Docker is an open source project, which packages applications and their dependencies in a virtual container that can run on any Linux server. Docker has immense possibilities as it facilitates the running of several OS's on the same server.
Technology is changing faster than styles in than fashion world, and there are many new entrants specific to the open source, cloud, virtualisation, and DevOps technologies. Docker is one of them. The aim of this article is to give you a clear idea of Docker, its architecture and its functions, before getting started with it.
Docker is a new open source tool based on Linux container technology(LXC), designed to change how you think about workload/application deployments. It helps you to easily create light-weight, self-sufficient, portable application containers that can be shared, modified and easily deployed to different infrastructure such as cloud/compute servers or bare metal servers. The Idea is to provide a comprehensive abstraction layer that allows developers to 'containerise' or 'package' any application and have it run on any infrastructure.
Docker is based on container virtualisation and it is not new. There is no better tool than Docker to help manage kernel level technologies such as LXC, cgroups and a copy-on-write filesystems. It helps us manage the complicated kernel layer technologies through tools and APIs.
What is LXC (Linux Container) ?
LXC is an OS level virtualisation method for running multiple isolated Linux operating systems or containers on a single host. LXC does this by using kernel level name space, which helps to isolate containers from the host. Now question might be arise about security. If I am logged in to my container as the root user, I can hack my base OS; so it is not secured? This is not the case because the user namespace separates the users of the containers and the host, ensuring that the container root user does not have the root privilege to log in to the host OS. Likewise, there are the process name space and the network name space, which ensure that the display and management of the processes run in the containers but not on the host and the network container, which has its own network device and IP addresses.
Cgroups
Cgroups, also known as control groups, help to implement resource accounting and limiting. They help to limit resource utilisation or consumption by a container such as memory, the CPU and Disk I/O, and also provide metrics around resources consumption on various processes within container.
Copy-on-write filesystem
Docker leverages a copy-on-filesystems (currently AUFS, but other filesystems are being investigated). This allows Docker to spawn containers (to put it simply--instead of having to make full copies, it basically uses 'pointers' back to existing files).
Containerisation vs virtualisation
What is the rationale behind the container-based approach or how is it different from virtualisation ?
Containers virtualise at the OS level, whereas both Type-1 and Type-2 hypervisor-based solutions virtulise at the hardware level. Both virtualisation and containerisation are a kind of virtualisation; in the case of VMs, a hypervisor (both for Type-1 and Type-2) slices the hardware, but containers make available protected portions of the OS. They effectively virtualise the OS. If you run multiple containers on the same host, no container will come to know that it is sharing the same resources because each container has its own abstraction. LXC takes the help of name spaces to provide the isolated regions known as containers. Each containers runs in its own allocated name space and does not have access outside of it. Technologies such as cgroups, union filesystems and container formats are also used for different purposes throughout the containerisation.
Linux containers
Unlike virtual machines, with the help of LXC you can share multiple containers from a single sources disk OS image. LXC is very lighweight, has a faster start-up and needs less resources.
No comments:
Post a Comment