This page is under regular updates. Please check back later for more content.
Containers

Containers

  • A container is a self-contained ready-to-run application
  • This is what makes it different from a virtual machine!
  • Containers have all on board that is required to start the application
  • To start a container, a container runtime is required

Architecture

![image]

  • The container runtime is running on a host platform and establishes communication between the local host kernel and the container
  • So, all containers, no matter what they do, run on top of the same local host kernel

VM vs Containers

![image]

Understanding container components

  • Images are read-only environments that contain the runtime environment, which includes the application and all libraries it requires
  • Containers are the isolated runtime environments where the application is running. By using namespaces the containers can be offered as a strictly isolated environment
  • Registries are used to store images. Docker Hub is a common registry, other registries exist (like quay.io) and private registries can be created also.

In kubernetes Docker Hub registry is used as the default registry.

Containers are Linux

  • Containers are based on features offered by the Linux operating system
  • Linux Kernel Namespaces provide strict isolation between system components at different levels -
    • network
    • file
    • users
    • processes
    • IPCs
  • Namespaces are like the protective walls that keep containers separate and secure. They ensure that each container has its own private space, preventing conflicts and ensuring a reliable and efficient environment for running applications.
  • Linux CGroups offer resource allocation and limitation

Linux CGroups make sure that a container should never go beyond a certain amount of resource allocation.

Container runtime

  • The container runtime allows for starting and running the container on top of the host OS
  • The container runtime is responsible for all parts of running the container which are not already a part of the running container program itself
  • Different container runtime solutions exist
    • docker
    • Lxc
    • runc
    • cri-o
    • containerd
  • These runtimes are included in the different container solutions provided by OCI.

Open Container Initiative (OCI)

OCI is the Open Containers Initiative (https://opencontainers.org (opens in a new tab)). It standardizes the use of containers

  • The image-spec defines how to package a container in a "filesystem bundle"
  • The runtime-spec defines how to run that filesystem in a container
  • OCI standardization ensures compatibility between containers, no matter which environment they originally come from
  • The result is that for instance images made for Docker work without modifications in Red Hat Podman
AWS Support PlansUnderstanding Docker