SlideShare a Scribd company logo

Evoluation of Linux Container Virtualization

Imesh Gunaratne
Imesh Gunaratne

Hypervisors, Linux Containers, Linux Kernel features used by Containers, LXC Engine, Docker, CoreOS and Kubernetes

1 of 46
Downloaded 236 times
Evolution of Linux Container Virtualization Imesh Gunaratne Technical Lead, WSO2 Committer & PMC Member, Apache Stratos
Agenda โ— Virtualization โ— Linux Containers โ— LXC โ— Docker โ— CoreOS โ— Kubernetes
Virtualization
Virtualization In computing, refers to the act of creating a virtual (rather than actual) version of something, including but not limited to a virtual computer hardware platform, operating system (OS), storage device, or computer network resources. http://en.wikipedia.org/wiki/Virtualization
Hypervisor A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or hardware that creates and runs virtual machines. http://en.wikipedia.org/wiki/Hypervisor
Linux Containers
Linux Containers Linux Container Brief for IEEE WG P2302, Boden Russell
Linux Containers An operating systemโ€“level virtualization method for running multiple isolated Linux systems (containers) on a single control host. http://en.wikipedia.org/wiki/LXC
Linux Kernel Features used by Linux Containers โ— Namespaces โ— cgroups โ— AppArmor โ— SELinux โ— seccomp โ— chroot
Namespaces Wraps global system resources in an abstraction that makes it appear to the processes that they have their own isolated instance of the global resource. Included in Linux Kernel 2.4.19 http://lwn.net/Articles/531114/
Namespaces Currently, Linux implements six different types of namespaces: 1. mnt (mount points, filesystems) 2. pid (processes) 3. net (network stack) 4. ipc (inter-process communication) 5. uts (hostname) 6. user (user ids) http://www.cs.ucsb.edu/~rich/class/cs290-cloud/papers/lxc-namespace.pdf
cgroups (Control Groups) A Linux kernel feature to limit, account, and isolate resource usage (CPU, memory, disk I/O, etc.) of process groups. Started by engineers in Google in 2007 and merged into the Linux Kernel 2.6.24 http://en.wikipedia.org/wiki/Cgroups
cgroups (Control Groups) โ— Access: which devices can be used per cgroup โ— Resource limiting: memory, CPU, device accessibility, block I/O, etc โ— Prioritization: who gets more of the CPU, memory, etc โ— Accounting: resource usage per cgroup โ— Control: freezing & checkpointing http://en.wikipedia.org/wiki/Cgroups
AppArmor AppArmor is a Linux security module implemented using the Linux Security Modules (LSM) kernel interface. It allows the system administrator to associate with each program a security profile that restricts the capabilities of that program. http://en.wikipedia.org/wiki/AppArmor
SELinux (Security Enhanced Linux) SELinux is a Linux kernel security module that provides a mechanism for supporting access control on security policies for programs. Originally developed by the United States National Security Agency (NSA). Included in Linux kernel 2.6.0-test3, released on 8 August 2003 http://en.wikipedia.org/wiki/Security-Enhanced_Linux
SELinux - How it works โ— Compiled into the Linux kernel โ— Package security policies in the distribution โ— Policies in most distributions are applied only to system processes, not user processes โ— Checks database of rules on syscalls โ— Policies allows/denies what a daemon can access and how โ— Prevents daemons compromise affecting other files/users/etc (namespaces) SELinux for Everyday Users, PaulWay
seccomp (Secure Computing Mode) โ— seccomp is a secure-computing facility that provides an application sandboxing mechanism in the Linux kernel. โ— Provides isolation for computing โ— It allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write(). http://en.wikipedia.org/wiki/Seccomp
seccomp (Secure Computing Mode) It was merged into the Linux kernel mainline in version 2.6.12, released on March 8, 2005. http://en.wikipedia.org/wiki/Seccomp
