Introduction
Container and container technology Docker and Kubernetes like many developers have become increasingly common tool kit. The core objective is to provide a container of a better way, in a predictable and manageable way to create, package, and deploy software in different environments.
In this article, we will glimpse what is container, with other virtualization technologies What are the differences and what are the advantages it has in the course of the deployment and operation and maintenance. If you just want to quickly understand the core concepts container, you can simply slide the penultimate part of the container [terminology] view.
What is a container?
The container is an operating system virtualization technology for packaging application and its dependencies, and run them in an isolated environment. Different types of infrastructure, the container in a standard manner, provides a lightweight package and deploy the application method.
These features make containers for development and operation and maintenance personnel attractive. Because the container can be run on the same host any support vessel, so developers can test the software in the same local, you can easily deploy directly to later complete production environment. Meanwhile, Container Format dependencies ensures that the application is placed in the mirror, the operation is simplified and partially manual release process. Because the host platform and run the container is generic, it can be standardized management infrastructure based container system.
Create a mirror from the container vessel, which contains the system, and the container application environment. And create a specific image container container template, the same image can be used to generate any number of vessels in operation. This classes and instances in object-oriented programming works like: a single class may be used to create any number of instances, a single container may be used to create a mirror image of any number of containers. Such analogy also applies to the succession, because the container can be used as the other parent mirror custom containers mirror. The user can download from an external source pre-built vessel, it may be necessary to build a custom image.
What is the Docker?
Although Linux container is capable of achieving common technology and management in different ways, but Docker is the most common by far to build and run a container ways. It contains a series of tools that allow users to create mirror container, push from the outside mirror mirror warehouse or pull, but also the operation and management of containers in different environments. It can be said container on Linux quickly became popular thanks particularly to Docker after the 2013 release did.
docker command-line tools play a variety of roles. It can serve as a container workload Process Manager to run and manage the container. In addition, you can Dockerfile or take snapshots of a running container to create a new container image reading and execution. This command also can Docker Hub (A container warehouse Mirror) interact to pull or push the new container mirroring local mirror to save or publish them.
Although Docker in Linux provides only one of many implementations, but it makes the world easier access to the container, and with the most common solution. Although the container has been developed on open standards to ensure interoperability, but most associated with the container platform and tools will be used as the main reference when Docker testing and publishing software. For a given environment, Docker may not always be the highest performance solution, but it may be one of the most popular test options. In fact, for containers, although there are many other alternatives on Linux, but we usually first learn Docker, it is not without reason, because Docker everywhere and terminology, standards and tools in the container ecosystem We have influence.
How to container work?
Learn container works great benefit to discuss the difference between virtual machines.
Virtual Machine vs container
Virtual machines, also known as VMs, hardware virtualization is a technology that allows you to fully virtualized hardware or computer resources. A separate guest operating system to manage virtual machines running OS completely separate in the host system. On the host system, a software called a hypervisor is responsible for starting, stopping, and managing virtual machines. Because virtual machines run as a completely different computer, under normal operating conditions will not affect the host system or another virtual machine, virtual machine with great isolation and security. However, they are also insufficient. For example, VM virtualizes the entire computer needs to use a lot of resources. In addition, because virtual machines are running on a separate guest operating system, virtual machine configuration and startup time can be quite slow. At the same time, because the virtual machine runs as a stand-alone machine, so administrators often need to adopt similar management tools and processes to update the infrastructure and operation of each environment.
All in all, the virtual machine that allows you to subdivide the computer's resources into smaller single computer, but the end result and manages a set of physical computers were not significantly different. Scale computer, the responsibility of each host may become more concentrated, but the function you use the tools, policies and processes and systems may not change significantly.
Compared with the entire computer virtualization, the container is used in different ways - directly virtualized operating system. It is run by a dedicated host operating system kernel process management, but has a limited system processes and strict operation, resources and environmental view. Shared system present on the vessel, and as they are running on the computer is completely controlled.
Rather vessel treated like virtual machine as a complete computer, might as well say the more common container management application more similar. For example, although you can SSH server binds to the container, but this is not the recommended mode. Instead, debugging is usually performed by logging interface to apply the updates by scrolling a new image, and de-emphasize management services to support the management of the entire container.
These properties mean that containers occupy the space between the local administration is in a virtual machine isolation and strong traditional processes. Regionalization and container provides a process-centric virtualization, can be limiting, to achieve a good balance between flexibility and speed.
Linux cgroups and namespace
Control group or Linux kernel cgroups is a feature that allows the process and resource as a unit packet, isolation and management. cgroups and processes to bind together, and decided to provide access to resources as well as managing and monitoring their behavior mechanisms. They follow a hierarchical system that allows the child inherits the parent process conditions and may take further restrictions. cgroups the process as a group, and its required function bind together and limit their access to resources.
Another container relies on Linux kernel function namespace. Namespace limits what process you can see the rest of the system. Unable to get any run-of-process namespace runs in the process inside the namespace. Due to the unique context namespace defines separate from the rest of the system, hence the name space of the process tree needs to reflect this context. Within the namespace, the primary process becomes PID1 (process ID1), traditionally reserved for the init PID system OS. Construction of strict operating within the process virtual namespace tree let the process run in the same container behave like normal, unrestricted operating environment.
The advantages of container
We have discussed above can make some containers made possible by technology, so now let's take a look at their most important features of any.
Lightweight virtualization
Compared with the use of virtual machine hardware virtualization, container even more portable. First, the container uses the kernel of the host system and runs as the partition process in the operating system, not all virtualized hardware resources and run completely independent of the operating system in the environment.
