1 of 14

Containers

2 of 14

DISCLAIMER

Container = OCI compliant container (e.g Docker container).

3 of 14

What a container is not ?!

4 of 14

Containers vs VMs: the bad analogy

5 of 14

Wrong again: containers are running on/by the kernel (not on the CE)

6 of 14

Confusion

  • How to SSH into a container ?
  • How to execute more than one CMD per container ?
  • How come the container exits after docker run ps <img> ?
  • How to provision (Ansible, Chef …) my docker container ?
  • Why shouldn’t I install my deps directly in the container using �docker exec -it <container> apt install <pkg> Instead of using images and Dockerfiles ?
  • ….

7 of 14

What is a container ?

8 of 14

Containers are nothing but “special” linux processes

  • Linux technologies
    • Namespaces (PID, UID, MOUNT, NET …)
    • Chroot
    • Cgroups
    • SELinux, AppArmor
    • Capabilities
    • SECCOMP
  • “Linux containers” is not a real thing !!

9 of 14

Why are containers compared to VMs ? (OS virtualization Era)

10 of 14

Container lifecycle

Container registry

Remote repository

local repository

Container Host

image

pull

image

create

start

run

stop

rm

kernel

fs

pull

extend

mount

Spec file

run

11 of 14

Running Containers

12 of 14

Container runtime

Container engine

Container daemon

Container cli

13 of 14

Case Study: PBS (container-tools)

14 of 14

System container runtimes: LXC/LXD, OpenVZ ...