OSCON 2018: Portland: Linux Container Internals

OSCON 2018: Portland: Linux Container Internals

Table of Contents

Abstract

This course provides a detailed examination of container architecture from the Linux kernel to Kubernetes, including security & resource controls, kernel structures, and low level storage & network function. This lab provides hands-on training, concepts, and demonstrations, with an emphasis on realistic deployment and troubleshooting exercises.

Topics include security (sVirt, SELinux, SECCOMP), isolation (kernel namespaces, cgroups), and data structures (Kubernetes/Linux). Together, these topics provide an architectural level understanding of the complete container stack, from the Linux kernel, to container runtime (Docker,CRI-O, runc), and container orchestration (Kubernetes).

Following a logical path from container host & image, to container runtime, to orchestrator, we will answer questions like: How does sVirt/SELinux, SECCOMP, namespaces, and isolation really work? How does the Docker Daemon work? How does Kubernetes talk to the Docker Daemon? How are container images made?

Presentation

Leave a Reply

Your email address will not be published. Required fields are marked *