chroot http://www.lorien.ch/server/chroot.html
chroot A chroot on Unix operating systems is an operation that changes the root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally not access) files outside the designated directory tree. http://en.wikipedia.org/wiki/Chroot
chroot The modified environment is called a "chroot jail" Introduced in version 7 Unix in 1979, and added to BSD by Bill Joy on 18 March 1982 http://en.wikipedia.org/wiki/Chroot
LXC A Hypervisor for Linux Containers
LXC Engine: A Hypervisor for Containers Linux Container Brief for IEEE WG P2302, Boden Russell
LXC (LinuX Containers) LXC is an operating systemโ€“level virtualization method for running multiple isolated Linux systems (containers) on a single control host. โ— From the inside it looks like a VM โ— From the outside it looks like a normal process โ— Provides lightweight virtualization
Kernel Features used by LXC โ— Kernel namespaces (ipc, uts, mount, pid, network and user) โ— Control groups (cgroups) โ— Apparmor and SELinux profiles โ— Seccomp policies โ— Chroots (using pivot_root) โ— Kernel capabilities
Evoluation of Linux Container Virtualization
Docker Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. โ— Initially developed by dotCloud โ— Original version written in Python, now written in Go โ— A very young project (started March, 2013), but with a huge community
Problem: Shipping Software Introduction to Docker, Jรฉrรดme Petazzoni
Solution: Linux Container Introduction to Docker, Jรฉrรดme Petazzoni
Solved Introduction to Docker, Jรฉrรดme Petazzoni
Virtual Machines Vs Docker
Docker Architecture Enterprise Docker, Adrien BLIND, Aurelien GABET, Arnaud MAZIN
Docker - Hello World # Get one base Docker image >docker pull ubuntu # List Docker images available >docker images # Run hello world >docker run ubuntu:14.04 echo "hello world" Docker Paris Meetup, Victor Vieux, dotCloud Inc
Detached mode # Run hello world in detached mode (-d) >docker run -d ubuntu sh -c "while true; do echo hello world; sleep 1; done" # Get containerโ€™s ID >docker ps # Attach to the container >docker attach <container-id> # Stop/start/restart the container >docker stop <container-id> Docker Paris Meetup, Victor Vieux, dotCloud Inc
Evoluation of Linux Container Virtualization
CoreOS CoreOS is a new Linux distribution that has been re-architected to provide features needed to run modern infrastructure stacks.
CoreOS Architecture
CoreOS Architecture Fleet ties together systemd and etcd into a distributed init system
Evoluation of Linux Container Virtualization
Kubernetes Kubernetes is an open source implementation of container cluster management.
Kubernetes High Level Architecture
Kubernetes High Level Architecture
Kubernetes Component Architecture
Kubernetes Terminology โ— Pod - A group of Containers โ— Labels - Labels for identifying pods โ— Kubelet - Container Agent โ— Proxy Service - A load balancer for Pods โ— etcd - A metadata service โ— cAdvisor - Container Advisor provides resource usage/performance statistics โ— Replication Controller - Manages replication of pods โ— Scheduler - Schedules pods in worker nodes โ— API server - Kubernetes API server
References โ— http://en.wikipedia.org/wiki/Virtualization โ— http://en.wikipedia.org/wiki/Hypervisor โ— http://en.wikipedia.org/wiki/LXC โ— http://www.cs.ucsb.edu/~rich/class/cs290- cloud/papers/lxc-namespace.pdf โ— http://en.wikipedia.org/wiki/Cgroups โ— http://en.wikipedia.org/wiki/AppArmor โ— http://en.wikipedia.org/wiki/Security- Enhanced_Linux โ— http://www.lorien.ch/server/chroot.html
References โ— SELinux for Everyday Users, PaulWay โ— http://en.wikipedia.org/wiki/Seccomp โ— http://en.wikipedia.org/wiki/Chroot โ— Linux Container Brief for IEEE WG P2302, Boden Russell โ— http://kubernetes.io/ โ— https://coreos.com
Ad

