Class 1 - Introduction to Docker and Kubernetes

Question 1

What is containerization?

Answer 1

Containerization is a software which enables operating system to create multiple isolated user-space for applications.
Operating system could be running on physical hardware or virtual machine

Question 2

What is created when a container is created is it Kernel space or user space?

Answer 2

User space is created for isolation. It uses linux utilities called namespace to isolate one container from other.

Question 3

Containerization vs Virualization

Answer 3

1) Containerization is to segregate application from the underlying OS. While virtualization is a way to create VM from hardware resources.
Cloud providers use mix of both.

2) In containerization it is easy to move software from one computing environment to another. Eg. from Dev -> Staging -> Production.
Virtual machine guest is more tightly tied to the underlying hypervisor and movement of application from dev to staging to production environment requires more effort.

3) Containers consumes less CPU, memory and disks.
While applications running on virtualization requires full stack of resource and result in more waste of resources.

4) Containers are more in line with the devops approach. It is more agile and easy to manage than virtualization.
Virtualization management is also easy but when it comes to port applications between different environment then it requires more efforts.

Question 4

How should we use baremetals? One way is either create one large machine and run multiple containers on top of the VM. Or create individual VMs and then deploy containers.

Answer 4

In the first approach we get more computing resources and it will be faster as containers are running directly on top of OS.
In case of other approach it will be bit slower as there is one additional hop that needs to be jumped. But it is more resilient as even if one VM goes down we have other VM to work with.

It is a tradeoff.

Question 5

What are containers?

Answer 5

Containers are type of virtualization technology which uses host operating system kernel to run multiple guest instances.
Container is nothing but running instance of image. Image consists of libraries, binaries and the corresponding RootFS required by container to run.

Question 6

What is docker?

Answer 6

Docker is a container engine that is used to create containers.

Question 7

What things does each container have its own?

Answer 7

Root file system
Networking IPs and ports, hostnames
Processes
Devices
Memory

A container will not show process related to other containers or host machine.
You can assign memory and CPU to container. This can be done using docker or by kubernetes. Both have different ways.

Question 8

What is used to map networking from docker container to host machine networking?

Answer 8

There is a bridge called docker0, which takes care of mapping the network interface inside the container to network interface on the host machine.

Question 9

Which linux kernel features does docker use to achieve containerization?

Answer 9

It uses cgroups, namespaces, chroot and others to provide resource isolation.

Question 10

Is the statement “Docker enables containerization” true? And elaborate

Answer 10

No, docker uses kernel to achieve containerization. It is the inherent property of underlying OS to enable containerization. That is why till long time docker did not support windows as there was no support for containerization in Windows.
Docker enables management of containers and images.

Question 11

Can we create containers in Linux without container engine like docker?

Answer 11

Yes, we can use “unshare” command in Linux to create isolations or containers. It helps you in creating namespaces like mount namespace, IPC namespace, network namespace, etc.

Question 12

What does chroot feature provide?

Answer 12

chroot command allows every container to have its own root filesystem, which is completely distinct from root filesystem from host machine.

Question 13

What does cgroup feature provide?

Answer 13

cgroup allows you to give resources, provide CPU, memory to particular containers.

Question 14

How many types of containers are there?

Answer 14

There are two types of containers:
1) Regular containers
NGinx
2) Privileged containers (lesser isolation as compared to regular container)
This container can make changes to actual root FS to host file system. Eg. ElasticSearch container requires some changes to systemctl etc.

Question 15

Docker ecosystem

Answer 15

1) Docker Engine - primary daemon which helps you in creating containers.
Dockerd and docker CLI.

2) Docker Hub - store images. Provider by Docker Inc.
We pull images from repository.

3) Docker Machine - is a tool which interacts with underlying cloud providers. It automatically provisions Docker hosts and install the Docker Engine on them.

• It creates additional hosts on your own computer.
• Creates hosts on cloud providers.
• Machine creates the server, installs Docker and configures the Docker client.

4) Docker Swarm (Very similar to Kubernetes)
Docker swarm helps you in creating clusters. Docker swarm helps you in clustering multiple docker hosts and providing a single overlay network across all the hosts.

A single docker host is a standalone entity. When we want HA, disaster recovery etc we need cluster. So to do that we need swarm.

Without swarm, any container running on docker host 1 will be able to communicate with other containers running on docker host 1.
To allow communication across multiple docker hosts, we use docker swarm. It creates one single overlay network across all hosts.

5) Docker Compose
Allows you to create multiple container applications.
Allows providing dependencies.
Compose will spin up all your containers in a single command. Each container runs a particular component/service of your application.

Question 16

What is overlay network?

Answer 16

Overlay network is a private subnet, spans across multiple docker hosts. Putting all of them together in a single network itself.

Question 17

What is the primary use case of Docker machine?

Answer 17

For autoscaling, when lets say you have CPU pressure, you will use docker machine to communicate with underlying cloud provider to create new machines.

Question 18

Which are the namespaces available in Linux?

Answer 18

1) PID namespace - a way to isolate processes.
The container is only aware of its processes.

2) Network namespace
3) Mount namepsace
create mounts inside container. each container has its own /tmp, /var or even have an entirely different userspace.
4) IPC namespace
- Memory segment
- Semaphores
- Queues
The two containers are able to create shared memory segments and semaphores with same name but are nto able to interact with other containers memory segments or shared memory.

