SlideShare ist ein Scribd-Unternehmen logo

Understanding and building Your Own Docker

Motiejus Jakštys
Motiejus Jakštys

A lot of people use Docker/rkt, but very often we do not have time to actually understand how they work. So today in half-hour I will show you in a nutshell how that works. My hope is that even after you know how to build a container engine, I can still convince you that the existing tools are worth spending $MM to create and use.

Software
1 von 78
Downloaden Sie, um offline zu lesen
1/22 Building blocks of Linux Containers Motiejus Jakˇstys motiejus@uber.com @mo kelione 2016-11-18 c 2016. Uber Technologies Inc. All rights reserved.
2/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details. c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. Make container engine in 30 minutes. c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. Make container engine in 30 minutes. Details! c 2016. Uber Technologies Inc. All rights reserved.
3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. Make container engine in 30 minutes. Details! → You will still pick existing tools. c 2016. Uber Technologies Inc. All rights reserved.
4/22 Why me My resume: oncall experience. 2009 − 2012 Telecom (Dev + Ops). 2012 − 2014 Online Gaming (Dev + Ops). 2014 − 2016 Amazon (Dev + Ops). 2016 − now Uber (Dev + Ops): From 2016.02: Dev. From 2016.11: SRE. c 2016. Uber Technologies Inc. All rights reserved.
4/22 Why me My resume: oncall experience. 2009 − 2012 Telecom (Dev + Ops). 2012 − 2014 Online Gaming (Dev + Ops). 2014 − 2016 Amazon (Dev + Ops). 2016 − now Uber (Dev + Ops): From 2016.02: Dev. From 2016.11: SRE. I had to understand how exactly infrastructure works. c 2016. Uber Technologies Inc. All rights reserved.
5/22 A container in Linux is ... c 2016. Uber Technologies Inc. All rights reserved.
5/22 A container in Linux is ... Fork/exec with bells & whistles: c 2016. Uber Technologies Inc. All rights reserved.
5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. c 2016. Uber Technologies Inc. All rights reserved.
5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. COW filesystem to make it start fast. c 2016. Uber Technologies Inc. All rights reserved.
5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. COW filesystem to make it start fast. Cgroups for fairness. c 2016. Uber Technologies Inc. All rights reserved.
5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. COW filesystem to make it start fast. Cgroups for fairness. Namespaces for isolation. c 2016. Uber Technologies Inc. All rights reserved.
6/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
7/22 We will cover c 2016. Uber Technologies Inc. All rights reserved.
7/22 We will cover User namespaces. c 2016. Uber Technologies Inc. All rights reserved.
7/22 We will cover User namespaces. Pid namespaces. c 2016. Uber Technologies Inc. All rights reserved.
7/22 We will cover User namespaces. Pid namespaces. Mount namespaces. c 2016. Uber Technologies Inc. All rights reserved.
7/22 We will cover User namespaces. Pid namespaces. Mount namespaces. Network namespaces. c 2016. Uber Technologies Inc. All rights reserved.
7/22 We will cover User namespaces. Pid namespaces. Mount namespaces. Network namespaces. There are more, but not today. c 2016. Uber Technologies Inc. All rights reserved.
8/22 User namespace Become container-local root. unshare --map-root-user c 2016. Uber Technologies Inc. All rights reserved.
9/22 Mount namespace Hide container mounts. unshare --mount c 2016. Uber Technologies Inc. All rights reserved.
10/22 Pid namespace Hide other pids. unshare --pid --mount-proc --fork c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. curl and ping. c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. curl and ping. lsof, bind on ports separately. c 2016. Uber Technologies Inc. All rights reserved.
11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. curl and ping. lsof, bind on ports separately. Ever wanted to run tcpdump on an application? c 2016. Uber Technologies Inc. All rights reserved.
12/22 Network namespace default lo 127.0.0.1 eth0 192.0.2.1 c 2016. Uber Technologies Inc. All rights reserved.