Recommended

Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
Boden Russell
ย 
Lxc โ€“ next gen virtualization for cloud intro (cloudexpo)
Lxc โ€“ next gen virtualization for cloud intro (cloudexpo)Lxc โ€“ next gen virtualization for cloud intro (cloudexpo)
Lxc โ€“ next gen virtualization for cloud intro (cloudexpo)
Boden Russell
ย 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Phil Estes
ย 
Linux containers โ€“ next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers โ€“ next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers โ€“ next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers โ€“ next gen virtualization for cloud (atl summit) ar4 3 - copy
Boden Russell
ย 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStack
Boden Russell
ย 
Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...
Boden Russell
ย 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Jรฉrรดme Petazzoni
ย 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
Jรฉrรดme Petazzoni
ย 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Jรฉrรดme Petazzoni
ย 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101
inside-BigData.com
ย 
Docker introduction
Docker introductionDocker introduction
Docker introduction
dotCloud
ย 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
Phil Estes
ย 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
Boden Russell
ย 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolation
allingeek
ย 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
Google
ย 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?
Jรฉrรดme Petazzoni
ย 
Understanding LXC & Docker
Understanding LXC & DockerUnderstanding LXC & Docker
Understanding LXC & Docker
Comprinno Technologies
ย 
LXC โ€“ NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC โ€“ NextGen Virtualization for Cloud benefit realization (cloudexpo)LXC โ€“ NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC โ€“ NextGen Virtualization for Cloud benefit realization (cloudexpo)
Boden Russell
ย 
Docker internals
Docker internalsDocker internals
Docker internals
Rohit Jnagal
ย 
LXC
LXCLXC
LXC
Wu Fan-Cheng
ย 
Lightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFSLightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFS
Jรฉrรดme Petazzoni
ย 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016
Phil Estes
ย 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
rajdeep
ย 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Jรฉrรดme Petazzoni
ย 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
dotCloud
ย 
Docker
DockerDocker
Docker
Mutlu Okuducu
ย 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization
Sim Janghoon
ย 
Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?
Docker, Inc.
ย 
Rkt Container Engine
Rkt Container EngineRkt Container Engine
Rkt Container Engine
Thuc Le Dong
ย 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratch
joshuasoundcloud
ย 
Ad

More Related Content

What's hot (20)

Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Jรฉrรดme Petazzoni
ย 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101
inside-BigData.com
ย 
Docker introduction
Docker introductionDocker introduction
Docker introduction
dotCloud
ย 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
Phil Estes
ย 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
Boden Russell
ย 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolation
allingeek
ย 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
Google
ย 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?
Jรฉrรดme Petazzoni
ย 
Understanding LXC & Docker
Understanding LXC & DockerUnderstanding LXC & Docker
Understanding LXC & Docker
Comprinno Technologies
ย 
LXC โ€“ NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC โ€“ NextGen Virtualization for Cloud benefit realization (cloudexpo)LXC โ€“ NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC โ€“ NextGen Virtualization for Cloud benefit realization (cloudexpo)
Boden Russell
ย 
Docker internals
Docker internalsDocker internals
Docker internals
Rohit Jnagal
ย 
LXC
LXCLXC
LXC
Wu Fan-Cheng
ย 
Lightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFSLightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFS
Jรฉrรดme Petazzoni
ย 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016
Phil Estes
ย 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
rajdeep
ย 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Jรฉrรดme Petazzoni
ย 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
dotCloud
ย 
Docker
DockerDocker
Docker
Mutlu Okuducu
ย 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization
Sim Janghoon
ย 
Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?
Docker, Inc.
ย 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Jรฉrรดme Petazzoni
ย 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101
inside-BigData.com
ย 
Docker introduction
Docker introductionDocker introduction
Docker introduction
dotCloud
ย 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
Phil Estes
ย 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
Boden Russell
ย 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolation
allingeek
ย 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
Google
ย 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?
Jรฉrรดme Petazzoni
ย 
Understanding LXC & Docker
Understanding LXC & DockerUnderstanding LXC & Docker
Understanding LXC & Docker
Comprinno Technologies
ย 
LXC โ€“ NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC โ€“ NextGen Virtualization for Cloud benefit realization (cloudexpo)LXC โ€“ NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC โ€“ NextGen Virtualization for Cloud benefit realization (cloudexpo)
Boden Russell
ย 
Docker internals
Docker internalsDocker internals
Docker internals
Rohit Jnagal
ย 
LXC
LXCLXC
LXC
Wu Fan-Cheng
ย 
Lightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFSLightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFS
Jรฉrรดme Petazzoni
ย 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016
Phil Estes
ย 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
rajdeep
ย 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Jรฉrรดme Petazzoni
ย 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
dotCloud
ย 
Docker
DockerDocker
Docker
Mutlu Okuducu
ย 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization
Sim Janghoon
ย 
Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?
Docker, Inc.
ย 

Viewers also liked (20)

Rkt Container Engine
Rkt Container EngineRkt Container Engine
Rkt Container Engine
Thuc Le Dong
ย 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratch
joshuasoundcloud
ย 
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Etsuji Nakai
ย 
Virtualization Vs. Containers
Virtualization Vs. ContainersVirtualization Vs. Containers
Virtualization Vs. Containers
actualtechmedia
ย 
Why Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS wayWhy Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS way
Ahmed Mekkawy
ย 
Sometimes you feel like a docker... sometimes you don't.
Sometimes you feel like a docker... sometimes you don't.Sometimes you feel like a docker... sometimes you don't.
Sometimes you feel like a docker... sometimes you don't.
bridgetkromhout
ย 
Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
Adrian Otto
ย 
Chingis Sandanov. Container virtualization
Chingis Sandanov. Container virtualizationChingis Sandanov. Container virtualization
Chingis Sandanov. Container virtualization
i20 Group
ย 
Docker
DockerDocker
Docker
Cary Gordon
ย 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and Virtualization
Zubair Nabi
ย 
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStackReal World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Nati Shalom
ย 
A Performance Comparison of Container-based Virtualization Systems for MapRed...
A Performance Comparison of Container-based Virtualization Systems for MapRed...A Performance Comparison of Container-based Virtualization Systems for MapRed...
A Performance Comparison of Container-based Virtualization Systems for MapRed...
Marcelo Veiga Neves
ย 
Namespace
NamespaceNamespace
Namespace
Luรญs Eduardo
ย 
Criaรงรฃo de ambientes em chroot
Criaรงรฃo de ambientes em chrootCriaรงรฃo de ambientes em chroot
Criaรงรฃo de ambientes em chroot
Rudรก Moura
ย 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Jim Yeh
ย 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on Kubernetes
Imesh Gunaratne
ย 
chroot and SELinux
chroot and SELinuxchroot and SELinux
chroot and SELinux
Shay Cohen
ย 
Virtualization
VirtualizationVirtualization
Virtualization
Shivam Singh
ย 
LSA2 - 02 chrooting
LSA2 - 02 chrootingLSA2 - 02 chrooting
LSA2 - 02 chrooting
Marian Marinov
ย 
Chw00t: Breaking unicesโ€™ chroot solutions
Chw00t: Breaking unicesโ€™ chroot solutionsChw00t: Breaking unicesโ€™ chroot solutions
Chw00t: Breaking unicesโ€™ chroot solutions
Positive Hack Days
ย 
Rkt Container Engine
Rkt Container EngineRkt Container Engine
Rkt Container Engine
Thuc Le Dong
ย 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratch
joshuasoundcloud
ย 
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Etsuji Nakai
ย 
Virtualization Vs. Containers
Virtualization Vs. ContainersVirtualization Vs. Containers
Virtualization Vs. Containers
actualtechmedia
ย 
Why Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS wayWhy Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS way
Ahmed Mekkawy
ย 
Sometimes you feel like a docker... sometimes you don't.
Sometimes you feel like a docker... sometimes you don't.Sometimes you feel like a docker... sometimes you don't.
Sometimes you feel like a docker... sometimes you don't.
bridgetkromhout
ย 
Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
Adrian Otto
ย 
Chingis Sandanov. Container virtualization
Chingis Sandanov. Container virtualizationChingis Sandanov. Container virtualization
Chingis Sandanov. Container virtualization
i20 Group
ย 
Docker
DockerDocker
Docker
Cary Gordon
ย 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and Virtualization
Zubair Nabi
ย 
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStackReal World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Nati Shalom
ย 
A Performance Comparison of Container-based Virtualization Systems for MapRed...
A Performance Comparison of Container-based Virtualization Systems for MapRed...A Performance Comparison of Container-based Virtualization Systems for MapRed...
A Performance Comparison of Container-based Virtualization Systems for MapRed...
Marcelo Veiga Neves
ย 
Namespace
NamespaceNamespace
Namespace
Luรญs Eduardo
ย 
Criaรงรฃo de ambientes em chroot
Criaรงรฃo de ambientes em chrootCriaรงรฃo de ambientes em chroot
Criaรงรฃo de ambientes em chroot
Rudรก Moura
ย 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Jim Yeh
ย 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on Kubernetes
Imesh Gunaratne
ย 
chroot and SELinux
chroot and SELinuxchroot and SELinux
chroot and SELinux
Shay Cohen
ย 
Virtualization
VirtualizationVirtualization
Virtualization
Shivam Singh
ย 
LSA2 - 02 chrooting
LSA2 - 02 chrootingLSA2 - 02 chrooting
LSA2 - 02 chrooting
Marian Marinov
ย 
Chw00t: Breaking unicesโ€™ chroot solutions
Chw00t: Breaking unicesโ€™ chroot solutionsChw00t: Breaking unicesโ€™ chroot solutions
Chw00t: Breaking unicesโ€™ chroot solutions
Positive Hack Days
ย 
Ad

