What is a Container?

What is Docker?

▪ Docker is an open source containerization platform

▪ Enables developers to package applications into containers

▪ Containers existed already before Docker

▪ Docker made containers popular

What is a container?

A container is a product of operating system virtualization. They provide a lightweight virtual environment that groups and isolate a set of processes and resources memory, CPU, disk, etc., from the host and any other containers. The isolation guarantee that any processes inside container cannot see any other resources or processes outside the container.

▪ Centralization uses the kernel on the host operating system to run multiple root file systems.

▪ Each root file system calls a container.

▪ Each container has its own (process, memory, devices, network stack)

▪ A way to package application with all the necessary dependencies and configuration

▪ Portable standardized artifact for development, shipment, and deployment

▪ Makes development and deployment more efficient

Control groups (cgroups)

Cgroups are kernel mechanisms to restrict and measure physical resources allocations to each process group. Using cgroups, you can allocate physical resources such as CPU time, network, and memory.

Name Space

Linux processes form a single hierarchy, with all processes rooting at init. Usually, privileged processes in this tree can trace or kill other processes. Linux namespace enables us to have many hierarchies of processes with their own “subtrees” such that processes in one subtree can’t access or even know of those in another.

Linux's namespaces comprise some of the fundamental technologies behind most modern-day container implementations. At a high level, they allow for isolation of global system resources between independent processes. For example, the PID namespace isolates the process ID number space. This means that two processes running on the same host can have the same PID.

Cgroups vs namespace

Namespace: isolate file system of applications

Cgroups: isolate physical resources.

cgroup: Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behaviour.

Namespace: wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource.

Where container artifacts are hosted?

▪ Hosted in container repositories

▪ There are private and public repositories. Many companies have their own private repositories.

▪ Public repository for Docker: Docker Hub

APPLICATION DEVELOPMENT

APPLICATION DEPLOYMENT