la /proc/4015/ns/ total 0 lrwxrwxrwx 1 cgroup -> cgroup:[4026531835] lrwxrwxrwx 1 ipc -> ipc:[4026531839] lrwxrwxrwx 1 mnt -> mnt:[4026531840] lrwxrwxrwx 1 net -> net:[4026531993] lrwxrwxrwx 1 pid -> pid:[4026531836] lrwxrwxrwx 1 user -> user:[4026531837] lrwxrwxrwx 1 uts -> uts:[4026531838]
6 PID namespace » Processes within a PID namespace only see processes in the same PID namespace » Each PID has its own numbering » Namespace will be killed if PID one goes away » Behavior like the “init” process » PID namespace can be nested, up to 32 nesting levels
7 1 2 3 4, 1 5, 2 6, 3 Child PID namespace parent PID namespace
Network Namespace » Logical copy of the network stack It has its own:  routes  firewall rules  network devices  IP address » It helps to separate application/process networking » You can move network interface across netns » Newly created network namespace includes only the loopback device
Child net namespace Child net namespace Global net namespace InterfaceInterface routing NetworkInterface
Mount namespace » Processes can have their own rootfs » Mounts can be totally private or shared » In the new mount namespace, all previous mounts will be visible » Mounts/unmounts in the global namespace are visible in that namespace
UTS namespace » Appears to have different host and domain names to different processes. » UTS namespace provides a way to get information about the system with commands like uname or hostname » Simple one to implement
UTS namespace Implementation func main() { cmd := exec.Command("/bin/sh") cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS, } syscall.Sethostname([]byte("inner")) if err := cmd.Run(); err != nil { panic(err) } }
IPC namespace » Private set of IPC objects inside namespace eg: shm
User namespace » Allows to map UID/GID » Avoid extra configuration in containers » Security improvement
Container runtime - Docker
How containers looks like? ContainersVirtual Machines
Interest on Docker – Google trends https://trends.google.co.in/trends/explore?date=today%205-y&q=docker
Docker Engine Docker Engine is a client-server application with these major components: » A REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do » A command line interface (CLI) client ( the docker command) » A server which is a type of long-running program called a daemon process (the dockerd command)
Docker architecture
How docker access the linux kernel?
Docker Images vs Containers Images » Lightweight, stand-alone, executable package » Includes everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and config files. Container » Runtime instance of an image—what the image becomes in memory when actually executed.
Docker Image
Sharing the docker image
“ Demo 24
“ Questions 25
“ Thanks !!! Follow me @rahulkrishnanra 26 😉

More Related Content

PDF
Reflink
The Linux Foundation
 
PDF
Declare your infrastructure: InfraKit, LinuxKit and Moby
Moby Project
 
PDF
OSS AWS 핸즈온 강의
Juhong Jung
 
PDF
What Have Syscalls Done for you Lately?
Docker, Inc.
 
PDF
Linux kernel bug hunting
Andrea Righi
 
PPTX
Flex pod driven by Openstack
Marton Kiss
 
PPT
Installation of application server 10g in red hat 4
uzzzle
 
PDF
Docker n co
Rohit Jnagal
 
Reflink
The Linux Foundation
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
Moby Project
 
OSS AWS 핸즈온 강의
Juhong Jung
 
What Have Syscalls Done for you Lately?
Docker, Inc.
 
Linux kernel bug hunting
Andrea Righi
 
Flex pod driven by Openstack
Marton Kiss
 
Installation of application server 10g in red hat 4
uzzzle
 
Docker n co
Rohit Jnagal
 

What's hot (20)

PDF
Redis clustering
Ravi Yasas
 
PDF
CoreOSによるDockerコンテナのクラスタリング
Yuji ODA
 
PDF
Docker 基本概念與指令操作
NUTC, imac
 
PPTX
Gebruik dezelfde Docker container voor Java applicaties tijdens ontwikkelen e...
NLJUG
 
