Henry Du Blog

think digital, act analog

Container Networks

Container Networks Network Namespace Linux container network stack is isolated in its own network namespace. The network stack includes: Network Interface, Loopback Device, Routing Table and iptables chains/rules. The containerized process will use its own network stack to send and response the network request. If the running container wants to use the host network stack, the --net=host option will be used. Let’s start a Nginx container by sharing the host network.

Posted by Henry Du on Tuesday, November 23, 2021

Cgroups: Container Resource Limitation

Container Resource Limitation Cgroups A container is running as a single process in a host. If multiple containers are running in the same host, there is a chance that one container will occupy the full CPU, while others are in the starvation situation. Therefore, it would be better to have a resource limitation, such that, one container will not fully share the host resources, such as CPU, memory etc. Linux Cgroups is the feature to limit resources for a process in Linux kernel.

Posted by Henry Du on Saturday, November 20, 2021

Deep Dive Kubernetes Notes: Container Isolation

Deep Dive Kubernetes Notes: Container Process Isolation Process The binary executables are stored in the file system as a file. When the operating system starts to run one executable, it will load the file into the memory. For example, Linux executable has ELF format. In memory layout, it has a text area containing all the instructions. The instruction will be executed by CPU as an execution path. In the meantime, there may be files, I/O devices open and close associated with these executions.

Posted by Henry Du on Saturday, November 13, 2021

Golang Interface Source Code Brief Look

Golang Interface Source Code Brief Look Based on go v1.13, there are two struct definition for go interface: eface and iface. type eface struct { _type *_type data unsafe.Pointer } type iface struct { tab *itab data unsafe.Pointer } eface The eface represents the interface which does not have any method: interface{}. The eface has two fields: _type and data. data is actually a pointer to point to real data. _type is defined as follows:

Posted by Henry Du on Sunday, February 7, 2021

K8S Runtime: With or Without Docker

K8S Container Runtime Evolution With Docker In Kubernetes v1.20 release note, the major change is to deprecate dockershim, which means, K8S will never use Docker as container runtime. The Kubernetes community has written a blog post about this in detail. The docker runtime is just one component of Docker suite. Developers still use Docker to compile a docker image, and use docker hub to store docker images, as a docker image repository.

Posted by Henry Du on Saturday, December 12, 2020

avatar

Software Developer, Open Source Enthusiast and Life Hacker

FEATURED TAGS
container dhcp docker golang kubernetes minikube networks
FRIENDS