Containers Unveiled: Exploring macOS NATIVE containers

Рет қаралды 1,986

Күн бұрын

Earthly ➤ earthly.dev
In this video, we delve deep into the fascinating world of containers and their implementation on various operating systems. We begin by exploring the traditional definition of containers, which involves using Linux system calls and namespaces for isolation. However, we also introduce an expanded definition that includes shared kernel isolation mechanisms on platforms like Windows and macOS.
We delve into the controversy surrounding the expanded definition of containers. Some individuals question whether containers running on platforms other than Linux can truly be considered containers. We argue for the need to broaden our understanding of containers, emphasizing that the shared kernel isolation mechanism can be implemented differently on each host operating system
📒 Links 📒
Article version of this video:
earthly.dev/blog/macos-native...
Related article about chroot:
earthly.dev/blog/chroot/
Related video about chroot:
• Build your own Contain...
MacOs Containers Github:
github.com/macOScontainers
MacOs Containers website:
macoscontainers.org/
📒 Chapters 📒
0:00 Introduction
01:52 Unraveling the Container
03:34 A flashback to foundations
05:10 Mac OS Containers initiative
06:15 Definition of Containers PURIST
06:49 Definition of Containers EXPANDED
08:19 Native Windows Server Containers
10:32 The Mac OS Odyssey
16:44 Things that don't work
18:12 The final Pitch

Пікірлер: 11

@jhonyortiz5 8 ай бұрын

I really don't know about the implementation of containers at all. But any time I heard containers being explained especially when compared to VMs, the kernel sharing was the biggest part of what a container was. I didn't even know there was a formal definition 😂

@EarthlyTech 8 ай бұрын

Thanks for coming to my rant :)

@arunaruljothi9890 4 ай бұрын

Pretty cool project. Would it make sense to run these containers inside a VM (like UTM) so we can mimic control groups/namespaces?

@EarthlyTech 3 ай бұрын

Good question. I'm not familiar with UTM to be honest. But yes, a downside of this approach is that you don't have the features and restrictions control groups and namespaces bring.

@sammcj2000 7 ай бұрын

chroot isn't a container, it's just changing the perceived root of a filesystem, the #1 main thing with containerisation is namespaced workloads.

@EarthlyTech 7 ай бұрын

Maybe... But if you mean namespaces in the syscall sense, that that excludes windows containers though. And if you mean conceptual namespaces, where you just can't see what's running in another namespace then doesn't that make a VM a container, because the workloads are namespaced? Or is the shared kernel an important part of it? Which needs to be supported using the capabilities of the kernel in question?

@K3rbalSpace 2 ай бұрын

@@EarthlyTech I agree with you that people are getting far too hung up on the details of the definition, it doesn't matter if there is a VM involved or not. I think it would be fair though to say that "container" means isolation of filesystem, IPC and networking. If an implementation can run two environments at the same time that can listen on the same TCP ports and talk to processes using pipes, without having to know to avoid other instances or the host, than that is a "container". So for now at least, a chroot is only ever going to be a "filesystem container" since chroots will all share the same networking and PID space. FWIW, I have myself used your exact same chroot technique to produced a "docker-like" tool for Solaris, HPUX and AIX for my work. Being able to "docker pull" AIX images is great , but I don't get full isolation and can still destroy the host OS

@sepheiba 5 ай бұрын

Great news, hopefully I can use Podman natively on macOS soon

@EarthlyTech 5 ай бұрын

Best of luck!

@nex 8 ай бұрын

Two quick things about “Mac OS X”: 1. It's pronounced Mac OS *ten*. 2. The last version of Mac OS X was Lion, which came out over 12 years ago. After that, it was OS X, and since Sierra (over four years ago), it's macOS. So, you don't even need to remember how to pronounce the ‘X’ any more, since there isn't any ;) P.S. (OK, it's three quick things I guess): IMO it's totally fine to spell it ”MacOS”. However, definitely don't ever call it ”Mac OS” - that's an entirely different system! And ”MacOs” is just silly.

@EarthlyTech 8 ай бұрын

I knew me saying X was going to come up! That was a mistake and you are totally right! I'll stick to macOS from now on.