12/22 Network namespace default lo 127.0.0.1 eth0 192.0.2.1 t1 lo c 2016. Uber Technologies Inc. All rights reserved.
12/22 Network namespace default lo 127.0.0.1 eth0 192.0.2.1 t1 lolo 127.0.0.1 c 2016. Uber Technologies Inc. All rights reserved.
12/22 Network namespace default lo 127.0.0.1 eth0 192.0.2.1 t1 lolo 127.0.0.1 veth1a veth1b c 2016. Uber Technologies Inc. All rights reserved.
12/22 Network namespace default lo 127.0.0.1 eth0 192.0.2.1 t1 lolo 127.0.0.1 veth1a veth1bveth1a 10.0.0.1 veth1b 10.0.0.2 c 2016. Uber Technologies Inc. All rights reserved.
13/22 What did we just do Created a container: c 2016. Uber Technologies Inc. All rights reserved.
13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. c 2016. Uber Technologies Inc. All rights reserved.
13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. c 2016. Uber Technologies Inc. All rights reserved.
13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. Isolated mounts e.g. for /tmp. c 2016. Uber Technologies Inc. All rights reserved.
13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. Isolated mounts e.g. for /tmp. Isolated network safely bind to :80. c 2016. Uber Technologies Inc. All rights reserved.
13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. Isolated mounts e.g. for /tmp. Isolated network safely bind to :80. An improvement over ”run and hope it doesn’t affect anything else”. c 2016. Uber Technologies Inc. All rights reserved.
14/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
15/22 File systems and COW A container: Needs a file system. c 2016. Uber Technologies Inc. All rights reserved.
15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. c 2016. Uber Technologies Inc. All rights reserved.
15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. Do not want to copy 1GB with every startup. c 2016. Uber Technologies Inc. All rights reserved.
15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. Do not want to copy 1GB with every startup. Copy On Write! c 2016. Uber Technologies Inc. All rights reserved.
15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. Do not want to copy 1GB with every startup. Copy On Write! lvm? zfs? btrfs? c 2016. Uber Technologies Inc. All rights reserved.
16/22 A quick demo Create tank/images/debian@latest Create tank/containers/t1 from @latest unshare --mount --pid --fork chroot . bash c 2016. Uber Technologies Inc. All rights reserved.
17/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. Collect zombie processes. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. Collect zombie processes. Image management. c 2016. Uber Technologies Inc. All rights reserved.
18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. Collect zombie processes. Image management. Should someone else do it? c 2016. Uber Technologies Inc. All rights reserved.
19/22 We almost have a container engine c 2016. Uber Technologies Inc. All rights reserved.
19/22 We almost have a container engine But look at my conclusions again. c 2016. Uber Technologies Inc. All rights reserved.
19/22 We almost have a container engine But look at my conclusions again. Devil hides in the details. c 2016. Uber Technologies Inc. All rights reserved.
19/22 We almost have a container engine But look at my conclusions again. Devil hides in the details. Tooling companies (Docker, CoreOS, etc) raised > $108 . c 2016. Uber Technologies Inc. All rights reserved.
20/22 To recap Easy to understand kernel facilities. c 2016. Uber Technologies Inc. All rights reserved.
20/22 To recap Easy to understand kernel facilities. Devil hides in the details. c 2016. Uber Technologies Inc. All rights reserved.
20/22 To recap Easy to understand kernel facilities. Devil hides in the details. Either spend a lot of time and headache, or re-use existing tools. c 2016. Uber Technologies Inc. All rights reserved.
21/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
22/22 We’re hiring! Uber SRE locations: SF, NYC, Seattle, Vilnius. Check out join.uber.com Also, contact me at motiejus@uber.com c 2016. Uber Technologies Inc. All rights reserved.