Similar to Evoluation of Linux Container Virtualization (20)

Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualization
WSO2
ย 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
ย 
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
kanedafromparis
ย 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
ย 
Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015
Mustafa AKIN
ย 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
Stephane Woillez
ย 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
All Things Open
ย 
Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker Fundamentals
Anshul Patel
ย 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
Fabio Fumarola
ย 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Patrick Chanezon
ย 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
Nicolas De Loof
ย 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
Henryk Konsek
ย 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
Phil Estes
ย 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
kanedafromparis
ย 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Imesh Gunaratne
ย 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
Marc Cortinas Val
ย 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Phil Estes
ย 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container Platform
All Things Open
ย 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
Andrey Hristov
ย 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
Andrey Hristov
ย 
Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualization
WSO2
ย 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
ย 
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
kanedafromparis
ย 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
ย 
Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015
Mustafa AKIN
ย 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
Stephane Woillez
ย 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
All Things Open
ย 
Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker Fundamentals
Anshul Patel
ย 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
Fabio Fumarola
ย 
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...
Patrick Chanezon
ย 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
Nicolas De Loof
ย 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
Henryk Konsek
ย 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
Phil Estes
ย 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
kanedafromparis
ย 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Imesh Gunaratne
ย 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
Marc Cortinas Val
ย 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Phil Estes
ย 
Security on a Container Platform
Security on a Container PlatformSecurity on a Container Platform
Security on a Container Platform
All Things Open
ย 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
Andrey Hristov
ย 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
Andrey Hristov
ย 
Ad

More from Imesh Gunaratne (20)

