introduction Flashcards
What is containerization?
- is a software deployment process
- bundles application’s code with libs and binaries
- outputs images, based on layers
What is created when a container is created is it Kernel space or user space?
User space is created for isolation. It uses linux utilities called namespace to isolate one container from other.
What are the benefits of containerization?
- Portability
Software developers use containerization to deploy applications in multiple environments without rewriting the program code. - Scalability
Containers are lightweight software components that run efficiently. Much lighter than VMs - Fault tolerance
Containerized services operate in isolated user spaces, a single faulty container doesn’t affect the other containers.
What are containers?
- Containers are lightweight packages of your application code
- Containers are executable units of software
- Container contain application code along with its libraries and dependencies
What is docker?
Docker is a container engine that is used to create containers.
What things does each container have its own?
- Root file system
- Networking IPs and ports
- hostnames
- Processes
- Devices
- Memory
A container will not show process related to other containers or host machine.You can assign memory and CPU to container. This can be done using docker or by kubernetes. Both have different ways.
What is used to map networking from docker container to host machine networking?
There is a bridge called docker0, which takes care of mapping the network interface inside the container to network interface on the host machine.
Which linux kernel features does docker use to achieve containerization?
It uses cgroups, namespaces, chroot and others to provide resource isolation.
Is the statement “Docker enables containerization” true? And elaborate
No, docker uses kernel to achieve containerization.
What does chroot feature provide?
chroot command allows every container to have its own root filesystem, which is completely distinct from root filesystem from host machine.
What does cgroup feature provide?
cgroup allows you to give resources, provide CPU, memory to particular containers.
control groups for collection of processes
How many types of containers are there?
- Regular containers: NGINX
- Privileged containers: lesser isolation, container can make changes to actual root FS to host file system. Less secure
Docker ecosystem
- Docker Engine - primary daemon which helps you in creating containers: Dockerd and docker CLI
- Docker Hub : store images, image registry
- Docker Machine interacts with cloud providers. Creates hosts on cloud providers
- Docker Swarm Very similar to Kubernetes
- Docker Compose Compose can spin up many containers with dependencys
What is overlay network?
- Overlay network is a private subnet
- spans across multiple docker hosts.
Which are the namespaces available in Linux?
1) PID namespace - a way to isolate processes.The container is only aware of its processes.
2) Network namespace
3) Mount namepsace create mounts inside container
4) IPC namespace - Memory segment - Semaphores - Queues(The two containers are able to create shared memory segments and semaphores with same name)
5) UTS namespace hostname, nis name
What does this command provide us >lsns
This gives us list of namespaces
Give example of sample Dockerfile that modifies default index.html of NGINX image
FROM nginx:latest
COPY index.html /usr/nginx/html/index.html
What is the difference between CMD and ENTRYPOINT in Dockerfile?
- ENTRYPOINT is the App or binary
- CMD is the parameter for the App or binary
ENTRYPOINT [“/usr/bin/my-app”]
CMD [“help”]
What is a Hypervisor?
A hypervisor, also known as a virtual machine monitor, is a process that creates and runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing.
Different types of Hypervisors?
1) Bare metal run directly on the host’s hardware.
2) Hosted run as a software layer on an operating system, like other computer programs. (VirtualBox)
Why use Hypervisors?
Hypervisors make it possible to use more of a system’s available resources and provide greater IT mobility since the guest VMs are independent of the host hardware. This means they can be easily moved between different servers.
What is YAML?
- Yet Another Markup Language.
- matches user’s expectations, human friendly !!!
- superset of JSON
- YAML is case sensitive
- no tabs
YAML notation basics and what characters are used
flow style
Basics spaces are important!
”#” comment
“—” new document
“- “ Conventional Block Format
Sequence: “[milk, groceries, eggs, juice, fruits]”
Map: “{name: John Smith, age: 33}”
elements in start sequence [e1…
# only block style in start sequence
- e1
- e2
# Sequence, flow s.
- [x, x2]
# Sequence with map, flow s.
- [x, x3: h]
# Map block and flow mixed
~~~
- map:
map2: {e1: x, e2: x2}
map3:
- a
- a: x
~~~
Datatypes in YAML
- Scalars - strings and numbers
- Sequences - aka arrays or lists
- Mapping - aka hashes / dictionaries
Why container orchestration?
When it comes to cluster container management,
* monitoring
* scaling
* managing cluster, it is very difficult
What are responsibilities of container orchestrator?
- scalability
- availability redundancy
- networking
- timing of container creation and deletion
- monitoring the cluster
- container communication, port exposing.
- Provisioning and deployment of containers
- load evenly across host infrastructure
- Movement of containers from one host to another if a host dies
- Allocation of resources between containers
- Load balancing
- Configuration of an application in relation to the containers running it
Which are available container orchestrators?
- Docker Swarm
- Kubernetes (K8s)
- Apache Mesos
Layer diagram of Container Orchestration
From top to bottom
1. Web apps and services
2. Orchestration
3. Service Management
4. Scheduling
5. Resource Management
6. Container Runtime (multiple)
7. Machine and OS (multiple)- Machine infrastructure
What does service management layer of orchestration do?
- expose containers (to inside outside of the cluster)
- manages routing
What does the scheduling layer of container orchestration do?
Pods are matched to a nodes that fits requirements
What does the resource management layer of container orchestration do?
It manages the assignment of CPUs and Memory to the containers.
Can a pod have multiple containers?
Yes pod is an abstraction over 1..n containers.
What is k8s?
K8s is an open source, portable platform for
* automating container deployments,
* scaling and management of containerized workloads and applications.
What are namespaces
- Namespaces are a feature of the Linux kernel
- that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources
Types of Linux namespaces
- (user) A user namespace has its own set of user IDs and group IDs
- (pid) A process ID namespace assigns a set of PIDs to processes
- (net) A network namespace has an independent network stack: own routing table, set of IP addresses…
- (mnt) A mount namespace has an independent list of mount points
- (ipc) An interprocess communication namespace has its own IPC resource
- (uts) A UNIX Time‑Sharing namespace allows a single system to appear to have different host and domain names to different processes.
A user namespace has its own set of user IDs and group IDs for assignmen
What are container images
- A container image is a file used to execute code in a container
- images act as a set of instructions to build a container, like a template
parent image
A parent image is the image that your image is based on.
base image
A base image has no parent image specified in its Dockerfile.
It is created using a Dockerfile with the FROM Scratch directive.