Empfohlen

The End of the world as we know it - AKA your last NullPointerException $1B b...
The End of the world as we know it - AKA your last NullPointerException $1B b...The End of the world as we know it - AKA your last NullPointerException $1B b...
The End of the world as we know it - AKA your last NullPointerException $1B b...Michael Vorburger
 
Meet the Eclipse SmartHome powered Mars Rover
Meet the Eclipse SmartHome powered Mars RoverMeet the Eclipse SmartHome powered Mars Rover
Meet the Eclipse SmartHome powered Mars RoverMichael Vorburger
 
Hacking for Fun and Profit
Hacking for Fun and ProfitHacking for Fun and Profit
Hacking for Fun and ProfitApkudo
 
Who Needs Thumbs? Reverse Engineering Scramble With Friends
Who Needs Thumbs? Reverse Engineering Scramble With FriendsWho Needs Thumbs? Reverse Engineering Scramble With Friends
Who Needs Thumbs? Reverse Engineering Scramble With FriendsApkudo
 
A Modest Introduction to Swift
A Modest Introduction to SwiftA Modest Introduction to Swift
A Modest Introduction to SwiftJohn Anderson
 
Introduction to Mercurial
Introduction to MercurialIntroduction to Mercurial
Introduction to Mercurialdigitalspaghetti
 
Dependency Management with Composer
Dependency Management with ComposerDependency Management with Composer
Dependency Management with ComposerJordi Boggiano
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonPhilip Tellis
 

Empfohlen

The End of the world as we know it - AKA your last NullPointerException $1B b...
The End of the world as we know it - AKA your last NullPointerException $1B b...The End of the world as we know it - AKA your last NullPointerException $1B b...
The End of the world as we know it - AKA your last NullPointerException $1B b...Michael Vorburger
 
Meet the Eclipse SmartHome powered Mars Rover
Meet the Eclipse SmartHome powered Mars RoverMeet the Eclipse SmartHome powered Mars Rover
Meet the Eclipse SmartHome powered Mars RoverMichael Vorburger
 
Hacking for Fun and Profit
Hacking for Fun and ProfitHacking for Fun and Profit
Hacking for Fun and ProfitApkudo
 
Who Needs Thumbs? Reverse Engineering Scramble With Friends
Who Needs Thumbs? Reverse Engineering Scramble With FriendsWho Needs Thumbs? Reverse Engineering Scramble With Friends
Who Needs Thumbs? Reverse Engineering Scramble With FriendsApkudo
 
A Modest Introduction to Swift
A Modest Introduction to SwiftA Modest Introduction to Swift
A Modest Introduction to SwiftJohn Anderson
 
Introduction to Mercurial
Introduction to MercurialIntroduction to Mercurial
Introduction to Mercurialdigitalspaghetti
 
Dependency Management with Composer
Dependency Management with ComposerDependency Management with Composer
Dependency Management with ComposerJordi Boggiano
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonPhilip Tellis
 
Frontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxFrontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxPhilip Tellis
 
Massive applications in node.js
Massive applications in node.jsMassive applications in node.js
Massive applications in node.jsJan Jongboom
 
Frontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonFrontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonPhilip Tellis
 
Using software modules welcome to hell!
Using software modules welcome to hell!Using software modules welcome to hell!
Using software modules welcome to hell!Baruch Sadogursky
 
Gotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineGotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineAnton Babenko
 
Composer (PHP Usergroup Karlsruhe)
Composer (PHP Usergroup Karlsruhe)Composer (PHP Usergroup Karlsruhe)
Composer (PHP Usergroup Karlsruhe)Nils Adermann
 
Composer
ComposerComposer
ComposerNils Adermann
 
Modern Perl for the Unfrozen Paleolithic Perl Programmer
Modern Perl for the Unfrozen Paleolithic Perl ProgrammerModern Perl for the Unfrozen Paleolithic Perl Programmer
Modern Perl for the Unfrozen Paleolithic Perl ProgrammerJohn Anderson
 
Eclipse 3.7 : Tips and tricks
Eclipse 3.7 : Tips and tricksEclipse 3.7 : Tips and tricks
Eclipse 3.7 : Tips and tricksTomasz Zarna
 
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...Zohar Babin
 
Improving DroidBox
Improving DroidBoxImproving DroidBox
Improving DroidBoxKelwin Yang
 
P2 Introduction
P2 IntroductionP2 Introduction
P2 Introductionirbull
 
Java Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJava Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJeff Prestes
 
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPANCPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPANMike Friedman
 
ZN-2015
ZN-2015ZN-2015
ZN-2015Ivan Elkin
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonPhilip Tellis
 
Minko - Scripting 3D apps with Lua and C++
Minko - Scripting 3D apps with Lua and C++Minko - Scripting 3D apps with Lua and C++
Minko - Scripting 3D apps with Lua and C++Minko3D
 
21st Century CPAN Testing: CPANci
21st Century CPAN Testing: CPANci21st Century CPAN Testing: CPANci
21st Century CPAN Testing: CPANciMike Friedman
 
A Modest Introduction to Swift
A Modest Introduction to SwiftA Modest Introduction to Swift
A Modest Introduction to SwiftJohn Anderson
 
Bringing choas to order in your node.js app
Bringing choas to order in your node.js appBringing choas to order in your node.js app
Bringing choas to order in your node.js appDan Jenkins
 
Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作kao kuo-tung
 
LSA2 - 02 Namespaces
LSA2 - 02 NamespacesLSA2 - 02 Namespaces
LSA2 - 02 NamespacesMarian Marinov
 

Weitere ähnliche Inhalte

Was ist angesagt?

Frontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxFrontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxPhilip Tellis
 
Massive applications in node.js
Massive applications in node.jsMassive applications in node.js
Massive applications in node.jsJan Jongboom
 
Frontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonFrontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonPhilip Tellis
 
Using software modules welcome to hell!
Using software modules welcome to hell!Using software modules welcome to hell!
Using software modules welcome to hell!Baruch Sadogursky
 
Gotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineGotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineAnton Babenko
 
Composer (PHP Usergroup Karlsruhe)
Composer (PHP Usergroup Karlsruhe)Composer (PHP Usergroup Karlsruhe)
Composer (PHP Usergroup Karlsruhe)Nils Adermann
 
Modern Perl for the Unfrozen Paleolithic Perl Programmer
Modern Perl for the Unfrozen Paleolithic Perl ProgrammerModern Perl for the Unfrozen Paleolithic Perl Programmer
Modern Perl for the Unfrozen Paleolithic Perl ProgrammerJohn Anderson
 
Eclipse 3.7 : Tips and tricks
Eclipse 3.7 : Tips and tricksEclipse 3.7 : Tips and tricks
Eclipse 3.7 : Tips and tricksTomasz Zarna
 
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...Zohar Babin
 
Improving DroidBox
Improving DroidBoxImproving DroidBox
Improving DroidBoxKelwin Yang
 
P2 Introduction
P2 IntroductionP2 Introduction
P2 Introductionirbull
 
Java Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJava Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJeff Prestes
 
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPANCPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPANMike Friedman
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonPhilip Tellis
 
Minko - Scripting 3D apps with Lua and C++
Minko - Scripting 3D apps with Lua and C++Minko - Scripting 3D apps with Lua and C++
Minko - Scripting 3D apps with Lua and C++Minko3D
 
21st Century CPAN Testing: CPANci
21st Century CPAN Testing: CPANci21st Century CPAN Testing: CPANci
21st Century CPAN Testing: CPANciMike Friedman
 
A Modest Introduction to Swift
A Modest Introduction to SwiftA Modest Introduction to Swift
A Modest Introduction to SwiftJohn Anderson
 
Bringing choas to order in your node.js app
Bringing choas to order in your node.js appBringing choas to order in your node.js app
Bringing choas to order in your node.js appDan Jenkins
 

Was ist angesagt? (20)

Frontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxFrontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou Furieux
 
Massive applications in node.js
Massive applications in node.jsMassive applications in node.js
Massive applications in node.js
 
Frontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonFrontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy Person
 
Using software modules welcome to hell!
Using software modules welcome to hell!Using software modules welcome to hell!
Using software modules welcome to hell!
 
Gotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipelineGotchas using Terraform in a secure delivery pipeline
Gotchas using Terraform in a secure delivery pipeline
 
Composer (PHP Usergroup Karlsruhe)
Composer (PHP Usergroup Karlsruhe)Composer (PHP Usergroup Karlsruhe)
Composer (PHP Usergroup Karlsruhe)
 
Composer
ComposerComposer
Composer
 
Modern Perl for the Unfrozen Paleolithic Perl Programmer
Modern Perl for the Unfrozen Paleolithic Perl ProgrammerModern Perl for the Unfrozen Paleolithic Perl Programmer
Modern Perl for the Unfrozen Paleolithic Perl Programmer
 
Eclipse 3.7 : Tips and tricks
Eclipse 3.7 : Tips and tricksEclipse 3.7 : Tips and tricks
Eclipse 3.7 : Tips and tricks
 
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
Debugging LAMP Apps on Linux/UNIX Using Open Source Tools - Jess Portnot - OS...
 
