At DockerCon 2017 we introduced LinuxKit: A toolkit for building secure, lean and portable Linux subsystems. For this Online Meetup, Docker Technical Staff member Rolf Neugebauer gave an introduction to LinuxKit, explained the rationale behind its development and gave a demo on how to get started using it.
Watch the recording and slides
Additional Q&A
You said the ONBOOT containers are run sequentially, does it wait for one to finish before it starts the next?
Yes, the nest ONBOOT container is only started once the previous one finished.
How do you make our own kernel to use?
See ./docs/kernels.md
How you would install other software that is not a container per say – eg sshd?
Everything apart from the init process and runc/containerd run in a container. There is an example under ./examples/sshd.yml on how to run a SSH server.
Can I load kernel modules – iptables/conntrack for example?
Yes. You can compile modules and add them to the image as described in ./docs/kernels.md. There is an open issue to allow compilation of kernel modules at run time.
Does it have to be Alpine linux – can it be say minimal Debian?
We mainly use Alpine for packages. The base rootfile system is basically busybox with a minimal init system, which we are planning to replace with a custom init program. You can create packages with Debian, if you like.
How we make data persistent like docker volumes to outside of linuxkit box?
There are examples on how to format/mount and use persistent disks, e.g., ./examples/docker.yml which uses a persistent disk to store docker images.
Bonus Talk: LinuxKit Security SIG
Learn more about #LinuxKit by @neugebar. Slides and recording from the latest online #meetup now upClick To Tweet
Learn more about LinuxKit and other components of the Moby Project
Attend the Moby Summit on 6/19 in San Francisco
Read more about LinuxKit
Stay up to date! Weekly LinuxKit Status Reports
More questions about LinuxKit? Join the Docker Community Slack: #linuxkit channel
The post Online meetup recap: Introduction to LinuxKit appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/
Published by