Containers From Scratch • Liz Rice • GOTO 2018
Вставка
- Опубліковано 27 вер 2024
- This presentation was recorded at GOTO Amsterdam 2018. #gotocon #gotoams
gotoams.nl
Liz Rice - Technology Evangelist with Aqua Security
ABSTRACT
What is a container? Is it really a “lightweight VM”? What are namespaces and control groups? What does a host machine know about my containers? And what do my containers know about each other?
In this talk Liz will live-code a container in a few lines of Go code, to answer [...]
Download slides and read the full abstract here:
gotoams.nl/201...
RECOMMENDED BOOKS
Liz Rice • Learning eBPF • amzn.to/4bIhSbH
Liz Rice • Container Security • amzn.to/3oU4iJe
Liz Rice • Kubernetes Security • www.oreilly.co...
/ gotoamst
/ gotoconference
gotocon.com
#Containers #Security #DevOps
Looking for a unique learning experience?
Attend the next GOTO Conference near you! Get your ticket at gotocon.com
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
www.youtube.co...
She explains everything so brilliantly, plus shes engaging, AND a live demo at the same time as speaking. Brilliant.
Great presentation!
Main takeaways:
Namespaces: Control what you can see
Control Group: Control what you can use
I am an absolute novice in the realm of Linux and Docker, but after watching this presentation I feel as if I understand the key concepts!
She is a WONDERFUL presenter, and explains what she is doing AS she is doing it! To do so clearly is an exceptional talent!
Learned more about linux processes in this
Hats off to the presenter!!!!! What a clear explanation of the concepts behind Dockers and Containers in general.
Excellent demo, I wouldn't have considered building a containerization system from scratch as a way to better understand them. It's a brilliant approach and it's taught me so much I did not know about Linux, Docker, and containerization. I'm glad I found your video and couldn't be more grateful. So many demo's jump too deep into the process, ignoring the inner workings, the why and the how. As an inquisitive person, It's difficult for me to accept and retain the procedural steps without understanding them on a deeper level. This video power-leveled me through the learning process.
Who else got here from the Docker installation tutorial?
I did! I think she should be super proud for that.
Same here. This is amazing.
I thought i knew about containers until i saw this and now i know more :)
This is one of the best videos i have seen on what are containers and what are the internal working.
Thanks for sharing!
This is absolutely very insightful presentation on the actual working of containers.
loved every minute of it
Absolutely eye opening. Now it all makes sense.
The most brilliant presenter I have ever seen! Really amazing thank you from
Still one of the best videos for understanding containers and how linux works.
Now I finally get containers. Thank you.
Amazing!! If you really want to understand containers this video is mandatory!👏
Such an informative talk and a wonderful demo that steps things up slowly!
Great talk. Love this kind of practical way of explaining complex concepts.
This type of talk is something i would pay to goto a conference and see.. Very nice!
Awesome. Best description of what a container actually is. Very cool
This is an amazing session. I like the way Liz explained the underlying concepts of containers from basic Linux concepts.
Awesome Stuff. Great to have someone share their knowledge in a digestable way.
Excellent! Congrats on this amazing Docker explanation. It was mind-blowing.
what a gangster live demo! Awesome!
This is a Masterclass! Thank you for sharing this with us
this was so great
Excellent demo, clears up a lot of confusion.
As good as a container talk can get ! Wish this is made available when people start with containers and get lost in all the complexity.
Right? You use Docker for 2 years before you even understand what it is. It's all magic under the hood and it just works. This makes it clear what's actually going on
excellent presentation. God bless
Amazing talk. Clear and brilliant. 5 Stars
What a brilliant explanation.
MINDBLOWING
Love the talk. Very insightful. Thank you
This is like the movie Inception, mind blowing!
Awesome! Had been using docker all these days. I can now create my own docker.
amazing
Simply said, great video!
This lady knows what she's doing, clarified my mind A LOT!
I'm a bit late to the party, but that was really amazing!
Just started with using docker great presentation
Great video
Great presentation
Brilliant talk! thank you very much!
