4.3 Processes and cgroups
parent
adc1f4b1c0
commit
5e549b1451
|
|
@ -38,4 +38,61 @@ location of docker socket file on linux: `/var/run/docker.sock`
|
||||||
|
|
||||||
We can control the docker server using docker client inside a container: `docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock docker sh`
|
We can control the docker server using docker client inside a container: `docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock docker sh`
|
||||||
|
|
||||||
##
|
## Networking in Brief
|
||||||
|
|
||||||
|
TODO: Need further research this topic
|
||||||
|
|
||||||
|
* **Ethernet** layer: moves "frames" on a wire (or wireless)
|
||||||
|
* **IP** layer: moves packets on a local network
|
||||||
|
* **Routing**: forwards packets between networks
|
||||||
|
* **Ports**: address particular programs on a computer
|
||||||
|
|
||||||
|
### Bridging
|
||||||
|
|
||||||
|
* Docker uses bridges to create virtual networks in computer
|
||||||
|
* They are like software network switches
|
||||||
|
* They control Ethernet layer
|
||||||
|
* You can turn off this protection with `docker run --net=host options image-name command`
|
||||||
|
* `--net=host` gives container direct access to network
|
||||||
|
* Useful for learning/debugging
|
||||||
|
|
||||||
|
### Routing
|
||||||
|
|
||||||
|
* Creates "firewall" rules to move packets between networks
|
||||||
|
* NAT (Network Address Translation)
|
||||||
|
* Change the source address on the way out
|
||||||
|
* Change the destination address on the way back
|
||||||
|
|
||||||
|
`sudo iptables -n -L -t nat`
|
||||||
|
* `-n` for
|
||||||
|
|
||||||
|
`--previlige=true` will give docker all access
|
||||||
|
|
||||||
|
* Exposing a port = "port forwarding" in network layer
|
||||||
|
|
||||||
|
### Namespaces
|
||||||
|
|
||||||
|
* Allow process to be attached to private network segments
|
||||||
|
* Private networks are bridged into a shared network with the rest of the containers
|
||||||
|
* Containers get their own copy of the networking stack
|
||||||
|
|
||||||
|
??? Need learn this section (Container Networking in linkedin) specifically
|
||||||
|
|
||||||
|
## Processes and cgroups
|
||||||
|
|
||||||
|
### Primer on Linux Processes
|
||||||
|
|
||||||
|
* Processes come from other processes (parent-child relationship)
|
||||||
|
* When a child process exits, it returns an exit code to its parent
|
||||||
|
* **Process Zero** (`init`) is the process that starts the rest
|
||||||
|
* In Docker, a container starts with an init process and vanishes when that process exit
|
||||||
|
* By knowing the init process of the container, we can kill the container
|
||||||
|
|
||||||
|
`docker inspect` can be ...????
|
||||||
|
|
||||||
|
### Resource Limiting
|
||||||
|
|
||||||
|
Set limit for
|
||||||
|
* Scheduling CPU time
|
||||||
|
* Memory allocation limits
|
||||||
|
* Inherited limitations and quotas (summed total cannot exceed the limit)
|
||||||
Loading…
Reference in New Issue