3 Linux primitives: The basic Linux building blocks

This chapter covers:

Our definition of “Linux primitives” and why they are essential to Kubernetes
The importance of mount and storage for isolating and running containers
Why SystemD and cgroups are necessary Kubernetes building blocks
A walkthrough of some of `iptables” more critical features.
How containers manifest themselves in production, and how image baselayers affect Kubernetes clusters in the wild.

In this chapter, we’ll cover the underlying tools of the trade, which have been used for decades by Linux administrators to build out various “opinionated” internal Kubernetes-like tools. We introduce you to the essential elements that Kubernetes, and many other PAAS creations of the past.

Let’s kick things off with a couple of use cases:

Network administrators have historically shipped iptables rules with configuration management software and automated the configuration of these rules to poke firewall holes so applications can connect.
Storage administrators often provide directions for installing storage into an application - directions that require running the mount command on a server to attach an NFS client to a NAS, many different machines in a data center internal access to storage.

3.1 An example of why primitives matter: Load balancing is still hard

3.2 Namespaces: In Kubernetes and Linux

3.2.1 Isolation and Linux namespaces

3.3 Exploring iptables: A quintessential Linux primitive

3.3.1 Networking: Difference between a kubelet, and a hypervisor

3.3.2 How does iptables relate to my day job?

3.4 Primitives in action: nscenter and socat

3.5 File namespaces

3.5.1 Mount and containers

3.6 BPF: Obviating other primitives over time?

3.6.1 A quick TCPDump Example

3.6.2 Ok, back to BPF (or is it eBPF)?

3.7 Summary

3.8 Further reading