Containers 101

• A container is a lightweight and portable software package containing everything (including the code, runtime, libraries, settings etc.) needed to run an application
• A container is an abstraction on application layer that packages application code, dependencies (i.e. libraries, runtime) and configurations all together
• A container is an atomic unit of software that packages up code, dependencies and configuration for a specific application
• Technically, a container is the runtime instantiation of a Container Image
• A container is a loosely isolated environment that allows us to build and run software packages without worrying about underlying infrastructure.
• Containers decouple the application from the underlying infrastructure. This makes life easier for developers, as they can focus their efforts on writing code rather than the environment in which it will be hosted

Containerizing:

• Packaging an app with its dependences and some necessary services
• Creating an image of small and lightweight execution environment that would make shared use of the operating system kernel but otherwise run in isolation from one another

Containerized applications deployment necessitates three categories of software:

• Builder: technologies (i.e. docker engine) used to create package (build container image)
• Engine: technologies used to run container (i.e. containered)
• Orchestration: technologies (i.e. Kubernetes) used to manage many containers (container instances)

How container works?

• When a container is started, the Container Engine unpacks the required files and meta-data and then hands them off to the the Linux kernel
• Starting a container is very similar to starting a normal Linux process and requires making an API call to the Linux kernel
• Once running, Containers are just a Linux process
• https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/#how-containers-work

Container image

• Technically, A container image is a binary file which is used to create container instances
• A container image is a packaging format that contains a set of files and meta-data
• Details: Creating container image

OCI

• Stands for “Open Container Initiative”
• An open governance structure for the express purpose of creating open industry standards around container formats and runtimes
• OCI currently contains two specifications:
  • the Runtime Specification (runtime-spec)
  • the Image Specification (image-spec)
• https://opencontainers.org/

LXC

• Stands for “Linux containers”
• The grand daddy of container - where all it started
• LXC used to be the underlying technology that made Docker
• LXC was at the origin of the container revolution and LXC principles remained central to the way containers are developing

Container Engine

• Container engine is a tool that takes a Container Image, unpacks it and translates that image into a running process called container
• A container engine is a piece of software that accepts user requests, including command line options, pulls images, and from the end user’s perspective runs the container

Popular container engines

• Docker:
  • the leading container system (container platform)
  • Provides a command-line interface (CLI) and a container image-building service and image specifications (image format)
• CRI-O:
  • an open-source implementation of Kubernetes’ container runtime interface (CRI), offering a lightweight alternative to Docker
  • default container engine for Minicube
• LXD:
  • https://linuxcontainers.org/lxd/introduction/
  • https://www.sumologic.com/blog/lxc-lxd-linux-containers/

Docker and CRI-O are engines for application containers, whereas LXD is the engine for system containers and virtual machines.

Container Runtime

• A container runtime is a low-level component of a container engine that mounts the container and works with the OS kernel to start and support the containerization process
• Runtimes:
  • runc: the Open Containers Initiative (OCI) Runtime Standard reference implementation
  • containerd: default container runtime for Kubernetes (i.e. AKS) and Docker
  • crun: an OCI implementation led by Redhat. crun is written in C. https://github.com/containers/crun

Docker

• Docker is a container platform consists of tools and services for creating and running containers
  • docker container engine: containerd
  • docker CLI
  • docker container image (OCI complient image format)
• Docker uses ‘containered’ container runtime
• Docker has become the de facto standard to build and share containerized apps
• Docker is a tool designed to make it easier to create, deploy, and run applications by using containers
• Docker is a software platform for building applications based on containers
• Docker is a platform which provides services and tools to allow the building, sharing and running of containers
• Links
  • Docker Concepts
  • When and Why to Use Docker
  • https://www.docker.com/
  • Open Container Initiative: https://opencontainers.org/

How Does Docker Work?

Docker packages an application and it’s dependencies in a virtual container that can run on any Linux server. Since they have all the necessary dependencies contained in a single piece of software, this is why the are called containers.

Docker is composed of the following elements:

• A Daemon: used to build, run, and manage the containers
• A high-level API: allows the user to communicate with the Daemon
• A CLI: the interface we use to make this all available

Container registry

• A registry is essentially a fancy file server that is used to store container image repositories
  • A repository contains one or more (typically multiple) layers
  • Image layers in a repository are connected together in a parent-child relationship. Each image layer represents changes between itself and the parent layer
  • Repositories are constructed this way because whenever an image builder creates a new image, the differences are saved as a layer
• Image is pulled form a registry and cached locally. When a locally cached copy of a repository is not found, image will be automatically pulled from a registry server
• Example of container registry: ACR (Azure Container Registry)

Docker Hub

Public repository for docker container images.

Dockerfile

See: Understanding Dockerfile

Docker Compose

[pending…]

Containers vs Virtual Machines

https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/containers-vs-vm

Links

• https://developers.redhat.com/blog/2018/02/22/container-terminology-practical-introduction