Planning WSO2 Deployments on Pivotal Cloud Foundry
Planning WSO2 Deployments on Pivotal Cloud FoundryPlanning WSO2 Deployments on Pivotal Cloud Foundry
Planning WSO2 Deployments on Pivotal Cloud Foundry
Imesh Gunaratne
ย 
Planning WSO2 Deployments on DC/OS
Planning WSO2 Deployments on DC/OSPlanning WSO2 Deployments on DC/OS
Planning WSO2 Deployments on DC/OS
Imesh Gunaratne
ย 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
Imesh Gunaratne
ย 
Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1
Imesh Gunaratne
ย 
WSO2 Container Strategy
WSO2 Container StrategyWSO2 Container Strategy
WSO2 Container Strategy
Imesh Gunaratne
ย 
WSO2 API Manager Reference Architecture for DC/OS
WSO2 API Manager Reference Architecture for DC/OSWSO2 API Manager Reference Architecture for DC/OS
WSO2 API Manager Reference Architecture for DC/OS
Imesh Gunaratne
ย 
WSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
WSO2 API Manager Reference Architecture for Pivotal Cloud FoundryWSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
WSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
Imesh Gunaratne
ย 
WSO2 Kubernetes Reference Architecture - Nov 2017
WSO2 Kubernetes Reference Architecture - Nov 2017WSO2 Kubernetes Reference Architecture - Nov 2017
WSO2 Kubernetes Reference Architecture - Nov 2017
Imesh Gunaratne
ย 
WSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service StrategyWSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service Strategy
Imesh Gunaratne
ย 
Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud Strategy
Imesh Gunaratne
ย 
Deploying WSO2 Middleware on Containers
Deploying WSO2 Middleware on ContainersDeploying WSO2 Middleware on Containers
Deploying WSO2 Middleware on Containers
Imesh Gunaratne
ย 
Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)
Imesh Gunaratne
ย 
Deploying WSO2 Middleware on Mesos
Deploying WSO2 Middleware on MesosDeploying WSO2 Middleware on Mesos
Deploying WSO2 Middleware on Mesos
Imesh Gunaratne
ย 
Service Oriented Architecture & Beyond
Service Oriented Architecture & BeyondService Oriented Architecture & Beyond
Service Oriented Architecture & Beyond
Imesh Gunaratne
ย 
Docker for Java Developers
Docker for Java DevelopersDocker for Java Developers
Docker for Java Developers
Imesh Gunaratne
ย 
WSO2 Cloud Strategy Update
WSO2 Cloud Strategy UpdateWSO2 Cloud Strategy Update
WSO2 Cloud Strategy Update
Imesh Gunaratne
ย 
An Introduction to Go
An Introduction to GoAn Introduction to Go
An Introduction to Go
Imesh Gunaratne
ย 
Scale into Multi-Cloud with Containers
Scale into Multi-Cloud with ContainersScale into Multi-Cloud with Containers
Scale into Multi-Cloud with Containers
Imesh Gunaratne
ย 
Making a Better World with Technology Innovations
Making a Better World with Technology InnovationsMaking a Better World with Technology Innovations
Making a Better World with Technology Innovations
Imesh Gunaratne
ย 
Introduction to WSO2 Private PaaS 4.1.0
Introduction to WSO2 Private PaaS 4.1.0Introduction to WSO2 Private PaaS 4.1.0
Introduction to WSO2 Private PaaS 4.1.0
Imesh Gunaratne
ย 
Planning WSO2 Deployments on Pivotal Cloud Foundry
Planning WSO2 Deployments on Pivotal Cloud FoundryPlanning WSO2 Deployments on Pivotal Cloud Foundry
Planning WSO2 Deployments on Pivotal Cloud Foundry
Imesh Gunaratne
ย 
Planning WSO2 Deployments on DC/OS
Planning WSO2 Deployments on DC/OSPlanning WSO2 Deployments on DC/OS
Planning WSO2 Deployments on DC/OS
Imesh Gunaratne
ย 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
Imesh Gunaratne
ย 
Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1
Imesh Gunaratne
ย 
WSO2 Container Strategy
WSO2 Container StrategyWSO2 Container Strategy
WSO2 Container Strategy
Imesh Gunaratne
ย 
WSO2 API Manager Reference Architecture for DC/OS
WSO2 API Manager Reference Architecture for DC/OSWSO2 API Manager Reference Architecture for DC/OS
WSO2 API Manager Reference Architecture for DC/OS
Imesh Gunaratne
ย 
WSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
WSO2 API Manager Reference Architecture for Pivotal Cloud FoundryWSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
WSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
Imesh Gunaratne
ย 
WSO2 Kubernetes Reference Architecture - Nov 2017
WSO2 Kubernetes Reference Architecture - Nov 2017WSO2 Kubernetes Reference Architecture - Nov 2017
WSO2 Kubernetes Reference Architecture - Nov 2017
Imesh Gunaratne
ย 
WSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service StrategyWSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service Strategy
Imesh Gunaratne
ย 
Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud Strategy
Imesh Gunaratne
ย 
Deploying WSO2 Middleware on Containers
Deploying WSO2 Middleware on ContainersDeploying WSO2 Middleware on Containers
Deploying WSO2 Middleware on Containers
Imesh Gunaratne
ย 
Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)
Imesh Gunaratne
ย 
Deploying WSO2 Middleware on Mesos
Deploying WSO2 Middleware on MesosDeploying WSO2 Middleware on Mesos
Deploying WSO2 Middleware on Mesos
Imesh Gunaratne
ย 
Service Oriented Architecture & Beyond
Service Oriented Architecture & BeyondService Oriented Architecture & Beyond
Service Oriented Architecture & Beyond
Imesh Gunaratne
ย 
Docker for Java Developers
Docker for Java DevelopersDocker for Java Developers
Docker for Java Developers
Imesh Gunaratne
ย 
WSO2 Cloud Strategy Update
WSO2 Cloud Strategy UpdateWSO2 Cloud Strategy Update
WSO2 Cloud Strategy Update
Imesh Gunaratne
ย 
An Introduction to Go
An Introduction to GoAn Introduction to Go
An Introduction to Go
Imesh Gunaratne
ย 
Scale into Multi-Cloud with Containers
Scale into Multi-Cloud with ContainersScale into Multi-Cloud with Containers
Scale into Multi-Cloud with Containers
Imesh Gunaratne
ย 
Making a Better World with Technology Innovations
Making a Better World with Technology InnovationsMaking a Better World with Technology Innovations
Making a Better World with Technology Innovations
Imesh Gunaratne
ย 
Introduction to WSO2 Private PaaS 4.1.0
Introduction to WSO2 Private PaaS 4.1.0Introduction to WSO2 Private PaaS 4.1.0
Introduction to WSO2 Private PaaS 4.1.0
Imesh Gunaratne
ย 

Recently uploaded (20)

Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
ย 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
ย 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
ย 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
ย 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
ย 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
ย 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
ย 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
ย 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
ย 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
ย 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
ย 
Drupalcamp Finland โ€“ Measuring Front-end Energy Consumption
Drupalcamp Finland โ€“ Measuring Front-end Energy ConsumptionDrupalcamp Finland โ€“ Measuring Front-end Energy Consumption
Drupalcamp Finland โ€“ Measuring Front-end Energy Consumption
Exove
ย 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
ย 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
ย 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
ย 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
ย 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
ย 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
ย 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
ย 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
ย 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
ย 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
ย 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
ย 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
ย 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
ย 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
ย 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
ย 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
ย 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
ย 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
ย 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
ย 
Drupalcamp Finland โ€“ Measuring Front-end Energy Consumption
Drupalcamp Finland โ€“ Measuring Front-end Energy ConsumptionDrupalcamp Finland โ€“ Measuring Front-end Energy Consumption
Drupalcamp Finland โ€“ Measuring Front-end Energy Consumption
Exove
ย 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
ย 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
ย 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
ย 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
ย 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
ย 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
ย 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
ย 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
ย 

Evoluation of Linux Container Virtualization

  • 1. Evolution of Linux Container Virtualization Imesh Gunaratne Technical Lead, WSO2 Committer & PMC Member, Apache Stratos
  • 2. Agenda โ— Virtualization โ— Linux Containers โ— LXC โ— Docker โ— CoreOS โ— Kubernetes
  • 4. Virtualization In computing, refers to the act of creating a virtual (rather than actual) version of something, including but not limited to a virtual computer hardware platform, operating system (OS), storage device, or computer network resources. http://en.wikipedia.org/wiki/Virtualization
  • 5. Hypervisor A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or hardware that creates and runs virtual machines. http://en.wikipedia.org/wiki/Hypervisor
  • 7. Linux Containers Linux Container Brief for IEEE WG P2302, Boden Russell
  • 8. Linux Containers An operating systemโ€“level virtualization method for running multiple isolated Linux systems (containers) on a single control host. http://en.wikipedia.org/wiki/LXC
  • 9. Linux Kernel Features used by Linux Containers โ— Namespaces โ— cgroups โ— AppArmor โ— SELinux โ— seccomp โ— chroot
  • 10. Namespaces Wraps global system resources in an abstraction that makes it appear to the processes that they have their own isolated instance of the global resource. Included in Linux Kernel 2.4.19 http://lwn.net/Articles/531114/
  • 11. Namespaces Currently, Linux implements six different types of namespaces: 1. mnt (mount points, filesystems) 2. pid (processes) 3. net (network stack) 4. ipc (inter-process communication) 5. uts (hostname) 6. user (user ids) http://www.cs.ucsb.edu/~rich/class/cs290-cloud/papers/lxc-namespace.pdf
  • 12. cgroups (Control Groups) A Linux kernel feature to limit, account, and isolate resource usage (CPU, memory, disk I/O, etc.) of process groups. Started by engineers in Google in 2007 and merged into the Linux Kernel 2.6.24 http://en.wikipedia.org/wiki/Cgroups
  • 13. cgroups (Control Groups) โ— Access: which devices can be used per cgroup โ— Resource limiting: memory, CPU, device accessibility, block I/O, etc โ— Prioritization: who gets more of the CPU, memory, etc โ— Accounting: resource usage per cgroup โ— Control: freezing & checkpointing http://en.wikipedia.org/wiki/Cgroups
  • 14. AppArmor AppArmor is a Linux security module implemented using the Linux Security Modules (LSM) kernel interface. It allows the system administrator to associate with each program a security profile that restricts the capabilities of that program. http://en.wikipedia.org/wiki/AppArmor
