Skip to content

Rootfs and container image layering

In the context of Linux containers, the file system mounted to the container's root directory—providing the isolated execution environment for the process—is known as rootfs (root file system).^[400-devops-06-kubernetes-k8s-paas-docker.md]

This rootfs is what is colloquially referred to as a container image.^[400-devops-06-kubernetes-k8s-paas-docker.md]

Composition and Consistency

A typical rootfs appears as a standard operating system directory structure, containing common directories such as /bin, /dev, /etc, /lib, /tmp, /usr, and /var.^[400-devops-06-kubernetes-k8s-paas-docker.md] Because the container process interacts with this rootfs rather than the host's file system, the container provides a deep level of environmental consistency.^[400-devops-06-kubernetes-k8s-paas-docker.md] This "rootfs consistency" bridges the gap between local development and remote execution environments, ensuring the application runs against the same OS-level dependencies in both places.^[400-devops-06-kubernetes-k8s-paas-docker.md]

Image Layering (Union Mount)

To optimize storage and enable reuse, Docker images are composed of multiple layers.^[400-devops-06-kubernetes-k8s-paas-docker.md] Each step in the image creation process generates an incremental rootfs (a layer).^[400-devops-06-kubernetes-k8s-paas-docker.md]

These layers are then combined using a union mount (specifically technologies like AuFS) to present a single, cohesive file system to the container.^[400-devops-06-kubernetes-k8s-paas-docker.md]

  • Storage: Individual layers are stored as separate directories, typically located in paths like /var/lib/docker/aufs/diff/.^[400-devops-06-kubernetes-k8s-paas-docker.md]
  • Unified View: These layers are mounted together onto a unified mount point, such as /var/lib/docker/aufs/mnt/....^[400-devops-06-kubernetes-k8s-paas-docker.md]
  • Structure: The final rootfs consists of a base layer (the operating system) plus any number of upper layers added by the user.^[400-devops-06-kubernetes-k8s-paas-docker.md]

Benefits of Layering

This layered architecture addresses the issue of environment repetition.^[400-devops-06-kubernetes-k8s-paas-docker.md]

  • Reusability: If one user creates a rootfs containing a Python environment, other users can utilize that image as a base for their own applications without needing to rebuild the Python stack themselves.^[400-devops-06-kubernetes-k8s-paas-docker.md]
  • Immutability: When a container is run, the base layers are typically mounted as read-only (ro), while a specific writable layer or container layer is added on top.^[400-devops-06-kubernetes-k8s-paas-docker.md]
  • Propagation: Users can save changes made to the writable layer using docker commit and push the result to a registry.^[400-devops-06-kubernetes-k8s-paas-docker.md] This creates a new image layer that can be shared, leaving the original underlying layers completely unmodified.^[400-devops-06-kubernetes-k8s-paas-docker.md]
  • [[Namespaces]]
  • [[Cgroups]]
  • [[Container Runtime]]

Sources

  • 400-devops-06-kubernetes-k8s-paas-docker.md