What is a Container:
A container is a full package (or) grouping of an entire runtime environment of an application including its binaries, the runtime to run the application, System related tools, System libraries, Settings, and configurations.
Are you kidding? It is full of Jargon.
I felt the same way when I read it first. Trust me this is not one of that articles.
I wrote this for myself when I was learning a Containers. I would have byhearted this If it had been for an exam but thank god that's not the case.
So back to the question, Really What is a container?
To understand what is a container, I would have to take you to some basics on how Our Operating systems are working.
How Operating System works ( A Basics)
Look at the following diagram where I have tried to explain how an Operating System is working.
If you look at it, There are three different Programs and they have their binaries and configuration files on the Harddisk.
When a Program/Process is running on your computer it gives a Call to Kernal using SystemCall End Point whenever it needs to access any of the hardware resources like
- File System ( hard disk)
- CPU Cycles
- Bandwidth and I/O
- User permissions and Privileges etc.
Now, this is how our Current operating system is working. Now Let us ask ourselves a question.
What, If we want to Isolate a Single Program to run on virtual space or Environment?
Let's say I want to run chrome in a Virtual environment within the machine with its own CPU cycles, Memory, Hard Disk Space, Bandwidth, Users, Internet Usage etc.
Something like shown in the following picture. A marked Space or Group.
Is it possible? Yes, it is
Isolating the System Resources per process or group of Processes is called Name Spacing. and Limiting and Regulating the System resource allocation to the isolated process/procesesses is called Control Groups(Cgroups)
A coalesced(combined) product of Control Groups and Name Spacing with Process level isolation is called as Containerization or a Container
To be more clear. In the preceding diagram, The area or grouping, Marked in Red dotted lines is called as a Container.
The following Diagram explains what is Name Spacing and Control Groups and their scope of responsibilities.
What is inside a Container
As we said just before, A Container is a Collection of the following elements
- Program Binaries/configuration
- Runtime libraries
- Dependency Products/tools
- A Piece of Kernal
- System Resources
- Hard Disk
As we are isolating the program and dedicatedly providing its own system resources and runtime libraries. It can run alone as a Standalone application (or) infrastructure
This helps us achieve Production Parity. We will discuss this in detail with examples in the upcoming sections.
Why do we need a container? ( A Test case )
Let us consider, tomorrow I want to replicate the www.middlewareinventory.com setup to my local desktop, exactly the way it's configured in my hosting provider.
All I have is a Mac/Windows laptop. How would I achieve it?
What are the steps I would have to do to achieve it? As middlewareinventory is hosted in LAMP (Linux, Apache, Mysql, Php) based environment. I might have to do the following steps
- Install some Virtualization tools like VMware workstation/VirtualBox etc.
- Create the Linux VM using the ISO file downloaded.
- Install Apache and PHP
- Install MySQL
Nevertheless, I have to match the exact version of the products/software it was running on, at my hosting provider.
Just consider, how difficult it is to migrate from one environment to another environment.
Here www.middlewareinventory.com at my hosting provider is my PRODUCTION, and my local desktop setup is DEVELOPMENT.
Now let’s change the scenario upside down or the way it works in IT infrastructure, Which is moving the DEVELOPMENT website/application to UAT and PRODUCTION.
I have to do the same steps all over again in each environment, Including the Server provisioning steps like creating the Virtual machine, installing the software.
I could make some mistakes while choosing the version of the software like installing the latest version of PHP when my site is far behind (or) do any manual errors in the way I configure (or) setup as I do every step manually from an environment to environment.
Therefore, there is no guarantee that I would reach to my expected outcome which is having the fully functioning, same application setup across all the environments like DEV/UAT/PROD.
I may be able to achieve the expected outcome after so much manual efforts and hiccups.
If you are working as System Admin/Developer or tester. You might have heard this word somewhere around.
“It was working fine in my laptop or machine"
Yes. It might have worked in the laptop (or) DEV, but that's not enough for it to work in PROD or at least not the same way it's working in DEV.
Containerisation’s ultimate purpose is to address this environment mismatch and to reduce the Server provisioning timelines and to reduce the complexity of infrastructure setup and administration.
Henceforth, No one can say “It was working fine on my laptop.” Cause the setup they have in the LAPTOP/DEV, and the setup they are going to have in PROD will be precisely the same. Containers and container management systems make this happen.
How is it Different from Virtualisation?
There are a lot of differences between containerization and virtualization.
To understand the difference, you must understand how the virtualization products like ESXI (or) VMware workstations are working.
How Is Traditional Virtualization working?
Virtualisation products are using a Hypervisor, is a firmware that creates and runs virtual machines. What it does is that, it is making the single hardware, for instance, my laptop to look like multiple hardware so that we can have various Operating Systems installed.
Put simply, Virtual machines (VMs) are an abstraction of physical hardware turning one server into many servers. So it can be called Hardware Level Virtualization, where, Operating System level virtualization is an abstraction of application layer (or) the System Kernal Not the Hardware itself.
The Primary Operating System in which you have the Hypervisor production (VMware workstation) installed is called the “HOST operating System,” and the new operating system that you are creating is called as “Guest Operating System.”
Here you have to notice that the Guest Operating System is often a Full/Complete Operating System like Linux/Ubuntu/CentOS etc., which needs a minimum of an hour of installation to set up and configure.
In contrast, Containers do not need a complete operating system all the time. Therefore, It reduces the server provisioning time drastically. As it's not going to have the entire operating system and its binaries, the containers are so lightweight when compared to VMs. It proportionally attributes to the time taken by the container to come up.
Lesser the container Size the fast it gets up and running.
What is an Operating System-Level Virtualization? ( aka Containerization)
Operating System level virtualization is universally called as containerization. In fact, the container itself is an instance of the operating system level virtualization, just like the VM for traditional virtualization.
Operating System Level Virtualization (or) containerization takes place at the application layer, not the hardware, In containerization, the instances that we create are called containers (we call it as a VM in virtualization). Unlike Traditional Virtualization, Containerization relies on the Host operating system's Kernal.
The containers that you are going to create would have to share your host operating system's kernel For example, In ubuntu based host OS the containers will use ubuntu's kernel but you can have any flavour of UNIX installed like RedHat, CentOs, or Fedora in your containers. To be put in other words, different Linux distributions with the same kernel.
Also, when you are creating containers there would never be a need to actually install Red Hat or Debian on the host, as we do in traditional virtualization.
The best example for operating system level virtualization is Linux Containers (LXC/LXD)
Though there are various Operating System-level virtualization products available for Linux and Windows like FreeBSD-Jail,sysjail, Sandboxies(windows), Turbo(Windows). Nothing is popular like LXC/LXD containers.
In fact, Docker also relies on LXC. We will read about it in the upcoming chapters.
What's the difference between Docker and containers?
Docker has become a definition for a container, but docker and container are different.
Container/Containerization is not a new technology (or) approach introduced by docker. It was actually available in the market ever since 2008 and it was built into Linux in the form of LXC and LXD.
FreeBSD jails, AIX Workload Partitions and Solaris Containers have also offered similar operating system level virtualisation.
To be more precise. Docker is a container management system that helps us to efficiently manage Linux Containers (LXC) in a more comfortable and universal fashion.
So Docker is not a container but a container management system. There are other container management systems available in the market such as Kubernetes, which is an open-source container management system.
Since Docker is more of an operating system-level virtualization. Does it mean that we cannot provision windows containers in Linux-based Host OS ? or vice versa?
It's possible! That's where Docker Engine comes into the picture.
Follow me on Linkedin My Profile Follow DevopsJunction onFacebook orTwitter For more practical videos and tutorials. Subscribe to our channel
Signup for Exclusive "Subscriber-only" Content