Linux container internals: Part 2

Have you ever wondered how Linux Containers work? How they really work, deep down inside? How does sVirt/SELinux, SECCOMP, namespaces, and isolation really work? How does the Docker Daemon work? How does Kubernetes talk to the Docker Daemon? How are container images made?

Well, we will answer these questions and more. If you want a deep technical understanding of containers, this is the lab for you. Join Red Hat engineers as we walk you through the deep, dark internals of the container host and what’s packaged in the container image. These hands on labs will give you the knowledge and confidence it takes to leverage your current Linux technical knowledge and apply it to Containers.

Part 1

The first lab provides a foundation for understanding container more deeply. After attending Part 1, students will be able to:

-Draw a diagram showing how the Linux kernel, services and daemons work together to create and deploy containers.

-Internalize how the architecture of the kernel and supporting services affect security and performance.

-Explain the API interactions of daemons and the host kernel to create isolated processes.

-Command the nomenclature necessary to technically discuss container repositories, image layers, tags, registry server and other components.

-Understand what the Open Containers Initiative and why this standard is important for your container images.

-Internalize the difference between base images and multi-layered images.

-Understand the full URL to an image/repository.

-Command a complete understanding of what is inside of a container image.

-Use layers appropriately in your architecture and design.

Part 2

The second session builds upon the foundations covered in Part 1 and covers the following topics. After attending Part 2, students will be able to:

-Understand the basic interactions of the major daemons and APIs in a typical container environment.

-Internalize the function of system calls and kernel namespaces.

-Understand how SELinux and sVirt secures containers.

-Command a conceptual understanding of how cgroups limit containers.

-Use SECCOMP to limit the system calls a container can make.

-Have a basic understanding of container storage and how it compares to normal Linux storage concepts.

-Gain a basic understanding of container networking and namespaces.

-Troubleshoot a basic Open vSwitch setup with Kubernetes/OpenShift.

-Understand the uses of multi-container applications.

-Internalize the difference between orchestration and application definition.

-Command basic container scaling principles.

-Use tools to troubleshoot containers in a clustered environment.

  • Date:Tuesday, May 8
  • Time:4:00 PM - 6:00 PM
  • Room:157
  • Location:Moscone South - 157
  • Session Type:Instructor-led lab
  • Session Code:L1052
  • Technical difficulty:Very advanced
  • Topic(s):Containers, Security
  • Session Includes:None of the above
  • Products and Services:Red Hat OpenShift Container Platform, Red Hat Enterprise Linux
  • Best for people who:Build applications, Design application/system architectures
  • Primary solution:Cloud computing
  • Time slot:Afternoon
Jamie Duncan
Red Hat
John Osborne
Red Hat
Scott McCarty
Red Hat