Containers Resources

What's a container?

Thinking of containers as "lightweight virtual machines" can be misleading. This material helps understanding how containerisation works on Linux and how it compares to other (OS-level or hardware) virtualisation solutions.

"The greatest trick containers ever pulled was convincing the world they existed."

• Cgroups, namespaces, and beyond: what are containers made from? by Jérôme Petazzoni
• Setting the Record Straight: containers vs. Zones vs. Jails vs. VMs by Jesse Frazelle
• What even is a container: namespaces and cgroups by Julia Evans

Building a container from scratch

It's actually not that hard! A Linux process can be isolated with a few system calls, even from the shell.

• Build Your Own Container Using Less than 100 Lines of Go by Julian Friedman (ex-Garden PM and engineer)
• Containers From Scratch by Liz Rice (code)
• DIY Linux Containers by Georgi Sabev (Garden engineer)

Digging deeper

More details on the technologies underlying Linux containers.

Namespaces

• The Linux Namespaces series by Ed King (ex-Garden engineer)
• Namespaces in Operation by Michael Kerrisk
• The namespaces(7) man page

Cgroups

• Introduction to Control Groups from 0xAX/linux-insides
• The cgroups(7) man page
• Linux Kernel documentation on CGroups
  • cgroups v1
  • cgroups v2

Filesystems

• Visualizing Docker Containers and Images by Daniel Eklund
• Container FS: Adapt or Die by Claudia Beresford & Tiago Scolari (both ex-Garden engineers) - this also provides some interesting historical context on Garden!
• Linux Kernel documentation on Overlay

Rootless

• The Route to Rootless Containers: a blog post by Ed King and a talk by Ed King and Julian Friedman
• The Route to Rootless Containers: a blog post by Claudia Beresford
• Getting Towards Real Sandbox Containers by Jesse Frazelle
• The Rootless Containers website, maintained by Aleksa Sarai, Akihiro Suda and Giuseppe Scrivano

Other Linux resources

• Don’t Fear the Subreaper by William Martin (ex-Garden engineer)
• The Linux Kernel documentation
• man7 by Michael Kerrisk
• 0xAX/linux-insides

What does the landscape look like?

• Open Containers Initiative (OCI)
  • Runtime Specification
  • Image Format Specification
  • Distribution Specification
• runc
• containerd
• github.com/containers

Practicing with the Garden Team Onboarding Tracker

The Onboarding Tracker is a way to practice what you have learned about Garden and containers. Use garden-onboarding-tracker to populate a Pivotal Tracker project with Garden onboarding stories.

Blog Posts from Garden Engineers

• Container Root Filesystems in Production: a blog post by Claudia Beresford
• Why is OverlayFS Slow Now?: a blog post by Claudia Beresford
• Envoy Proxy Deadlocked My Cloud: a blog post by Claudia Beresford
• A Better Way to Split the Cake: CPU Entitlements: a blog post by Julia Nedyalkova
• CPU Entitlements in Cloud Foundry: a video tutorial by Mario Nitchev
• SystemDon't: Killing It Softly With Cgroups: a blog post by Georgi Sabev
• The Garden Team and the Strange Case of a Connection Being Reset: a blog post by Danail Branekov