Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Containers in OpenStack

You're reading from   Containers in OpenStack Leverage OpenStack services to make the most of Docker, Kubernetes and Mesos

Arrow left icon
Product type Paperback
Published in Dec 2017
Publisher Packt
ISBN-13 9781788394383
Length 176 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Authors (2):
Arrow left icon
Pradeep Kumar Singh Pradeep Kumar Singh
Author Profile Icon Pradeep Kumar Singh
Pradeep Kumar Singh
Madhuri Kumari Madhuri Kumari
Author Profile Icon Madhuri Kumari
Madhuri Kumari
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Working with Containers FREE CHAPTER 2. Working with Container Orchestration Engines 3. OpenStack Architecture 4. Containerization in OpenStack 5. Magnum – COE Management in OpenStack 6. Zun – Container Management in OpenStack 7. Kuryr – Container Plugin for OpenStack Networking 8. Murano – Containerized Application Deployment on OpenStack 9. Kolla – Containerized Deployment of OpenStack 10. Best Practices for Containers and OpenStack

Container components

Linux containers are typically comprised of five major components:

  • Kernel namespaces: Namespaces are the major building blocks of Linux containers. They isolate various types of Linux resources such as the network, processes, users, and the filesystem into different groups. This allows different groups of processes to have completely independent views of their resources. Other resources that can be segregated include the process ID space, the IPC space, and semaphore space.
  • Control groups: Control groups, also known as CGroups, limit and account for different types of resource usage such as the CPU, memory, disk I/O, network I/O, and so on, across a group of different processes. They help in preventing one container from resource starvation or contention caused by another container, and thereby maintains QoS.
  • Security: Security in containers is provided via the following components:
    • Root capabilities: This will help in enforcing namespaces in so-called privileged containers by reducing the power of root, in some cases to no power at all.
    • Discretionary Access Control (DAC): It mediates access to resources based on user-applied policies so that individual containers can't interfere with each other and can be run by non-root users securely.
    • Mandatory Access Controls (MAC): Mandatory Access Controls (MAC), such as AppArmor and SELinux, are not required for creating containers, but are often a key element to their security. MAC ensures that neither the container code itself nor the code running in the containers has a greater degree of access than the process itself requires. This way, it minimizes the privileges granted to rogue or compromised processes.
    • Toolsets: Above the host kernel lies the user-space toolsets such as LXD, Docker, and other libraries, which help in managing containers:
You have been reading a chapter from
Containers in OpenStack
Published in: Dec 2017
Publisher: Packt
ISBN-13: 9781788394383
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image