A Developer’s Introduction to Containers
Link |
https://springone.io/2021/sessions/a-developers-introduction-to-containers |
Author(s) |
Nigel Brown as Senior Open Source Community Manager, VMware |
Length |
26:15 |
Date |
08-09-2021 |
Language |
English 🇺🇸 |
Track |
Cloud Native Platforms |
Rating |
⭐⭐⭐⭐⭐ |
-
✅ Excellent explanation of the container and Linux kernel concepts, simple but nice workshop
-
⛔ Slides would be better to support the ideas at the beginning
"Container is process isolation."
Container is a process or group of processes running in isolation; it is great for portability and security. The way of achieving the process isolation is by leveraging several features of the Linux kernel:
Namespaces
Namespaces wrap global system resources in an abstraction that makes it appear to the process within the namespace that they have their instance of the resource.
Process one and zero are typically reserved for what it takes to initialize our OS. In a container, typically, the application is running an application with process id one. That’s a whole instance of the process id counter that’s working inside the container that is different from what’s happening outside, and that’s achieved by having a separate namespace from within which to work.
cgroups
cgroups are control groups allowing processes to be organized into hierarchical groups whose usage of various types of resources can be then limited and monitored.
Basically, it allows assigning a maximum number of resources each group can allocate to ensure your critical system processes always have the resources they need to run.