% Build your own Pod
- Florian Arthofer
- Cloud Platform Engineer @ Dynatrace
@arthflon GitHub, Twitter...etc
- Understanding things on a very low level, helps you debugging the silly problems
- Containers are just an abstract concept to describe the usage of namespaces and cgroups to run isolated processes
- What you see
man namespaces
- What you can use
man cgroups
- The smallest deployable unit of computing in K8S
- A pod is a group of one or more containers, with shared storage/network, and a specification for how to run the containers
runc: CLI tool that implements the OCI standard- Used by Docker, Cloud Foundry, Kubernetes...etc
iproute2: default userspace utils for Linux networking- (This is not the lowest level to create containers)
- Create spec file with
runc spec
$ runc spec- Create root filesystem
$ mkdir rootfs
$ docker export $(docker create alpine:latest) | tar -C rootfs -xvf -- Run it!
$ runc run thecontainer- With our simple config, there is no network
- We have to set up everything ourself :-)
- Create a bridge
- Create a network namespace
- Patch container into bridge
- Tell container about network namespace
- Same network setup
- Just put two containers in the same network namespace
- Both see the same interface and can use it alternatingly
- Both containers have
/srv/somevolume, which is a bind-mount to the hosts/tmp/somevolume - They are now able to access and write the same files
- I'm really glad somebody automated all of that already
- ?
man namespacesman cgroupsman capabilities- https://blog.jessfraz.com/ (General container crazyness)
- https://blog.selectel.com/managing-containers-runc/ (low-level container networking)
- http://blog.siphos.be/tag/capabilities/ (capabilites overview)
- https://medium.com/@saschagrunert/demystifying-containers-part-i-kernel-space-2c53d6979504 (nice low level intro)