Information below is not for the current semester.
The current semester can be found here.
Container exercises
Here are some fun things to try with containers. Work in any order, at your own pace. Ask for help if stuck as usual.
Containerize some app
- That is, write a Containerfile which builds an image with an application packaged - As mentioned, Dockerfile is a Docker-specific Containerfile, they are mostly interchangeable - Containerfile is a vendor-neutral (OCI) name
- Any app you run/want/need to run
- If the app needs to be built (compiled) first, use a separate build stage (mutli-stage builds)
- Write a Containerfile, build it and run the app
- Try working with Volumes (podman-run(1), see -v|–volume) - Volume = a directory mounted from the host into the container to achieve persistence
- Try working with Ports (podman-run(1), see -p|–publish) - Port = allows you to listen on some port on the host - Not really, it’s a hack - Podman starts a program listening on the port on the host for you and injects traffic into the container slirp
Take a look at overlayfs
- (Introduction.)
- This filesystem demonstrates the flexibility of Linux file systems by implementing something very non-traditional
- Podman/Docker use it to implement layers (r/w container FS on top of r/o image FS, image layers, etc.)
- If you’re root, you can mount(8) -t overlayfs directly
- If you’re not root, you can use fuse-overlayfs(1) - FUSE itself is a very interesting thing - “File System in Userspace” - Allows you to implement and mount file systems as non-root user - Via a kernel module (fuse.ko) and a setuid userspace binary (fusermount(1))
Try working with Pods in Podman
- podman-pod(1)
- Pods really are just a collection of containers which share certain namespaces - For example, they share the network namespace by default - This makes sense for “compound” workloads, such as RESTful backend API + database - The containers are still isolated from one another, but to a much lesser extent
- Run whatever makes sense for you particularly
Try to build a container from scratch
- Tutorial
- Use e.g. Alpine Linux root filesystem
- Learn about the various namespaces(7) and how they work
- Learn about cgroups(7)
- Use unshare (or syscalls directly if you dare) to isolate the container from the host - That is, don’t use Podman, it hides too many things from you
- Try to get the container online
Further reading
- If you’re interested in containers, take a look at “Podman In Action” by D. Walsh (Manning, 2023).
- Good book, easy to read
- Covers history (Docker vs. Podman), basics, namespaces, etc.