Class 1 - Introduction to Docker and Kubernetes Flashcards
What is containerization?
Containerization is a software which enables operating system to create multiple isolated user-space for applications.
Operating system could be running on physical hardware or virtual machine
What is created when a container is created is it Kernel space or user space?
User space is created for isolation. It uses linux utilities called namespace to isolate one container from other.
Containerization vs Virualization
1) Containerization is to segregate application from the underlying OS. While virtualization is a way to create VM from hardware resources.
Cloud providers use mix of both.
2) In containerization it is easy to move software from one computing environment to another. Eg. from Dev -> Staging -> Production.
Virtual machine guest is more tightly tied to the underlying hypervisor and movement of application from dev to staging to production environment requires more effort.
3) Containers consumes less CPU, memory and disks.
While applications running on virtualization requires full stack of resource and result in more waste of resources.
4) Containers are more in line with the devops approach. It is more agile and easy to manage than virtualization.
Virtualization management is also easy but when it comes to port applications between different environment then it requires more efforts.
How should we use baremetals? One way is either create one large machine and run multiple containers on top of the VM. Or create individual VMs and then deploy containers.
In the first approach we get more computing resources and it will be faster as containers are running directly on top of OS.
In case of other approach it will be bit slower as there is one additional hop that needs to be jumped. But it is more resilient as even if one VM goes down we have other VM to work with.
It is a tradeoff.
What are containers?
Containers are type of virtualization technology which uses host operating system kernel to run multiple guest instances.
Container is nothing but running instance of image. Image consists of libraries, binaries and the corresponding RootFS required by container to run.
What is docker?
Docker is a container engine that is used to create containers.
What things does each container have its own?
Root file system Networking IPs and ports, hostnames Processes Devices Memory
A container will not show process related to other containers or host machine.
You can assign memory and CPU to container. This can be done using docker or by kubernetes. Both have different ways.
What is used to map networking from docker container to host machine networking?
There is a bridge called docker0, which takes care of mapping the network interface inside the container to network interface on the host machine.
Which linux kernel features does docker use to achieve containerization?
It uses cgroups, namespaces, chroot and others to provide resource isolation.
Is the statement “Docker enables containerization” true? And elaborate
No, docker uses kernel to achieve containerization. It is the inherent property of underlying OS to enable containerization. That is why till long time docker did not support windows as there was no support for containerization in Windows.
Docker enables management of containers and images.
Can we create containers in Linux without container engine like docker?
Yes, we can use “unshare” command in Linux to create isolations or containers. It helps you in creating namespaces like mount namespace, IPC namespace, network namespace, etc.
What does chroot feature provide?
chroot command allows every container to have its own root filesystem, which is completely distinct from root filesystem from host machine.
What does cgroup feature provide?
cgroup allows you to give resources, provide CPU, memory to particular containers.
How many types of containers are there?
There are two types of containers:
1) Regular containers
NGinx
2) Privileged containers (lesser isolation as compared to regular container)
This container can make changes to actual root FS to host file system. Eg. ElasticSearch container requires some changes to systemctl etc.
Docker ecosystem
1) Docker Engine - primary daemon which helps you in creating containers.
Dockerd and docker CLI.
2) Docker Hub - store images. Provider by Docker Inc.
We pull images from repository.
3) Docker Machine - is a tool which interacts with underlying cloud providers. It automatically provisions Docker hosts and install the Docker Engine on them.
- It creates additional hosts on your own computer.
- Creates hosts on cloud providers.
- Machine creates the server, installs Docker and configures the Docker client.
4) Docker Swarm (Very similar to Kubernetes)
Docker swarm helps you in creating clusters. Docker swarm helps you in clustering multiple docker hosts and providing a single overlay network across all the hosts.
A single docker host is a standalone entity. When we want HA, disaster recovery etc we need cluster. So to do that we need swarm.
Without swarm, any container running on docker host 1 will be able to communicate with other containers running on docker host 1.
To allow communication across multiple docker hosts, we use docker swarm. It creates one single overlay network across all hosts.
5) Docker Compose
Allows you to create multiple container applications.
Allows providing dependencies.
Compose will spin up all your containers in a single command. Each container runs a particular component/service of your application.
What is overlay network?
Overlay network is a private subnet, spans across multiple docker hosts. Putting all of them together in a single network itself.
What is the primary use case of Docker machine?
For autoscaling, when lets say you have CPU pressure, you will use docker machine to communicate with underlying cloud provider to create new machines.
Which are the namespaces available in Linux?
1) PID namespace - a way to isolate processes.
The container is only aware of its processes.
2) Network namespace
3) Mount namepsace
create mounts inside container. each container has its own /tmp, /var or even have an entirely different userspace.
4) IPC namespace
- Memory segment
- Semaphores
- Queues
The two containers are able to create shared memory segments and semaphores with same name but are nto able to interact with other containers memory segments or shared memory.
5) UTS namespace
It is the reason why we can give name to containers. Name acts as hostname to container.
This isolation allows each container to have its own hostname and NIS domain name
What does this command provide us
ls -ltra /proc//ns
This gives us list of which namespace is current process pointing to.
Give example of sample Dockerfile that modifies default index.html of NGINX image
FROM nginx:latest
COPY index.html /usr/nginx/html/index.html
What is the difference between CMD and ENTRYPOINT in Dockerfile?
CMD is used when you want to run a particular script/executable once a container starts.
ENTRYPOINT allows you to have location of script which once again will be run JUST like CMD when the container starts. But in this case the image itself will behave as an executable, which means you can pass arguments to container in case of ENTRYPOINT.
You can provide arguments to docker run command which will pass the arguments to ENTRYPOINT script.
What is Hypervisors?
A hypervisor, also known as a virtual machine monitor, is a process that creates and runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing.
Different types of Hypervisors?
1) Bare metal
run directly on the host’s hardware.
2) Hosted
run as a software layer on an operating system, like other computer programs.
Why use Hypervisors?
Hypervisors make it possible to use more of a system’s available resources and provide greater IT mobility since the guest VMs are independent of the host hardware. This means they can be easily moved between different servers.
