This blog provides an overview of containers and container runtimes.
What are containers?
Containers are software packages that include the components needed to run in any environment.
Containers can virtualize the operating system and run it from any place, such as a private data center, a public cloud, or even a developer's own laptop, in this fashion. This functionality allows you to quickly build, share, and deploy applications.
Container names come from the shipping industry. As we all know, anytime we need to move something across town, we use containers or boxes like the ones seen below, and we fill the boxes with various items.
However in the Information Technology world, this blue box has been referred to as a container image in which we will install our own applications and x-dependencies.
Example in terms of IT field-
We have a containers image with applications as well as X-dependencies of bin/libraries.
Now, we'll take this image and turn it into a container that can be used in a different environment.
Why Containers?
• Application development and development are faster than ever.
• Lower barriers for taking risks
• To build immutable infrastructure- don’t update and create something new
• Cost-effectiveness and more…
Docker containers that run on Docker Engine:
• Standard: Docker created the industry standard for containers, so they could be portable anywhere
• Compact: Containers share the machine's OS system kernel, eliminating the need for a separate OS for each application, resulting in improved server efficiency and lower server and licensing costs.
• Secure: Containerized applications are more secure, and Docker has the industry's strongest default isolation features.
Containers vs Virtual Machines
Containers are virtual machines that are small and light. It's a good analogy (albeit it's not always accurate), but it's not true. We install guest OS on top of hardware in VMs. However, in Containers, we can execute directly on the host OS, eliminating the need for a guest OS.
Containers and virtual machines differ in their architectural approach.
Let's look at it more closely.
Containers and virtual machines differ in that they *share* the host system's kernel with other containers.
Benefits of containers
• Cost-effective
• Plateform independent — Bare-metel, VMs, Cloud…
• Rapid application development
• Version Control
• Sharing
• Security
>
Containers Use-Cases
• Quick Prototyping
• DevOps
• Continuous Integration and Deployment (CI/CD)
• Platform as a Service (PaaS) etc…
Containers Runtimes
• Containerd (runC)
• Docker
• Rocket(rkt)
• CRI-O
We have two primary features which are responsible for creating containers.
1. namespace- It provides process or resources isolation, complete isolation of containers, separate file system.
There are 6 types of namespaces:
1. mount ns- for the file system.
2. UTS (Unique time-sharing) ns- which checks for different hostnames of running containers
3. IPC ns- inter-process communication
4. Network ns- distinct IP addresses are assigned to different containers
5. PID ns- process id isolation
6. user ns- different username(uid)
2. cgroup- We do the resource allocation c-groups restricts the resources available to a process or group of processes. These resources include CPU, memory, network I/O, and disk access.
In Dec’14, CoreOS launched Rocket(rkt). The Open Container Initiative (OCI) was founded under the auspices of The Linux Foundation to avoid vendor lock-in and predisposition for a certain corporation.
runC
• runC is the implementation of OCI Runtime specification.
• CLI tools for spanning and running containers
• Compatible with Docker
• Does nor create
• Integrates well with systemd.
Containerd is a daemon that runs on Linux and Windows. It manages the complete container lifecycle of its host system, from image transfer and storage to container execution and supervision to low-level storage to network attachments and beyond.
rkt
• Launched in 2014 by CoreOS - CoreOS Created new container runtime specification App containers (“appc”)
• There is active work happening to make “rkt” OCI compliant.
• “rkt” has no daemon process
• “rkt” works well with “systemd”.
Docker
• Docker is more than just a container runtime.
• It provides a platform for developing, shipping, and running applications.
• At the core, it has a Docker Engine, which runs and manages containers.