5) UTS namespace
It is the reason why we can give name to containers. Name acts as hostname to container.
This isolation allows each container to have its own hostname and NIS domain name

Question 19

What does this command provide us

ls -ltra /proc//ns

Answer 19

This gives us list of which namespace is current process pointing to.

Question 20

Give example of sample Dockerfile that modifies default index.html of NGINX image

Answer 20

FROM nginx:latest

COPY index.html /usr/nginx/html/index.html

Question 21

What is the difference between CMD and ENTRYPOINT in Dockerfile?

Answer 21

CMD is used when you want to run a particular script/executable once a container starts.

ENTRYPOINT allows you to have location of script which once again will be run JUST like CMD when the container starts. But in this case the image itself will behave as an executable, which means you can pass arguments to container in case of ENTRYPOINT.
You can provide arguments to docker run command which will pass the arguments to ENTRYPOINT script.

Question 22

What is Hypervisors?

Answer 22

A hypervisor, also known as a virtual machine monitor, is a process that creates and runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing.

Question 23

Different types of Hypervisors?

Answer 23

1) Bare metal
run directly on the host’s hardware.
2) Hosted
run as a software layer on an operating system, like other computer programs.

Question 24

Why use Hypervisors?

Answer 24

Hypervisors make it possible to use more of a system’s available resources and provide greater IT mobility since the guest VMs are independent of the host hardware. This means they can be easily moved between different servers.

Question 25

What is YAML?

Answer 25

It is markup language. Yet Another Markup Language.
Use this to provide data to a certain API or certain software. Human friendly. It is considered to be superset of JSON.
Any JSON file is a valid YAML file. But vice versa is not true.

It is main language for creating and managing PODS in K8s. It is used for holding system configuration, meta-data, and other settings.

Question 26

YAML notation basics and what characters are used

Answer 26

— “three dashes” is optional and is used to separate documents within a stream
Each block starts with “-“ a dash followed by a space.

Three “…” denote end of Document

# for comment
\: colon to separate key and value

pipe determines that value provided is multi-line string

Question 27

Datatypes in YAML

Answer 27

Scalars - strings and numbers
Sequences - aka arrays or lists
Mapping - aka hashes / dictionaries

Question 28

Why container orchestration?

Answer 28

When you have multiple docker hosts (independent) running certain containers, when it comes to managing multiple docker hosts, so that they are part of single cluster.
When it comes to cluster management, monitoring cluster, it is difficult to use docker alone. Multiple docker hosts which are part of the same subnet or are behaving as a large single host.
This is where the container orchestration comes into the picture.

Question 29

What are responsibilities of container orchestrator?

Answer 29

• Manages scalability, availability and networking of containers.
• Manage the timing of container creation and deletion
• Helps in monitoring the cluster i.e. group of hosts
• Helps in container configuration in order to allow containers to communicate with each other.

Outside reference:
Software teams use container orchestration to control and automate many tasks:

Provisioning and deployment of containers
Redundancy and availability of containers
Scaling up or removing containers to spread application load evenly across host infrastructure
Movement of containers from one host to another if there is a shortage of resources in a host, or if a host dies
Allocation of resources between containers
External exposure of services running in a container with the outside world
Load balancing of service discovery between containers
Health monitoring of containers and hosts
Configuration of an application in relation to the containers running it

Question 30

Which are available container orchestrators?

Answer 30

• Docker Swarm
• Kubernetes (K8s)
• Apache Mesos

Question 31

Layer diagram of Container Orchestration

Answer 31

From top to bottom

• Web apps and services
• Orchestration (spans across multiple container runtime)
  
  • Service Management
  • Scheduling
  • Resource Management
• Container Runtime (multiple)
• Machine and OS (multiple)
• Machine infrastructure

Question 32

What does service management layer of orchestration do?

Answer 32

Service management is a way to expose your containers to other containers running inside your cluster or somewhere outside the cluster.
It manages routing of requests and responses to and from containers. Interaction between the containers.

Question 33

What does the scheduling layer of container orchestration do?

Answer 33

It allows you to assign a container to a node that is healthy enough to run the container. Like if you are running a heavy container like elasticsearch you would not want to run it on a 1 CPU and 1 GB memory node.
So the assignment of a container to a node is what scheduling is all about.

Question 34

What does the resource management layer of container orchestration do?

Answer 34

It manages the assignment of CPUs and Memory to the containers.

Question 35

Compare docker swarm vs k8s

Answer 35

Docker swarm

• Services are easily discoverable throught the whole network
• Runs easily with other docker tools
• Local volume can be shared easily
• Provides quick container deployment as well as scaling even in large clusters

K8s

• Containers are defined as services which makes them easily discoverable in Kubernetes
• It can easily run on any operating system
• Volume is shared within the pods
• It provides strong guarantees at the expense of speed to cluster states

Question 36

Can a pod have multiple containers?

Answer 36

Yes pod is an abstraction over multiple containers. Pod != Single docker container. A pod can have multiple containers and it encapsulates one or more containers.

Question 37

What is k8s?

Answer 37

K8s is an open source, portable platform for automating container deployments, scaling and management of containerized workloads and applications.
It groups containers that make up an application into logical units for easy management and discovery.
Hence it’s called container orchestration tool.