Chapter 4. Containers Flashcards

https://learning.edx.org/course/course-v1:LinuxFoundationX+LFS151.x+2T2023/block-v1:LinuxFoundationX+LFS151.x+2T2023+type@sequential+block@60be41024b7c4d76bd227d62b5ce9c6a/block-v1:LinuxFoundationX+LFS151.x+2T2023+type@vertical+block@353426a78c0b4e6eb67eb69282c435aa

1
Q

What are containers? What do they include?

A
  • isolated user-space instances
    that include:
  • application source code,
  • requiered libraries
  • **required runtime **
    to run the application without any external dependencies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What makes containers possible?

A

Operating-System-level virtualization
-> applications running in containers only see resources etc belonging to that container

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What problem makes containers useful/necessary?

A

Deyploying multiple applications in parallel on one host leads to problems with isolating them from each other and avoiding conflicts between:
- dependencies
- libraries
- runtimes

Problems arise as well, when trying to run an application on multiple hardware and platforms
-> challanges with portability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do containers solve the portability challange?

A

By bundling the application and all its dependencies in a box
- that box can be shipped to different platforms and runs identically on each of them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are building blocks of the container technology (provided by Linux)

A
  • namespaces
  • Control groups
  • Union filesystem
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a namespace in a container (Linux kernel)?

A
  • wrap a particular global system resource like network or process IDs in an abstraction
  • to the processes within the namespace it appears that they have their own isolated instance of the global resource
  • > isolate processes from each other
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How are VMs and containers different?

A

Virtual Machine simulate whole OSes, isolated from each other on the same host. Installed on top of hypervisor. Multiple layers between running application and outside world: guest OS, hypervisor, and at time host OS

containers:
- Namespaces isolate processes from each other.
- Possibly multiple processes running on the same host OS.
- No middle layers like in VMs.
- Enables near-native performance.
- Easier to run multiple containers than multiple VMs
- but Containers need to be compatible with host OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What global resources are names paced? (6)

A
  • pid
  • net
  • mnt
  • ipc
  • uts
  • user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the pid namespace enable?

A
  • each process can have the same PIDs.
  • Each container has its own PID 1
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the net namespace enable?

A
  • allows each namespace to have its network stack.
  • Each container has its own IP address.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does the mnt namespace enable?

A
  • allows each namespace to have its own view of the filesystem hierarchy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the ipc namespace enable?

A
  • allows each namespace to have its own interprocess communication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does the uts namespace enable?

A
  • allows each namespace to have its own hostname and domain name
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does the user namespace enable?

A
  • allows each namespace to have its own user and group ID number spaces
  • root user inside a container is not the root user of the host on which the container is running
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are Control Groups (linux kernel) used for?

A
  • used to organize processes hierarchically
  • and distribute resources along the hierarchy in a controlled and configurable manner
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What Features do control Groups (cgroup) have? (4)

A
  • resource limits: for a cgroup can a limit be set how much of a particular resource a process can use
  • prioritization: controlable how much of a resource an process can use compared to other processes when there is resource contention
  • accounting: resource limits are monitored and reported at cgroup level
  • control: status (frozen, stopped, restarted) of all processes in a cgroup can be changed with a single command
17
Q

How does the Union filesystem work?

A
  • allows files and directories of separate filesystems, known as layers, to be transparently overlaid on top of each other, to create a new virtual filesystem
  • at runtime a container is made of multiple layers merged to create a** read-only filesystem**
  • on top of the read-only filesystem, a container gets a read-write layer, which is an ephemeral layer and it is local to the container
18
Q

How do container runtimes help?

A
  • container runtimes ensure the containers portability, offering a consistent environment for containers to run, regardless of the infrastructure
  • with them can be interacted through a collection of tools (Docker, Kubernetes, CRI-O)
19
Q

What are the most popular container runtimes?

A
  • runc: CLI tool for spawning and running containers, according to Open Container Initiative (OCI) specifications
  • crun: OCI-conformant runtime. Fast
  • containerd: OCI-compliant container runtime, emphasis on simplicity, robustness and portability, high-level runtime
  • CRI-O: OCI-compatible runtime, lightweight high-level runtime alternative to using Docker as the runtime for Kubernetes
20
Q

What is the Docker Platform?

A
  • a collection of development tools that follow a client-server architecture
21
Q

How does the Docker Client-Server architecture work?

A
  • Docker Host server runs the Docker daemon (like fomr Containerd) to execute commands for containers and image management
  • > in response to client requests
22
Q

Do Docker containers always run as rooted containers?

A

No, rooted containers are default. But rootless containers have been introduced

23
Q

What is Podman? Or Pod Manager

A
  • open source, daemonless tool designed to support the searching, running, building, sharing and deploying of applications using OCI containers and container images
24
Q

What are Podman advantages?

A
  • open source
  • daemonless (can spawn root containers as well as rootless ones)
  • can run containers rootless by default
25
Q

What are Benefits of using Containers?

A
  • offer portability and consistency
  • light footprint
  • flexible solution, can run on any computer, infrastructure or cloud environment
  • can be deployed very fast
  • problematic container instances can be quickly isolated and analysed for troubleshooting
  • can be scaled up or down very fast and with ease
  • rich ecosystem built around them
  • increased productivity with reduced overhead
  • use less memory and CPU than VMs running similar workloads