PDF
使用 CLI 管理 OpenStack 平台
NUTC, imac
 
PDF
Build your own private openstack cloud
NUTC, imac
 
ODP
Introduction to Diskless Remote Boot in Linux
Jazz Yao-Tsung Wang
 
PDF
Everyone Loves a Sausage
Nick Jones
 
PPTX
Slider2
Ali Ebrahimpour
 
ODP
testing-nfs
guest4e525f
 
TXT
Instructions
ds5ysm
 
PDF
Fixed in drizzle
Henrik Ingo
 
PPTX
Find the Hacker
Sysdig
 
PPTX
CoreOS
Frik khechoomian
 
ODT
Ns 3 installation procedure
Vinayak Antin
 
PDF
Microsoft Docker Meetup - Tutum Spring 2015
luisamariethm
 
PDF
About linux japanese
Shota Ito
 
PDF
2013 PyCon SG - Building your cloud infrastructure with Python
George Goh
 
PDF
An Introduce of OPNFV (Open Platform for NFV)
Mario Cho
 
PDF
Open stack 4day
Mario Cho
 
Redis clustering
Ravi Yasas
 
CoreOSによるDockerコンテナのクラスタリング
Yuji ODA
 
Docker 基本概念與指令操作
NUTC, imac
 
Gebruik dezelfde Docker container voor Java applicaties tijdens ontwikkelen e...
NLJUG
 
使用 CLI 管理 OpenStack 平台
NUTC, imac
 
Build your own private openstack cloud
NUTC, imac
 
Introduction to Diskless Remote Boot in Linux
Jazz Yao-Tsung Wang
 
Everyone Loves a Sausage
Nick Jones
 
Slider2
Ali Ebrahimpour
 
testing-nfs
guest4e525f
 
Instructions
ds5ysm
 
Fixed in drizzle
Henrik Ingo
 
Find the Hacker
Sysdig
 
CoreOS
Frik khechoomian
 
Ns 3 installation procedure
Vinayak Antin
 
Microsoft Docker Meetup - Tutum Spring 2015
luisamariethm
 
About linux japanese
Shota Ito
 
2013 PyCon SG - Building your cloud infrastructure with Python
George Goh
 
An Introduce of OPNFV (Open Platform for NFV)
Mario Cho
 
Open stack 4day
Mario Cho
 
Ad

Similar to Build, Ship, and Run Any App, Anywhere using Docker (20)

PDF
dotCloud (now Docker) Paas under the_hood
Susan Wu
 
PDF
Namespaces and cgroups - the basis of Linux containers
Kernel TLV
 
PPTX
Linux container internals
Ashwin Bilgi
 
PDF
The building blocks of docker.
Chafik Belhaoues
 
PDF
Linux containers-namespaces(Dec 2014)
Ralf Dannert
 
PDF
Docker Belgium Meetup
Phil Estes
 
PDF
Linux containers_Docker
Dmitry Fedorov
 
PPTX
Cgroups, namespaces and beyond: what are containers made from?
Docker, Inc.
 
PDF
Understand how docker works
Li Jingtian
 
PDF
Understand how docker works
Justin Li
 
PDF
Rooting Out Root: User namespaces in Docker
Phil Estes
 
PPTX
Introduction to containers
Nitish Jadia
 
PDF
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Jérôme Petazzoni
 
PPTX
Linux network namespaces
Mike Wilson
 
PDF
lxc-namespace.pdf
-
 
PPTX
Docker: Aspects of Container Isolation
allingeek
 
PDF
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Jérôme Petazzoni
 
PDF
Understanding and building Your Own Docker
Motiejus Jakštys
 
PDF
Docker containers : introduction
rinnocente
 
PDF
Docker: Behind the API
Karl Matthias
 
dotCloud (now Docker) Paas under the_hood
Susan Wu
 
Namespaces and cgroups - the basis of Linux containers
Kernel TLV
 
Linux container internals
Ashwin Bilgi
 
The building blocks of docker.
Chafik Belhaoues
 
Linux containers-namespaces(Dec 2014)
Ralf Dannert
 
Docker Belgium Meetup
Phil Estes
 
Linux containers_Docker
Dmitry Fedorov
 
Cgroups, namespaces and beyond: what are containers made from?
Docker, Inc.
 
