Linux namespaces are an important feature that helps to create separate environments in which programs can run independently.
This is crucial in modern, container-based systems where multiple programs must run on the same server without interfering with each other.
🧵👇
This is crucial in modern, container-based systems where multiple programs must run on the same server without interfering with each other.
🧵👇
Technologies like Docker, Kubernetes are actually dependent on the Linux kernel to work things out.
The term container is a collection of Linux features called namespaces.
Let's see what those are.
The term container is a collection of Linux features called namespaces.
Let's see what those are.
/ IPC Namespace
It provides a container with its own set of System V IPC objects, such as message queues, shared memory segments, and semaphores.
System V IPC objects were originally developed in the Unix System V operating system, These mechanisms have later adopted by Linux.
It provides a container with its own set of System V IPC objects, such as message queues, shared memory segments, and semaphores.
System V IPC objects were originally developed in the Unix System V operating system, These mechanisms have later adopted by Linux.
/ Network Namespace
It provides a container with its own network stack, which includes network interfaces, routing tables, and firewall rules.
This helps in isolating the container's network traffic from the host system and other containers.
It provides a container with its own network stack, which includes network interfaces, routing tables, and firewall rules.
This helps in isolating the container's network traffic from the host system and other containers.
/ Mount Namespace
It provides a container with its own filesystem view. This means that a container can have its own set of mounted filesystems
The changes made to the mounted filesystems inside the container will not affect the host system.
It provides a container with its own filesystem view. This means that a container can have its own set of mounted filesystems
The changes made to the mounted filesystems inside the container will not affect the host system.
/ UTS Namespace
Unix Time-Sharing Namespace allows a container to have its own hostname and domain name.
This helps in identifying the container and avoids conflicts with the host system.
Unix Time-Sharing Namespace allows a container to have its own hostname and domain name.
This helps in identifying the container and avoids conflicts with the host system.
/ UID Namespace
Provides a container with its own set of user and group IDs, which helps in isolating users and groups within the container from the host system.
It also helps in avoiding conflicts with user and group IDs on the host system.
Provides a container with its own set of user and group IDs, which helps in isolating users and groups within the container from the host system.
It also helps in avoiding conflicts with user and group IDs on the host system.
/ PID Namespace
Each process in Linux is assigned a unique Process ID (PID) number.
It allows each process to have its own range of PIDs, which helps isolate processes within the container and prevents them from interfering with processes outside of the container.
Each process in Linux is assigned a unique Process ID (PID) number.
It allows each process to have its own range of PIDs, which helps isolate processes within the container and prevents them from interfering with processes outside of the container.
/ Process isolation
It is a broader concept, typically achieved through the use of various techniques such as namespace isolation, cgroups, and seccomp filters.
I'll explain cgroups and seccomp features in another thread.
It is a broader concept, typically achieved through the use of various techniques such as namespace isolation, cgroups, and seccomp filters.
I'll explain cgroups and seccomp features in another thread.
/ High-level View
By isolating different resources and aspects of the system, containers can provide security
Using all of this provides a consistent runtime environment for applications without interfering with each other or the host system.
By isolating different resources and aspects of the system, containers can provide security
Using all of this provides a consistent runtime environment for applications without interfering with each other or the host system.
My mission is to guide people who want to get into DevOps, from basics to advanced!!
If you had a good time reading this please retweet the first tweet to help others as well.
See you with another one soon, Have a Wonderful day!!
If you had a good time reading this please retweet the first tweet to help others as well.
See you with another one soon, Have a Wonderful day!!
https://twitter.com/K_Mohan_/status/1635484543078789121?s=20
• • •
Missing some Tweet in this thread? You can try to
force a refresh