Improving DroidBox
Improving DroidBoxImproving DroidBox
Improving DroidBox
 
P2 Introduction
P2 IntroductionP2 Introduction
P2 Introduction
 
Java Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJava Device I/O at Raspberry PI to Build a Candy Vending Machine
Java Device I/O at Raspberry PI to Build a Candy Vending Machine
 
CPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPANCPANci: Continuous Integration for CPAN
CPANci: Continuous Integration for CPAN
 
ZN-2015
ZN-2015ZN-2015
ZN-2015
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
 
Minko - Scripting 3D apps with Lua and C++
Minko - Scripting 3D apps with Lua and C++Minko - Scripting 3D apps with Lua and C++
Minko - Scripting 3D apps with Lua and C++
 
21st Century CPAN Testing: CPANci
21st Century CPAN Testing: CPANci21st Century CPAN Testing: CPANci
21st Century CPAN Testing: CPANci
 
A Modest Introduction to Swift
A Modest Introduction to SwiftA Modest Introduction to Swift
A Modest Introduction to Swift
 
Bringing choas to order in your node.js app
Bringing choas to order in your node.js appBringing choas to order in your node.js app
Bringing choas to order in your node.js app
 

Andere mochten auch

Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作kao kuo-tung
 
Обзор Linux Control Groups
Обзор Linux Control GroupsОбзор Linux Control Groups
Обзор Linux Control GroupsOSLL
 
Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces)Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces)OSLL
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 

Andere mochten auch (8)

Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作
 
LSA2 - 02 Namespaces
LSA2 - 02 NamespacesLSA2 - 02 Namespaces
LSA2 - 02 Namespaces
 
Обзор Linux Control Groups
Обзор Linux Control GroupsОбзор Linux Control Groups
Обзор Linux Control Groups
 
Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces)Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces)
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containers
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
 

Ähnlich wie Understanding and building Your Own Docker

stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraftstackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with UnikraftNETWAYS
 
DockerCon SF 2015: Keynote Day 1
DockerCon SF 2015: Keynote Day 1DockerCon SF 2015: Keynote Day 1
DockerCon SF 2015: Keynote Day 1Docker, Inc.
 
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
2016 - Easing Your Way Into Docker: Lessons From a Journey to Productiondevopsdaysaustin
 
AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0CTruncer
 
DockerDay2015: Keynote
DockerDay2015: KeynoteDockerDay2015: Keynote
DockerDay2015: KeynoteDocker-Hanoi
 
Programming the world with Docker
Programming the world with DockerProgramming the world with Docker
Programming the world with DockerPatrick Chanezon
 
Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015
Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015
Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015Chef
 
PHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpPHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpAhmed Abdou
 
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07Jorge Hidalgo
 
The Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To KnowThe Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To KnowAll Things Open
 
Boyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) GeekfestBoyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) GeekfestW2O Group
 
Interstella GTC: Monolith to Microservices with ECS
Interstella GTC: Monolith to Microservices with ECSInterstella GTC: Monolith to Microservices with ECS
Interstella GTC: Monolith to Microservices with ECSAmazon Web Services
 
Apt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stageApt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stageAlessandro Cinelli (cirpo)
 
StackEngine Problem Space Demo
StackEngine Problem Space DemoStackEngine Problem Space Demo
StackEngine Problem Space DemoBoyd Hemphill
 
Javascript State of the Union 2015 - English
Javascript State of the Union 2015 - EnglishJavascript State of the Union 2015 - English
Javascript State of the Union 2015 - EnglishHuge
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
 
Modern Release Engineering in a Nutshell - Why Researchers should Care!
Modern Release Engineering in a Nutshell - Why Researchers should Care!Modern Release Engineering in a Nutshell - Why Researchers should Care!
Modern Release Engineering in a Nutshell - Why Researchers should Care!Bram Adams
 

Ähnlich wie Understanding and building Your Own Docker (20)

stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraftstackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
 
DockerCon SF 2015: Keynote Day 1
DockerCon SF 2015: Keynote Day 1DockerCon SF 2015: Keynote Day 1
DockerCon SF 2015: Keynote Day 1
 
7+1 myths of the new os
7+1 myths of the new os7+1 myths of the new os
7+1 myths of the new os
 
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
2016 - Easing Your Way Into Docker: Lessons From a Journey to Production
 
AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0
 
DockerDay2015: Keynote
DockerDay2015: KeynoteDockerDay2015: Keynote
DockerDay2015: Keynote
 
Programming the world with Docker
Programming the world with DockerProgramming the world with Docker
Programming the world with Docker
 
Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015
Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015
Your Goat Antifragiled My Snowflake!: Demystifying DevOps Jargon - ChefConf 2015
 
PHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpPHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in php
 
MongoSV 2011
MongoSV 2011MongoSV 2011
MongoSV 2011
 
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
 
The Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To KnowThe Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To Know
 
Boyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) GeekfestBoyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) Geekfest
 
Interstella GTC: Monolith to Microservices with ECS
Interstella GTC: Monolith to Microservices with ECSInterstella GTC: Monolith to Microservices with ECS
Interstella GTC: Monolith to Microservices with ECS
 
Apt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stageApt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stage
 
StackEngine Problem Space Demo
StackEngine Problem Space DemoStackEngine Problem Space Demo
StackEngine Problem Space Demo
 
Javascript State of the Union 2015 - English
Javascript State of the Union 2015 - EnglishJavascript State of the Union 2015 - English
Javascript State of the Union 2015 - English
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
 
Modern Release Engineering in a Nutshell - Why Researchers should Care!
Modern Release Engineering in a Nutshell - Why Researchers should Care!Modern Release Engineering in a Nutshell - Why Researchers should Care!
Modern Release Engineering in a Nutshell - Why Researchers should Care!
 
Don't screw it up! How to build durable API
Don't screw it up! How to build durable API Don't screw it up! How to build durable API
Don't screw it up! How to build durable API
 

Kürzlich hochgeladen

VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsBert Jan Schrijver
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfayushiqss
 
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburgmasabamasaba
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 

Kürzlich hochgeladen (20)

VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 

Understanding and building Your Own Docker

  • 1. 1/22 Building blocks of Linux Containers Motiejus Jakˇstys motiejus@uber.com @mo kelione 2016-11-18 c 2016. Uber Technologies Inc. All rights reserved.
  • 2. 2/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
  • 3. 3/22 Conclusion! c 2016. Uber Technologies Inc. All rights reserved.
  • 4. 3/22 Conclusion! Devil Hides in The Details. c 2016. Uber Technologies Inc. All rights reserved.
  • 5. 3/22 Conclusion! Devil Hides in The Details? c 2016. Uber Technologies Inc. All rights reserved.
  • 6. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. c 2016. Uber Technologies Inc. All rights reserved.
  • 7. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. c 2016. Uber Technologies Inc. All rights reserved.
  • 8. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. c 2016. Uber Technologies Inc. All rights reserved.
  • 9. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. c 2016. Uber Technologies Inc. All rights reserved.
  • 10. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. Make container engine in 30 minutes. c 2016. Uber Technologies Inc. All rights reserved.
  • 11. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. Make container engine in 30 minutes. Details! c 2016. Uber Technologies Inc. All rights reserved.
  • 12. 3/22 Conclusion! Devil Hides in The Details? Many use Docker. We lack time to understand. You need to understand infra to successfully troubleshoot infra. There are trade-offs in the configuration. Make container engine in 30 minutes. Details! → You will still pick existing tools. c 2016. Uber Technologies Inc. All rights reserved.
  • 13. 4/22 Why me My resume: oncall experience. 2009 − 2012 Telecom (Dev + Ops). 2012 − 2014 Online Gaming (Dev + Ops). 2014 − 2016 Amazon (Dev + Ops). 2016 − now Uber (Dev + Ops): From 2016.02: Dev. From 2016.11: SRE. c 2016. Uber Technologies Inc. All rights reserved.
  • 14. 4/22 Why me My resume: oncall experience. 2009 − 2012 Telecom (Dev + Ops). 2012 − 2014 Online Gaming (Dev + Ops). 2014 − 2016 Amazon (Dev + Ops). 2016 − now Uber (Dev + Ops): From 2016.02: Dev. From 2016.11: SRE. I had to understand how exactly infrastructure works. c 2016. Uber Technologies Inc. All rights reserved.
  • 15. 5/22 A container in Linux is ... c 2016. Uber Technologies Inc. All rights reserved.
  • 16. 5/22 A container in Linux is ... Fork/exec with bells & whistles: c 2016. Uber Technologies Inc. All rights reserved.
  • 17. 5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. c 2016. Uber Technologies Inc. All rights reserved.
  • 18. 5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. COW filesystem to make it start fast. c 2016. Uber Technologies Inc. All rights reserved.
  • 19. 5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. COW filesystem to make it start fast. Cgroups for fairness. c 2016. Uber Technologies Inc. All rights reserved.
  • 20. 5/22 A container in Linux is ... Fork/exec with bells & whistles: Fancy tarball for distribution. COW filesystem to make it start fast. Cgroups for fairness. Namespaces for isolation. c 2016. Uber Technologies Inc. All rights reserved.
  • 21. 6/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
  • 22. 7/22 We will cover c 2016. Uber Technologies Inc. All rights reserved.
  • 23. 7/22 We will cover User namespaces. c 2016. Uber Technologies Inc. All rights reserved.
  • 24. 7/22 We will cover User namespaces. Pid namespaces. c 2016. Uber Technologies Inc. All rights reserved.
  • 25. 7/22 We will cover User namespaces. Pid namespaces. Mount namespaces. c 2016. Uber Technologies Inc. All rights reserved.
  • 26. 7/22 We will cover User namespaces. Pid namespaces. Mount namespaces. Network namespaces. c 2016. Uber Technologies Inc. All rights reserved.
  • 27. 7/22 We will cover User namespaces. Pid namespaces. Mount namespaces. Network namespaces. There are more, but not today. c 2016. Uber Technologies Inc. All rights reserved.
  • 28. 8/22 User namespace Become container-local root. unshare --map-root-user c 2016. Uber Technologies Inc. All rights reserved.
  • 29. 9/22 Mount namespace Hide container mounts. unshare --mount c 2016. Uber Technologies Inc. All rights reserved.
  • 30. 10/22 Pid namespace Hide other pids. unshare --pid --mount-proc --fork c 2016. Uber Technologies Inc. All rights reserved.
  • 31. 11/22 Network namespace Demonstrate this: c 2016. Uber Technologies Inc. All rights reserved.
  • 32. 11/22 Network namespace Demonstrate this: Create namespace. c 2016. Uber Technologies Inc. All rights reserved.
  • 33. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). c 2016. Uber Technologies Inc. All rights reserved.
  • 34. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: c 2016. Uber Technologies Inc. All rights reserved.
  • 35. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. c 2016. Uber Technologies Inc. All rights reserved.
  • 36. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. c 2016. Uber Technologies Inc. All rights reserved.
  • 37. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. c 2016. Uber Technologies Inc. All rights reserved.
  • 38. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. curl and ping. c 2016. Uber Technologies Inc. All rights reserved.
  • 39. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. curl and ping. lsof, bind on ports separately. c 2016. Uber Technologies Inc. All rights reserved.