Understand how docker works
Li Jingtian
 
Understand how docker works
Justin Li
 
Rooting Out Root: User namespaces in Docker
Phil Estes
 
Introduction to containers
Nitish Jadia
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Jérôme Petazzoni
 
Linux network namespaces
Mike Wilson
 
lxc-namespace.pdf
-
 
Docker: Aspects of Container Isolation
allingeek
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Jérôme Petazzoni
 
Understanding and building Your Own Docker
Motiejus Jakštys
 
Docker containers : introduction
rinnocente
 
Docker: Behind the API
Karl Matthias
 
Ad

Recently uploaded (20)

PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
A Presentation on Artificial Intelligence
memembruh336
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 

Build, Ship, and Run Any App, Anywhere using Docker

  • 1. Build, Ship, and Run Any App, Anywhere COEP FOSSMeet'18 Rahulkrishnan R A
  • 2. About Me » Consultant @ Capgemini » Debian Contributor » Gopher » Organizer of kubernetes Meetup, Chennai Docker 101 LinkedIn linkedin.com/in/rahulkrishnanra/ Github https://github.com/rahulkrishnanfs Twitter https://twitter.com/rahulkrishnanra
  • 3. 3What is namespace? » Feature of the Linux kernel that partitions kernel resources » Limits what you can see » Namespaces are the fundamental aspect of containers on Linux
  • 4. 4 Types of namespace o pid (processes) o net (network stack) o mnt (mount points, filesystems) o uts (hostname) o ipc (System V IPC) o user (UIDs) o cgroups
  • 5. 5 What are they ? root@ip-172-31-43-99:/# ls -la /proc/4015/ns/ total 0 lrwxrwxrwx 1 cgroup -> cgroup:[4026531835] lrwxrwxrwx 1 ipc -> ipc:[4026531839] lrwxrwxrwx 1 mnt -> mnt:[4026531840] lrwxrwxrwx 1 net -> net:[4026531993] lrwxrwxrwx 1 pid -> pid:[4026531836] lrwxrwxrwx 1 user -> user:[4026531837] lrwxrwxrwx 1 uts -> uts:[4026531838]
  • 6. 6 PID namespace » Processes within a PID namespace only see processes in the same PID namespace » Each PID has its own numbering » Namespace will be killed if PID one goes away » Behavior like the “init” process » PID namespace can be nested, up to 32 nesting levels
  • 7. 7 1 2 3 4, 1 5, 2 6, 3 Child PID namespace parent PID namespace
  • 8. Network Namespace » Logical copy of the network stack It has its own:  routes  firewall rules  network devices  IP address » It helps to separate application/process networking » You can move network interface across netns » Newly created network namespace includes only the loopback device
  • 9. Child net namespace Child net namespace Global net namespace InterfaceInterface routing NetworkInterface
  • 10. Mount namespace » Processes can have their own rootfs » Mounts can be totally private or shared » In the new mount namespace, all previous mounts will be visible » Mounts/unmounts in the global namespace are visible in that namespace
  • 11. UTS namespace » Appears to have different host and domain names to different processes. » UTS namespace provides a way to get information about the system with commands like uname or hostname » Simple one to implement
  • 12. UTS namespace Implementation func main() { cmd := exec.Command("/bin/sh") cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS, } syscall.Sethostname([]byte("inner")) if err := cmd.Run(); err != nil { panic(err) } }
  • 13. IPC namespace » Private set of IPC objects inside namespace eg: shm
  • 14. User namespace » Allows to map UID/GID » Avoid extra configuration in containers » Security improvement
  • 16. How containers looks like? ContainersVirtual Machines
  • 17. Interest on Docker – Google trends https://trends.google.co.in/trends/explore?date=today%205-y&q=docker
  • 18. Docker Engine Docker Engine is a client-server application with these major components: » A REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do » A command line interface (CLI) client ( the docker command) » A server which is a type of long-running program called a daemon process (the dockerd command)
  • 20. How docker access the linux kernel?
  • 21. Docker Images vs Containers Images » Lightweight, stand-alone, executable package » Includes everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and config files. Container » Runtime instance of an image—what the image becomes in memory when actually executed.
  • 26. “ Thanks !!! Follow me @rahulkrishnanra 26 😉