Brilliant
That was a delightful talk/demo!
This Lady is a Legend :)
I think this is so great, and love the live demo!
amazing!
I still don't know what a container is, but at least I learned how to install a ubuntu VM in mac to run her code 😂
I am new to linux/unix systems.
And from the speaker's knowledge I can clearly see that in order to do all these you have to have knowledge of 2 things:
1. go's capability of interacting with host operating system.
2. Linux system in-depth understanding
Can anyone suggest best resource which I should read and practice get such an in-depth understanding of linux/unix system?
thank you!
Nice video. Thank you.
it really helped in understanding namespaces and cgroups!!!
Excellent, with a bit poor sound recording.
Awesome!
That's a pity that some people almost cover her voice, though. Made it harder to understand.
Just a kindly remind you must run this strictly in Linux and root user, WSL and MacOS does not work. if you do not have a linux on hand, suggest to run virtual machine
Hi,
I am having a bit of problem running this part:
cmd.SysProcAttr = &syscall.SysProcAttr{
Cloneflags: syscall.CLONE_NEWUTS,
}
if I run this then the child process is not called, but if I comment out the hostname namespace creation, then a new process is created.
My Go version is 1.10 linux/amd64
I think syscall.CLONE_NEWUTS only works as root user.
Great presentation, but she didn't show what network namespace affects the containers, maybe it is much more complicated for explaining veth pairs, bridges and iptables for accessing outside web services.
This got linked from the official Docker tutorial as an introduction into understanding Docker. I'm not a Go programmer so this very difficult to extract what is going on. It's probably a great presentation with loads of useful information but don't see the relevance of it being under the title "What is a container?" on page 1 of a Docker tutorial titled "Getting started". I haven't down-voted the video as I think that would be unfair, I just feel for the people who have followed the first page of docker/getting-started and landed here.
The link to this video states: "If you'd like to see how containers are built from scratch, Liz Rice from Aqua Security has a fantastic talk in which she creates a container from scratch in Go. While she makes a simple container, this talk doesn't go into networking, using images for the filesystem, and more. But, it gives a fantastic deep dive into how things are working."
I think the implication is that this is an aside, a nice-to-know, but not necessary yet. I'm following the same tutorial, and learned quite a bit from this video. Your mileage may vary.
Its an interesting video, even though it's in an OS and language I dont understand, and I thought it was going to be about how to use containers in a day to day basis, not how to make one from scratch. XD
What GO IDE is she using? The auto completion seems super responsive!!
It's Visual Studio Code, and there's probably the "Go for Visual Studio Code" extension by Microsoft for it :)
Nice presentation, enjoyed it - Here's the github link for anyone needing it.. github.com/lizrice/containers-from-scratch
You are the wind beneath my wings. many thanks.
😀
21:30 did I get it right? she mounted the host's proc folder inside the "vagrant-ubuntu-fs" ?
If you don't know how to use docker, don't bother watching it doesn't help
Awesome
I'm sure the content is great but the video is shaking and the voice-recording hollow, how can I get the transcript instead?
I maybe wrong, but limits os max memory can result a buffer overflow ? Sorry if this question is simple
I think that can always happen no matter what. The point is that other programs don't choke up. (I think)
I like the VS Code theme! What is it?
Monokai
oh man.. I was checking the video in a fast manner until I saw that :(){ :|: & };: command. I executed it in my terminal which wasn't so much fun :D
_Please add English subtitles..._
How much are y'all getting paid to use/implement docker technology?
Any comments! ?
"Minus L"!??
This was very detailed which is great, but it seems as though a deep knowledge of Linux is required? Most of this went straight over my head. Those directories full of properties? None of that made any sense.
I came here from the first page of an introduction to containers from the docker hub site and am presented with how to simulate a container using the go language. It is probably a good talk on that premise but absolutely of no use if you don't know what a docker container is in the first place. Docker should not direct newbies to this video.
who could possibly press dislike, barbarians!
