Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Krishnamohan Yerrabilli ☸️ Profile picture
Krishnamohan Yerrabilli ☸️
@K_Mohan_
Operations @Wnsholdings | CB @AWS Containers Domain | 🥑Contributor @kubernetesio Simplifying Complex topics into Visual Guides for you | Author @kubesimplify

Mar 14, 2023, 11 tweets

Linux namespaces are an important feature that helps to create separate environments in which programs can run independently.

This is crucial in modern, container-based systems where multiple programs must run on the same server without interfering with each other.

🧵👇

Technologies like Docker, Kubernetes are actually dependent on the Linux kernel to work things out.

The term container is a collection of Linux features called namespaces.

Let's see what those are.

/ IPC Namespace

It provides a container with its own set of System V IPC objects, such as message queues, shared memory segments, and semaphores.

System V IPC objects were originally developed in the Unix System V operating system, These mechanisms have later adopted by Linux.

/ Network Namespace

It provides a container with its own network stack, which includes network interfaces, routing tables, and firewall rules.

This helps in isolating the container's network traffic from the host system and other containers.

/ Mount Namespace

It provides a container with its own filesystem view. This means that a container can have its own set of mounted filesystems

The changes made to the mounted filesystems inside the container will not affect the host system.

/ UTS Namespace

Unix Time-Sharing Namespace allows a container to have its own hostname and domain name.

This helps in identifying the container and avoids conflicts with the host system.

/ UID Namespace

Provides a container with its own set of user and group IDs, which helps in isolating users and groups within the container from the host system.

It also helps in avoiding conflicts with user and group IDs on the host system.

/ PID Namespace

Each process in Linux is assigned a unique Process ID (PID) number.

It allows each process to have its own range of PIDs, which helps isolate processes within the container and prevents them from interfering with processes outside of the container.

/ Process isolation

It is a broader concept, typically achieved through the use of various techniques such as namespace isolation, cgroups, and seccomp filters.

I'll explain cgroups and seccomp features in another thread.

/ High-level View

By isolating different resources and aspects of the system, containers can provide security

Using all of this provides a consistent runtime environment for applications without interfering with each other or the host system.

My mission is to guide people who want to get into DevOps, from basics to advanced!!

If you had a good time reading this please retweet the first tweet to help others as well.

See you with another one soon, Have a Wonderful day!!

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling