[k8s study notes-Introduction to container concepts (1)-Process]

Enterprise 2023-09-20 20:08:43 views: null

Containers and PAAS

Containers are actually a sandbox technology. As the name suggests, a sandbox is a technology that can "pack" your application like a container.

In this way, applications will not interfere with each other because of the boundaries; and applications packed into containers can be moved around easily. Isn't this the most ideal state of PaaS?

How to implement boundaries

process

When the application "program" is executed, it changes from a binary file on the disk to data in the computer memory, values ​​in the registers, instructions in the stack, opened files, and status information of various devices. a collection of. The sum of the computer execution environment after a program like this is run is the so-called process. The static performance of the process is the program file, and the dynamic performance is the sum of the data and status in the computer after the program is run.

The core function of container technology: creating a "boundary" for it by constraining and modifying the dynamic performance of the process

For most Linux containers such as Docker, Cgroups technology is the main method used to create constraints, while Namespace technology is the main method used to modify the process view.

A container is a special process

In fact, when creating a container process, a set of Namespace parameters that need to be enabled for this process are specified. In this way, the container can only "see" the resources, files, devices, status, or configurations limited by the current Namespace. As for the host machine and other unrelated programs, it is completely invisible, which achieves a blindfold.

Unlike a real virtual machine, when using Docker, there is no real "Docker container" running in the host.

Blind trick : The Docker project helps users start the original application processes, but when creating these processes, Docker adds various Namespace parameters to them. At this time, these processes will feel that they are process No. 1 in their respective PID Namespaces. They can only see the directories and files mounted in their respective Mount Namespaces, and can only access the network devices in their respective Network Namespaces, as if they were running Inside each "container", isolated from the world.

Summarize

Insert image description here

Guess you like

Origin blog.csdn.net/Amelie123/article/details/126217426
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com