private-schrijfsels-en-notities/2021/linux container mess.md

linux container mess

• worked on rapidio interconnect subsystem with userspace components -> link to mention in kernel
• 2 years freebsd experience
  • mostly for NAS purposes using ZFS
  • upgrades are fairly smooth, things break but are documented and mentioned or are easy to fix
• divirged landscape of essential software components
• tightly integrated system detects problems early -> api breakages with scattered modules (different communities) are hard to handle
• container debate, just a bunch of complex namespaces and apis
• jails
• badly documented features (kdoc not userspace) -> freebsd has one base userspace and kernel are tightly coupled
• innovation should be managed well -> what does that mean
• the pinguin is getting fat -> lines of code -> complex matrix of kernel build variants
• upgrades to new versions are a pain in embedded systems as every release things get shoveled away or moved elsewhere and this is very badly documented
• linux container namespaces are getting out of hand

Namespaces

CPU namespace

• https://lwn.net/Articles/872507/

• https://lwn.net/Articles/812504

• A filesystem for namespaces

• ima: Namespace IMA with audit support in IMA-ns

• Controlling the CPU scheduler with BPF

• Linux container schedulers: RunC, systemd-nspawn, AWS bottlerocket, LXC/LXD, Openshift, Kubernetes, containerd, and of course Docker.

• https://containerjournal.com/features/people-want-boycott-docker/

• https://www.slideshare.net/PaoloTonin2/boycott-docker

Recently we launched Bottlerocket, a Linux-based container operating system written in Rust.” — Matt Asay, Amazon Web Services