I wish I could put a dislike on the idiots in the background talking while she's talking. Good lord some people are rude.
lose lose.
great topic and great presenter but horrible audio. oof!
Kn kire
:O
For a more detailed understanding, you can watch the video in the link given below, which illustrates the fundamental concepts around containerization along with Linux containers, docker, and Kubernetes. #lxd #lxc #docker #kubernetes
ua-cam.com/video/TlqD6UXdPHM/v-deo.html
Say "hostinger" again, I dare you, I double dare you..
If someone never heard about containers, he will probably never touch one after seeing this. Is hard to find out what she is talking about if you are not a Linux geek. A better name for this presentation would be: 'What is a container inside Linux and how it works'.
That's nonsense! "If someone never heard about containers" then why would that someone want to watch this video in the first place?
@@javijee_ isn't it obvious? get a clue from the video title? someone who is a beginner in Docker and wants to start learning about it would want to watch this video. I agree with the previous comment. It's like wanting to learn how to drive a car and getting an explanation about how the engine works internally.
@@mainichewitz maybe you didn't get what "from scratch" means here. It doesn't mean "containers for dummies" but "building containers from scratch" (as opposed to using higher level tools like docker) as a way to show what they are. That implies some minimum knowledge of Linux programming. That was pretty obvious, from the title, to me.
@@javijee_ Please be aware that this video is linked from the "101 tutorial" of Docker, so from that context, people coming here may have the expectations of learning about high level concepts of containers to get started with Docker. It's like going through a Python tutorial for the first time and finding a "Python from scratch" video (expecting to learn how to declare variables, write functions, etc.) only to get content about the inner workings of the language compiler. Other than the arguably misleading title, this talk is great for those who want to learn about the low-level aspects of containers.
@@mainichewitz Oh, I see. Thanks.
Absolutely nauseating camera jitter on this.
more confused than when I started.
This could really benefit from some light editing. Conference speeches are always bad. Choose your audience
If only I can like multiple times
Seriously one of the coolest talks I’ve seen in a while. A fantastic insight into how containers like Docker operate under the hood!! Haha itching now to build my very own container platform...
Amazing!
Seriously one of the best videos on the topic! So much info made so simple. I'm searching for all your other presentations :)
For the first time, I'm seeing how container works in behind the scenes. Excellent explanation, with no boredom. Thank you to the Presenter and the Organizer.
This is a great talk and it would have deserved significantly better Audio quality.
Sensational! Never saw such brilliant explanation built up from the ground. Love it!
me sitting here thinking like "oooh, that makes sense. cmd.Stdout = os.Stdout" actually, doesn't understand anything
What do I need to learn this? Unix EDU, learn programming? from Stanford?
Learn Go, the programming language. I think it takes the default output and attaches it to the container so the container program can output as well. (not sure)
What an absolute gem to the community, transcribed and explained in such a way that a novice and a scholar in this realm can gather and rejoice in such an eloquent speech. The future is in good hands; If (Mrs.) Rice presentation is given to those looking to expand there knowledge. Thank you truly to all those involved in making this possible a WONDERFUL Masterclass.
Crystal clear intro to docker
Brilliant exposition. Masterful balance.
this was one of the best videos i watched in a while
For anyone that landed here from the docker 101 tutorial, if you don't know some linux basics you can skip this video as probably you won't understand that much what's going on...
Aside from that this was a great demo on how containerization works :=)
You got that right. I didn't understand any of it!
Very clear and nice presentation!
How did she get the ubuntu-fs?
The Ubuntu filesystem (ubuntu-fs) or the fs of any other distro can be copied from a machine running that distro. You can spin up an Ubuntu VM, SSH into it, and then use scp (or rsync/whatever your preferred ssh copy tool is) to copy it over to your host OS.
The idea is since linux kernels are the same between distros (accounting for version), you can spin up a container that thinks it's running on an ubuntu host by just mounting the ubuntu root fs as the root fs of the container. Then the .bashrc for example, will export the path of the relevant utils to the shells path, and so when run, it will seem like your ssh'd inside an ubuntu machine, even though the host might be arch.