  • 40. 11/22 Network namespace Demonstrate this: Create namespace. Activate loopback (lo). Create pair of devices veth1a and veth1b: veth1b will go to the namespace. veth1a will stay in default. Add ip addresses. curl and ping. lsof, bind on ports separately. Ever wanted to run tcpdump on an application? c 2016. Uber Technologies Inc. All rights reserved.
  • 41. 12/22 Network namespace default lo 127.0.0.1 eth0 192.0.2.1 c 2016. Uber Technologies Inc. All rights reserved.
  • 46. 13/22 What did we just do Created a container: c 2016. Uber Technologies Inc. All rights reserved.
  • 47. 13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. c 2016. Uber Technologies Inc. All rights reserved.
  • 48. 13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. c 2016. Uber Technologies Inc. All rights reserved.
  • 49. 13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. Isolated mounts e.g. for /tmp. c 2016. Uber Technologies Inc. All rights reserved.
  • 50. 13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. Isolated mounts e.g. for /tmp. Isolated network safely bind to :80. c 2016. Uber Technologies Inc. All rights reserved.
  • 51. 13/22 What did we just do Created a container: User namespace apt-get, iptables, mount, etc. Isolated pids no nobody, isolate from each other. Isolated mounts e.g. for /tmp. Isolated network safely bind to :80. An improvement over ”run and hope it doesn’t affect anything else”. c 2016. Uber Technologies Inc. All rights reserved.
  • 52. 14/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
  • 53. 15/22 File systems and COW A container: Needs a file system. c 2016. Uber Technologies Inc. All rights reserved.
  • 54. 15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. c 2016. Uber Technologies Inc. All rights reserved.
  • 55. 15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. Do not want to copy 1GB with every startup. c 2016. Uber Technologies Inc. All rights reserved.
  • 56. 15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. Do not want to copy 1GB with every startup. Copy On Write! c 2016. Uber Technologies Inc. All rights reserved.
  • 57. 15/22 File systems and COW A container: Needs a file system. Starts quickly regardless of size. Do not want to copy 1GB with every startup. Copy On Write! lvm? zfs? btrfs? c 2016. Uber Technologies Inc. All rights reserved.
  • 58. 16/22 A quick demo Create tank/images/debian@latest Create tank/containers/t1 from @latest unshare --mount --pid --fork chroot . bash c 2016. Uber Technologies Inc. All rights reserved.
  • 59. 17/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
  • 60. 18/22 Leftover elephants in the room c 2016. Uber Technologies Inc. All rights reserved.
  • 61. 18/22 Leftover elephants in the room Trivial to escape this ”container”. c 2016. Uber Technologies Inc. All rights reserved.
  • 62. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. c 2016. Uber Technologies Inc. All rights reserved.
  • 63. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. c 2016. Uber Technologies Inc. All rights reserved.
  • 64. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. c 2016. Uber Technologies Inc. All rights reserved.
  • 65. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. c 2016. Uber Technologies Inc. All rights reserved.
  • 66. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. c 2016. Uber Technologies Inc. All rights reserved.
  • 67. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. Collect zombie processes. c 2016. Uber Technologies Inc. All rights reserved.
  • 68. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. Collect zombie processes. Image management. c 2016. Uber Technologies Inc. All rights reserved.
  • 69. 18/22 Leftover elephants in the room Trivial to escape this ”container”. Sec: no leftover file descriptors. Resource fairness. Sec/DoS: shared kernel resources. Supervision, daemonization and cleanup. Logging. Collect zombie processes. Image management. Should someone else do it? c 2016. Uber Technologies Inc. All rights reserved.
  • 70. 19/22 We almost have a container engine c 2016. Uber Technologies Inc. All rights reserved.
  • 71. 19/22 We almost have a container engine But look at my conclusions again. c 2016. Uber Technologies Inc. All rights reserved.
  • 72. 19/22 We almost have a container engine But look at my conclusions again. Devil hides in the details. c 2016. Uber Technologies Inc. All rights reserved.
  • 73. 19/22 We almost have a container engine But look at my conclusions again. Devil hides in the details. Tooling companies (Docker, CoreOS, etc) raised > $108 . c 2016. Uber Technologies Inc. All rights reserved.
  • 74. 20/22 To recap Easy to understand kernel facilities. c 2016. Uber Technologies Inc. All rights reserved.
  • 75. 20/22 To recap Easy to understand kernel facilities. Devil hides in the details. c 2016. Uber Technologies Inc. All rights reserved.
  • 76. 20/22 To recap Easy to understand kernel facilities. Devil hides in the details. Either spend a lot of time and headache, or re-use existing tools. c 2016. Uber Technologies Inc. All rights reserved.
  • 77. 21/22 Table of Contents Introduction Why me A container in Linux is... Namespaces Isolation in Linux What did we just do File systems and COW What did we forget? Leftover elephants in the room The End c 2016. Uber Technologies Inc. All rights reserved.
  • 78. 22/22 We’re hiring! Uber SRE locations: SF, NYC, Seattle, Vilnius. Check out join.uber.com Also, contact me at motiejus@uber.com c 2016. Uber Technologies Inc. All rights reserved.