https://github.com/srodi/container-101

The project aims to demonstrate the basics of container creation and management on a Linux machine.
https://github.com/srodi/container-101

cgroups containers linux network-namespaces

Last synced: 7 months ago
JSON representation

The project aims to demonstrate the basics of container creation and management on a Linux machine.

• Host: GitHub
• URL: https://github.com/srodi/container-101
• Owner: SRodi
• License: apache-2.0
• Created: 2024-11-06T22:59:13.000Z (over 1 year ago)
• Default Branch: master
• Last Pushed: 2024-11-18T10:09:13.000Z (over 1 year ago)
• Last Synced: 2024-11-18T11:29:57.363Z (over 1 year ago)
• Topics: cgroups, containers, linux, network-namespaces
• Language: Shell
• Homepage: https://www.srodi.com/posts/what-is-a-container/
• Size: 2.63 MB
• Stars: 2
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Create a container with a Bash script

This repo contains a script to create a basic Linux container using Bash. The steps include configuring Linux cgroups, creating network namespaces, and setting up a root filesystem. Executing the script will create the container and start an interactive shell inside it.

## Functionalities

Here is a breakdown of the `create.sh` script functionalities:

1. Create `Filesystem`: Downloads and extracts the Alpine Linux miniroot filesystem into /mnt/mycontainer. Creates a /proc directory inside the container's filesystem.

2. Set Up `cgroups`: Creates a cgroup named mycontainer for memory and CPU.

3. Set Up `Network Namespace`:

   * Creates a network namespace called mycontainer_ns.

   * Creates a virtual Ethernet (veth) pair, veth0 and veth1.

   * Assigns veth1 to the mycontainer_ns namespace.

   * Configures IP addresses for veth0 and veth1.

4. Run `unshare` within the network namespace to create a new mount namespace, a new PID namespace, and mounts the proc filesystem, then `chroots` into the container's filesystem and starts a shell.

## Demo 

This script essentially sets up a basic containerized environment with network isolation and a separate process namespace. The demo also shows the network communication from container to host and vice versa, this is done with the `veth` configuration in `create.sh`.

![Demo](demo.gif)

## Prerequisites

1. Linux machine with kernel version >= 5.8

2. `libcgroup-dev` and `debootstrap`

Install the following

```sh

sudo apt update && sudo apt upgrade -y

sudo apt install -y libcgroup-dev debootstrap

```

## Quickstart

To create the container

```sh

sudo ./create.sh

```

To delete the container

```sh

sudo ./delete.sh

```