Native Linux containers in Go, and other alternatives to Docker and Kubernetes

Docker and Kubernetes are what most people think of when asked about containers, but unlike VMs or Solaris Zones or BSD Jails, containers aren't really a first class concept. Instead they are just a combination of kernel features like cgroups, namespaces, and security modules (SELinux/AppArmor) with auxiliary support services for managing process orchestration/lifecyles, file system images, ingress proxies/port mapping, and/or fancy overlay networks. And while most container runtimes provide some controls on how those features are used, you might find scenarios where it is beneficial to use the container features directly from Go, via your init system, or using lower level tools instead of having to adhere to the way Docker or Kubernetes wire things together.

In this talk Greg Bray from Walmart Labs will show how you can implement a basic Linux container directly in Go and gain a better understanding of what containers are made of. We will also compare and contrast alternatives to Docker and Kubernetes like Ubuntu's LXD, Google's gVisor, or Facebook's Tupperware to see how other less well-known container runtimes are designed.

Dinner will be provided. Please RSVP so we know how much food to order.