Chapter 4. Containers Flashcards
https://learning.edx.org/course/course-v1:LinuxFoundationX+LFS151.x+2T2023/block-v1:LinuxFoundationX+LFS151.x+2T2023+type@sequential+block@60be41024b7c4d76bd227d62b5ce9c6a/block-v1:LinuxFoundationX+LFS151.x+2T2023+type@vertical+block@353426a78c0b4e6eb67eb69282c435aa
What are containers? What do they include?
-
isolated user-space instances
that include: - application source code,
- requiered libraries
- **required runtime **
to run the application without any external dependencies
What makes containers possible?
Operating-System-level virtualization
-> applications running in containers only see resources etc belonging to that container
What problem makes containers useful/necessary?
Deyploying multiple applications in parallel on one host leads to problems with isolating them from each other and avoiding conflicts between:
- dependencies
- libraries
- runtimes
Problems arise as well, when trying to run an application on multiple hardware and platforms
-> challanges with portability
How do containers solve the portability challange?
By bundling the application and all its dependencies in a box
- that box can be shipped to different platforms and runs identically on each of them
What are building blocks of the container technology (provided by Linux)
- namespaces
- Control groups
- Union filesystem
What is a namespace in a container (Linux kernel)?
- wrap a particular global system resource like network or process IDs in an abstraction
- to the processes within the namespace it appears that they have their own isolated instance of the global resource
- > isolate processes from each other
How are VMs and containers different?
Virtual Machine simulate whole OSes, isolated from each other on the same host. Installed on top of hypervisor. Multiple layers between running application and outside world: guest OS, hypervisor, and at time host OS
containers:
- Namespaces isolate processes from each other.
- Possibly multiple processes running on the same host OS.
- No middle layers like in VMs.
- Enables near-native performance.
- Easier to run multiple containers than multiple VMs
- but Containers need to be compatible with host OS
What global resources are names paced? (6)
- pid
- net
- mnt
- ipc
- uts
- user
What does the pid namespace enable?
- each process can have the same PIDs.
- Each container has its own PID 1
What does the net namespace enable?
- allows each namespace to have its network stack.
- Each container has its own IP address.
What does the mnt namespace enable?
- allows each namespace to have its own view of the filesystem hierarchy
What does the ipc namespace enable?
- allows each namespace to have its own interprocess communication
What does the uts namespace enable?
- allows each namespace to have its own hostname and domain name
What does the user namespace enable?
- allows each namespace to have its own user and group ID number spaces
- root user inside a container is not the root user of the host on which the container is running
What are Control Groups (linux kernel) used for?
- used to organize processes hierarchically
- and distribute resources along the hierarchy in a controlled and configurable manner