  • 15. SELinux (Security Enhanced Linux) SELinux is a Linux kernel security module that provides a mechanism for supporting access control on security policies for programs. Originally developed by the United States National Security Agency (NSA). Included in Linux kernel 2.6.0-test3, released on 8 August 2003 http://en.wikipedia.org/wiki/Security-Enhanced_Linux
  • 16. SELinux - How it works โ— Compiled into the Linux kernel โ— Package security policies in the distribution โ— Policies in most distributions are applied only to system processes, not user processes โ— Checks database of rules on syscalls โ— Policies allows/denies what a daemon can access and how โ— Prevents daemons compromise affecting other files/users/etc (namespaces) SELinux for Everyday Users, PaulWay
  • 17. seccomp (Secure Computing Mode) โ— seccomp is a secure-computing facility that provides an application sandboxing mechanism in the Linux kernel. โ— Provides isolation for computing โ— It allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write(). http://en.wikipedia.org/wiki/Seccomp
  • 18. seccomp (Secure Computing Mode) It was merged into the Linux kernel mainline in version 2.6.12, released on March 8, 2005. http://en.wikipedia.org/wiki/Seccomp
  • 20. chroot A chroot on Unix operating systems is an operation that changes the root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally not access) files outside the designated directory tree. http://en.wikipedia.org/wiki/Chroot
  • 21. chroot The modified environment is called a "chroot jail" Introduced in version 7 Unix in 1979, and added to BSD by Bill Joy on 18 March 1982 http://en.wikipedia.org/wiki/Chroot
  • 22. LXC A Hypervisor for Linux Containers
  • 23. LXC Engine: A Hypervisor for Containers Linux Container Brief for IEEE WG P2302, Boden Russell
  • 24. LXC (LinuX Containers) LXC is an operating systemโ€“level virtualization method for running multiple isolated Linux systems (containers) on a single control host. โ— From the inside it looks like a VM โ— From the outside it looks like a normal process โ— Provides lightweight virtualization
  • 25. Kernel Features used by LXC โ— Kernel namespaces (ipc, uts, mount, pid, network and user) โ— Control groups (cgroups) โ— Apparmor and SELinux profiles โ— Seccomp policies โ— Chroots (using pivot_root) โ— Kernel capabilities
  • 27. Docker Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. โ— Initially developed by dotCloud โ— Original version written in Python, now written in Go โ— A very young project (started March, 2013), but with a huge community
  • 28. Problem: Shipping Software Introduction to Docker, Jรฉrรดme Petazzoni
  • 29. Solution: Linux Container Introduction to Docker, Jรฉrรดme Petazzoni
  • 30. Solved Introduction to Docker, Jรฉrรดme Petazzoni
  • 32. Docker Architecture Enterprise Docker, Adrien BLIND, Aurelien GABET, Arnaud MAZIN
  • 33. Docker - Hello World # Get one base Docker image >docker pull ubuntu # List Docker images available >docker images # Run hello world >docker run ubuntu:14.04 echo "hello world" Docker Paris Meetup, Victor Vieux, dotCloud Inc
  • 34. Detached mode # Run hello world in detached mode (-d) >docker run -d ubuntu sh -c "while true; do echo hello world; sleep 1; done" # Get containerโ€™s ID >docker ps # Attach to the container >docker attach <container-id> # Stop/start/restart the container >docker stop <container-id> Docker Paris Meetup, Victor Vieux, dotCloud Inc
  • 36. CoreOS CoreOS is a new Linux distribution that has been re-architected to provide features needed to run modern infrastructure stacks.
  • 38. CoreOS Architecture Fleet ties together systemd and etcd into a distributed init system
  • 40. Kubernetes Kubernetes is an open source implementation of container cluster management.
  • 41. Kubernetes High Level Architecture
  • 42. Kubernetes High Level Architecture
  • 44. Kubernetes Terminology โ— Pod - A group of Containers โ— Labels - Labels for identifying pods โ— Kubelet - Container Agent โ— Proxy Service - A load balancer for Pods โ— etcd - A metadata service โ— cAdvisor - Container Advisor provides resource usage/performance statistics โ— Replication Controller - Manages replication of pods โ— Scheduler - Schedules pods in worker nodes โ— API server - Kubernetes API server
  • 45. References โ— http://en.wikipedia.org/wiki/Virtualization โ— http://en.wikipedia.org/wiki/Hypervisor โ— http://en.wikipedia.org/wiki/LXC โ— http://www.cs.ucsb.edu/~rich/class/cs290- cloud/papers/lxc-namespace.pdf โ— http://en.wikipedia.org/wiki/Cgroups โ— http://en.wikipedia.org/wiki/AppArmor โ— http://en.wikipedia.org/wiki/Security- Enhanced_Linux โ— http://www.lorien.ch/server/chroot.html
  • 46. References โ— SELinux for Everyday Users, PaulWay โ— http://en.wikipedia.org/wiki/Seccomp โ— http://en.wikipedia.org/wiki/Chroot โ— Linux Container Brief for IEEE WG P2302, Boden Russell โ— http://kubernetes.io/ โ— https://coreos.com