Secondly, from the perspective of the host, the same container as other processes running, which means they can start and stop quickly and can use resources limited. In addition, the container can not only view and access the host process space and resource subsets, but also in most cases, can behave like a completely independent operating system.
Mirroring the container itself can be very small. Mirror smallest possible to rely on the latest image of the work of pulling the stream will not significantly delayed. This is a lot of fault-tolerant, self-healing requires a distributed system.
Environmental isolation
By using namespaces, and the like cgroups Linux kernel features, the container can be isolated from each other with the host environment. This provides a degree of functional limitations, in order to prevent the container from environmental interference.
Although not strong enough, not enough to be considered completely safe sandbox, but this isolation does have advantages. Since the host and each container software stored in a separate file system, making it easier to avoid bank conflicts and dependencies. Network environment can be separated, so the application can be bound in the vessel to its local port, without worrying about the host system software or other container create conflicts. Then, how can the network administrator container mapped to hosts on the network need to choose.
When standardized packaging format and operational objectives
The most striking container One of the advantages is that it can unify and simplify the deployment of software packages and processes. Container mirroring allows you to bind all of the applications and run-time requirements into a single unit across multiple infrastructure deployment.
Inside the container, and the developer may be mounted using any of a library required for its application, the host system without fear of interference library. When the image is created, the version dependency is locked. It can act as a standard container operation, stable deployment platform, so developers do not need to know which containers to run on a particular machine. Operable with sufficient system resources available to run as long as the container, the container will run as in the development environment.
Similarly, operation and maintenance from the point of view of the container needs to deploy a standardized environment. Administrators can focus on maintaining universal host acts as a container platform, and allocate resources to these computers can access the pool, rather than on the language of the application, and run-time dependencies to configure and maintain a particular environment. All application-specific binding characteristics of the container creates a natural boundary between the focus of concerns and platform applications.
Scalability
Established paradigms container lets you in a relatively simple mechanism to extend your application. Lightweight mirror, quick start-up time, and create a test deployment of the "golden image" as well as a standardized runtime environment These features make the building highly scalable systems possible.
A scalability of the system is highly dependent on the application architecture and how to construct the container of the mirror itself. And examples of the container with a good design will give full play to the advantages of container format, in order to achieve a good balance of speed, availability and manageability. Service-oriented architecture, especially micro service, very popular in the container environment, because the application is broken down into discrete components with a focus on the purpose of making the development, expansion and updating easier.
Container terminology
Before the end of this article, let us review some of the key terms we describe in this article, as well as some of the new terms you might encounter while continuing to learn.
Container: In the Linux system, the container is an operating system virtualization technology, to package applications and their dependencies and run them in a separate environment.
Mirroring container: container is a static image file, which defines the behavior of the file system and the specific configuration of the container. It can also be used as a template to create a container.
Choreography container: container is used to describe the process of scheduling and management tools across multiple hosts containers required queue. It is usually extended control, fault tolerance, resource allocation and scheduling use of the container the internet.
Runtime container: container runtime component runs on a host and manage containers. Its basic requirement usually can be configured from a given image in containers, but many runtime also bundled with other functions, such as process management, monitoring and image management. Docker docker inner container contains a command runtime, but there are many other alternatives can be used for different use cases.
Docker:Docker是第一个成功推广Linux容器概念的技术。其中,Docker的工具生态系统包括docker,一个带有大量容器的容器运行时以及镜像管理特性,docker-compose,一个定义和运行多容器应用程序的系统,以及Docker Hub,容器镜像仓库。
Dockerfile:Dockerfile是一个用于描述如何构建一个容器镜像的文本文件。它定义了基本的镜像,在系统内运行的命令以及在容器内运行时启动和管理进程的方式。虽然Dockerfile并非唯一的选项,但它是最常用的定义容器镜像的格式,即使不使用Docker镜像的构建功能。
Kata Containers:Kata Container是一种使用模型,工作流和工具来管理轻量级虚拟机的方法,它复制了容器的使用体验。Kata Container寻求获得容器的好处,同时提供更强大的隔离和安全性。
Kubernetes:Kubernetes是一个功能强大的容器编排平台,它可以管理容器主机的集群以及运行在上面的工作负载。Kubernetes提供工具和抽象化,以在高可用生产环境中部署、扩展、监控和管理容器。
Linux cgroups:Linux cgroups,或称控制组,是绑定了进程的内核功能,并且可以决定它们对资源的访问权限。Linux中的容器是使用cgroups实现的,可以方便管理资源和单独的进程。
Linux命名空间:Linux命名空间用于将进程或cgroup的可见性限制为余下系统的一种内核功能。在Linux的容器使用命名空间来帮助隔离工作负载和来自运行在系统上的其他进程的资源。
LXC: LXC Linux is a form of the container, it is ahead Docker and many other techniques, but also depends on many of the same core technology. Compared to Docker, LXC usually virtualized operating system rather than just running the whole application process, which is more similar to the virtual machine.
VM: Virtual Machine, or VMs, is a hardware virtualization technology, it is a whole computer simulation. Install a complete operating system in a virtual machine can be used to calculate the resource management and access the internal components of the virtual machine.
Virtualization: Virtualization is a create, run and manage a virtual environment or computer resources of the process. Virtualization is a physical resource abstract manner, and commonly used for different purposes to split resource pool.
to sum up
Container is not a magic bullet, but they do have some advantages over software running on bare metal or other virtualization technology. By providing a lightweight, functional isolation and the development of a rich ecosystem of tools to help manage complexity, the container provides great flexibility and control during development and operation and maintenance throughout the life cycle.