Kernel Internals | namespaces | cgroups | Containers | Docker

Описание к видео Kernel Internals | namespaces | cgroups | Containers | Docker

In this video, we talk about the Kernel internals like namespaces, cgroups, unified file system (ufs), and capabilities, that give us modern containers.

Contents
--------------------------------------
00:00 - Intro
01:00 - What is a container, really?
05:48 - namespaces
14:23 - cgroups
16:48 - Different namespaces
17:48 - Unified File System (ufs)
19:27 - Linux capabilities
23:27 - Next

docker.md
--------------------------------------
namespaces
- create isolated and independent instances of user space
- 1 isolated instances = 1 containers
- process id (pid)
- network (net)
- filesystem/mount (mnt)
- inter-proc comm (ipc)
- uts
- user

control groups (cgroups)
- group resources
- apply limits
- 1 container = 1 cgroup

unified file system (ufs)
- r/o file system or block devices layered on top of one another
- a single r/w top layer

capabilities
- fine grain control over privileges a user or process gets
- --privileged = true
- docker uses a white list

References:
--------------------------------------
- Cgroups, namespaces, and beyond: what are containers made from?
   • Cgroups, namespaces, and beyond: what...  
- Runtime privilege and Linux capabilities
https://docs.docker.com/engine/refere...

#docker #namespaces #cgroups

Комментарии

Информация по комментариям в разработке