5 Poking Docker

Oh, Docker! With its catchy name and lovely whale logo, Docker has become the public face of Linux containers in just a few short years since its first release in 2013. I now routinely hear things like, “Have you Dockerized it?” and, “Just build an image with that; I don’t want to install the dependencies.” And it’s for a good reason. Docker capitalized on existing technology in the Linux kernel to offer a convenient and easy-to-use tool, ready for everyone to adopt. It played an important role in taking container technology from the arcane to the mainstream.

To be an effective chaos engineer in the containerized world, you need to understand what containers are, how to peek under the hood, and what new challenges (and wins) they present. In this chapter, we will focus on Docker, as it’s the most popular container technology.

5.1 My (Dockerized) app is slow!

5.1.1 Architecture

5.2 A brief history of Docker

5.2.1 Emulation, simulation, and virtualization

5.2.2 Virtual machines and containers

5.3 Linux containers and Docker

5.4 Peeking under Docker’s hood

5.4.1 Uprooting processes with chroot

5.4.2 Implementing a simple container(-ish) part 1: Using chroot

5.4.3 Experiment 1: Can one container prevent another one from writing to disk?

5.4.4 Isolating processes with Linux namespaces

5.4.5 Docker and namespaces

5.5 Experiment 2: Killing processes in a different PID namespace

5.5.1 Implementing a simple container(-ish) part 2: Namespaces

5.5.2 Limiting resource use of a process with cgroups

5.6 Experiment 3: Using all the CPU you can find!

5.7 Experiment 4: Using too much RAM

5.12.4 Security