updates 0x2266

rajp152k · Jun 11, 2024 · 29b7274 · 29b7274
1 parent 54403a4
commit 29b7274
Show file tree

Hide file tree

Showing 8 changed files with 53 additions and 8 deletions.
diff --git a/Content/20240205171209-go.org b/Content/20240205171209-go.org
@@ -3,12 +3,13 @@
 :END:
 #+title: Golang
 #+filetags: :golang:
-
-
 * Stream
+** 0x2266
+ - starting a book: building an orchestrator in golang
 ** 0x2221
  - pushing for competency : reading the ultimate go notebook
  - will also read up a lot about writing efficient software in general along the way (concurrency, hyperscaled infrastructure oriented software, and the likes)
 ** 0x21E7
  - starting out with go to get into cloud native applications and rewriting a product
 * Resources
+** BOOK: building an orchestrator in golang
diff --git a/Content/20240215121050-kubernetes.org b/Content/20240215121050-kubernetes.org
@@ -5,6 +5,8 @@
 #+title: Kubernetes
 #+filetags: :arch:compute:tool:
 
+see [[id:f822f8f6-89eb-4aa8-ac8f-fdcff3f06fb9][Orchestration]]
+
 * Abstract
 Conductors (or Choreographers (based on your tastes)) for [[id:d4627a77-fafc-4c76-91a2-59a84e42de71][containerization]].
 

diff --git a/Content/20240426135219-container.org b/Content/20240426135219-container.org
@@ -4,8 +4,21 @@
 #+title: Container
 #+filetags: :arch:compute:
 
-See [[id:af4d4e9f-3fd3-4718-ba73-e6af4f57c29c][Docker]].
-Also see [[id:cda61bfd-86b7-481d-b3da-748322bcfcb5][Moby]].
+See [[id:af4d4e9f-3fd3-4718-ba73-e6af4f57c29c][Docker]],[[id:cda61bfd-86b7-481d-b3da-748322bcfcb5][Moby]],[[id:d636ed7d-b411-40a9-8def-c512f9650f50][Podman]]
 
+* Working Mechanism
+** Prerequisites
+ - isolated execution environments leveraging two key kernel features: [[id:a4ca9065-0613-44f8-8ca5-693dfc7704ae][cgroups]] and [[id:92f509f7-5b8f-4beb-a66c-7890e79c84a3][namespaces]].
+ - cgroups (control groups) govern and isolate resource usage for processes.
+   - Processes are organized hierarchically into cgroups.
+   - Each cgroup enforces limits on resources like CPU time, memory, network bandwidth, and I/O.
+ - Namespaces provide process isolation by creating virtual views of system resources.
+** Collation
+Containers utilize both cgroups and namespaces to create isolated environments.
+1. Namespaces isolate: Processes, network resources, mount points, etc., creating the perception of a separate system.
+2. cgroups limit and manage:  Resource utilization within these isolated namespaces, ensuring predictable behavior.
+** Caveats:
+- Container security relies heavily on the Linux kernel. Kernel vulnerabilities can impact container isolation.
+- While providing strong isolation, containers are not virtual machines. They share the host kernel, unlike [[id:9111c90b-6462-4ea4-93eb-9d6dd9b8e0ef][VMs]] which have their own kernel.
 * Resources
  - https://container.training/intro-selfpaced.yml.html
diff --git a/Content/20240502085158-linux.org b/Content/20240502085158-linux.org
@@ -6,7 +6,7 @@
 
 * Abstract
  - this a fairly vast umbrella node that helps pedagogically cover several concepts in computer science.
- - a structured end to end walk throught will follow some day but as of now, stitching together what I need in the moment patch by patch.
+ - a structured end to end walk through will follow some day but as of now, stitching together what I need in the moment patch by patch.
 * Misc
 ** [[id:fc34b43d-57e6-49a7-a678-8ec9df4d0c55][Virtualization]]
 ** The Linux File System
@@ -90,11 +90,23 @@ tree -D -L 1 /
  - pseudo file system for virtual files attached to the linux kernel
 ** Init System
  - checkout : https://container.training/intro-selfpaced.yml.html#618
-** NameSpaces
+** [[id:a4ca9065-0613-44f8-8ca5-693dfc7704ae][Cgroups]]
+** Linux [[id:92f509f7-5b8f-4beb-a66c-7890e79c84a3][NameSpaces]]
+:PROPERTIES:
+:ID:       b64d0696-8061-4299-a17e-08627e0c2ead
+:END:
+
  - provide processes with their own view of the system
  - drop in conceptual replacement for UIDs
  - namespaces available in modern kernels:
  - checkout : https://container.training/intro-selfpaced.yml.html#705
+*** Types and Functions:
+- PID: Isolates process IDs. A process in one PID namespace can't see or interact with processes in another.
+- Network: Provides a separate network stack (interfaces, routing tables) for each namespace.
+- Mount:  Isolates mount points, allowing containers to have their own file system views.
+- UTS: Isolates hostname and domain name.
+- IPC: Isolates inter-process communication mechanisms.
+- User: Isolates user IDs and groups.
 ** Linux Security Modules (LSMs)
  - checkout : https://www.starlab.io/blog/a-brief-tour-of-linux-security-modules
  - also see : https://kubearmor.io/

diff --git a/Content/20240508163913-orchestration.org b/Content/20240508163913-orchestration.org
@@ -4,8 +4,10 @@
 #+title: Orchestration
 #+filetags: :cs:
 
-* Generic Practicals 
-** [[id:27a4d68c-adef-42aa-a4b4-b44b3f10395d][Apache Mesos]] - 
+See [[id:d4627a77-fafc-4c76-91a2-59a84e42de71][Container]]
+* Abstract
+* Instances
+** [[id:27a4d68c-adef-42aa-a4b4-b44b3f10395d][Apache Mesos]]
 ** [[id:c2072565-787a-4cea-9894-60fad254f61d][Kubernetes]]
 * Resources
  - https://en.wikipedia.org/wiki/Orchestration_(computing)

diff --git a/Content/20240611123051-podman.org b/Content/20240611123051-podman.org
@@ -0,0 +1,5 @@
+:PROPERTIES:
+:ID:       d636ed7d-b411-40a9-8def-c512f9650f50
+:END:
+#+title: Podman
+#+filetags: :compute:arch:
diff --git a/Content/20240611123619-cgroups.org b/Content/20240611123619-cgroups.org
@@ -0,0 +1,5 @@
+:PROPERTIES:
+:ID:       a4ca9065-0613-44f8-8ca5-693dfc7704ae
+:END:
+#+title: cgroups
+#+filetags: :linux:
diff --git a/Content/20240611123653-namespaces.org b/Content/20240611123653-namespaces.org
@@ -0,0 +1,5 @@
+:PROPERTIES:
+:ID:       92f509f7-5b8f-4beb-a66c-7890e79c84a3
+:END:
+#+title: namespaces
+#+filetags: :meta:cs: