|
* ISO/OSI Reference Model
|
|
7 Application Layer | firefox web browser ^
|
6 Presentation Layer | HTML |
|
5 Session Layer | HTTP |
|
4 Transport Layer | TCP 80 |
|
3 Network Layer | IP 10.88.0.74 |
|
2 Datalink Layer | ETH 0:14:4f:c9:85:70 |
|
1 Physical Layer v Copper/Fibre |
|
|
People Do Not Throw Sausage Pizza Away
|
|
#+begin_src ditaa :file packet-content.png :cmdline -E -s 0.8
|
|
+----------+---
|
|Eth Frame |Payload
|
| Header |+-----------+----
|
| SRC MAC || IP Packet |Payload
|
| DST MAC || SRC IP |+-----------+-------
|
|| DST IP || TCP Packet| Payload...
|
| SRC Port
|
| DST Port
|
#+end_src
|
|
* layers
|
|
#+begin_src ditaa :file containerimage-layers.png :cmdline -E -s 0.8
|
ubi8 ubi8+apache ubi8+apache+php
|
+---------------+
|
| Instruction 2 |
|
+---------------+ +---------------+
|
| Instruction 1 | | Instruction 1 |
|
+-------------+ Instr1 +---------------+ Instr 2 +---------------+
|
| Base Layer | -------> | Base Layer | ---------> | Base Layer |
|
+-------------+ +---------------+ +---------------+
|
|
|
|Alt Inst2
|
v ubi8+apache+ruby
|
+---------------+
|
| Alt Inst 2 |
|
+---------------+
|
| Instruction 1 |
|
+---------------+
|
| Base Layer |
|
+---------------+
|
#+end_src
|
* Container components
|
|
#+begin_src ditaa :file processlist-containers.png :cmdline -E -s 0.8
|
|
|
|
+- 1 systemd
|
|
|
+- 42 bash
|
|
|
+- 23 vim
|
|
|
|---------------+ namespace, chroot, SELinux, cgroups, Seccomp
|
+- 53 mysql5.5 |
|
|---------------+
|
|---------------+ namespace, chroot, SELinux, cgroups, Seccomp
|
+- 54 mysql5.8 |
|
|---------------+
|
+------------+ namespace, chroot, SELinux, cgroups, Seccomp
|
+- 74 apache |
|
|------------+
|
|
|
+- 122 bash
|
|
|
#+end_src
|
|
/container1/usr/sbin/mysqld
|
/container2/usr/sbin/mysqld
|
|
chroot /container1
|
* UNIX Memory Seperation
|
|
#+begin_src ditaa :file userland.png :cmdline -E -s 0.8
|
|
+---------------------------------+ Process
|
Userland | Proc1, Proc2, ... | |
|
| | v
|
| | System Call
|
+-----SystemCalls-----------------+ |
|
+---------------------------------+ v
|
Kernel | Device Driver, Scheduler, | Kernel Driver
|
Space | Memory Management, ... |
|
+---------------------------------+
|
#+end_src
|
|
* docker vs podman components
|
|
(root)
|
docker-cli ---REST (HTTP)---> docker-daemon --> moby --> container
|
[webserver]
|
|
(root)
|
podman -> CRI-O -> runC -> container
|
(Container Runtime Interface - OCI (Open Container Initiative))
|
|
alias docker=podman
|
|
|
|
* oc command line tool parameter
|
|
oc is a modified kubectl, but full compatible
|
|
| Command | SubCommand | Resource Type | [<Resource Name>] |
|
|---------+-------------+----------------------------+-------------------|
|
| oc | get | pod | [name] |
|
| kubectl | describe | svc / service | |
|
| | edit | all | |
|
| | get -o yaml | replicationcontroller / rc | |
|
| | get -o json | deploymentconfig / dc | |
|
| | delete | buildconfig / bc | |
|
| | create | imagestream / is | |
|
| | | NetworkPolicy | |
|
| | | project | |
|
| | | route | |
|
|
# oc new-project
|
# oc new-app
|
# oc rsh <podname>
|
|
|
* UNIX Kernel Memory
|
|
#+begin_src ditaa :file system_memory.png :cmdline -E -s 0.8
|
|
+--------------------------------+
|
|0Heap |
|
| |
|
| |
|
| |
|
| |
|
| |
|
+--------------------------------+
|
Gap
|
+--------------------------------+
|
| |
|
| |
|
| |
|
|Stack 2^64|
|
+--------------------------------+
|
|
#+end_src
|
