Containerization

Table of Contents

What is a container?

https://docs.docker.com/get-started/

A container is a sandboxed process running on a host machine that is isolated from all other processes running on that host machine. That isolation leverages kernel namespaces and cgroups (https://medium.com/@saschagrunert/demystifying-containers-part-i-kernel-space-2c53d6979504), features that have been in Linux for a long time. Docker makes these capabilities approachable and easy to use. To summarize, a container:

  1. Is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or CLI.
  2. Can be run on local machines, virtual machines, or deployed to the cloud.
  3. Is portable (and can be run on any OS).
  4. Is isolated from other containers and runs its own software, binaries, configurations, etc.

If you’re familiar with chroot, then think of a container as an extended version of chroot. The filesystem comes from the image. However, a container adds additional isolation not available when using chroot.

What is an image?

source: https://docs.docker.com/get-started/

A running container uses an isolated filesystem. This isolated filesystem is provided by an image, and the image must contain everything needed to run an application - all dependencies, configurations, scripts, binaries, etc. The image also contains other configurations for the container, such as environment variables, a default command to run, and other metadata.

What is it?

(source - Wikipedia)

In software engineering, containerization is operating system-level virtualization or application-level virtualization over multiple network resources so that software applications can run in isolated user spaces called containers in any cloud or non-cloud environment, regardless of type or vendor.

Containerization runs a single OS instance, with multiple user spaces to isolate processes from one another. This means containerization makes sense for one AWS cloud user that plans to run multiple processes simultaneously.

Containerization is achieved by packaging software code, libraries, frameworks, and other dependencies together in an isolated user space called a container. This container is portable and can be used on any infrastructure in any environment that supports the container technology, such as Docker and Kubernetes.

In recent times, the containerization technology has been widely adopted by cloud computing platforms like Amazon Web Services, Microsoft Azure, Google Cloud Platform, and IBM Cloud. Containerization has also been pursued by the U.S. Department of Defense as a way of more rapidly developing and fielding software updates, with first application in its F-22 air superiority fighter.

Containers

The containers are basically a fully functional and portable cloud or non-cloud computing environment surrounding the application and keeping it independent of other environments running in parallel. Individually each container simulates a different software application and runs isolated processes by bundling related configuration files, libraries and dependencies. But, collectively, multiple containers share a common operating system kernel (OS).

Types of containers

  1. OS containers
  2. Application containers

Security issues

  1. Because of the shared OS, security threats can affect the whole containerized system.
  2. In containerized environments, security scanners generally protect the OS but not the application containers, which adds unwanted vulnerability.

Container management, orchestration, clustering

Container orchestration or container management is mostly used in the context of application containers.

Implementations providing such orchestration:

  1. Kubernetes
  2. Docker swarm

Advantages

  1. Containers are lightweight and fast to deploy. The lightweight nature of containers can lead to meaningful operational and developmental cost reductions.
  2. They allow rapid development and deployment.
  3. The platform-agnostic nature of containerization makes it an appealing solution for scaling cloud-based applications. Thanks to dependencies, libraries, binaries, and configuration files being bundled together, containers can be redeployed as needed to any platform or environment.
  4. Free of geographic limitations

Disadvantages

  1. Containerization does not always benefit workloads and can sometimes result in worse performance.
  2. Monitoring hundreds of containers containing individual processes is difficult.

Reading material

  1. https://en.wikipedia.org/wiki/Containerization_(computing)
  2. https://www.trianz.com/insights/containerization-vs-virtualization#:~:text=Virtualization%20aims%20to%20run%20multiple,isolate%20processes%20from%20one%20another.

Containerizing applications

KNOWLEDGE GAP - LEARN MORE, IMPLEMENT THIS

  1. Containerizing a Java application:
    1. https://github.com/GoogleContainerTools/jib
    2. https://dzone.com/articles/manage-microservices-with-docker-compose
    3. https://github.com/explorer436/programming-playground/tree/main/java-playground/springboot-docker-demo
  2. Containerizing a Golang application:
    1. https://docs.docker.com/guides/go-prometheus-monitoring/containerize/
    2. https://docs.docker.com/guides/golang/run-containers/
    3. https://www.docker.com/blog/developing-go-apps-docker/
    4. https://betterstack.com/community/guides/scaling-go/dockerize-golang/

Tags

  1. Docker
  2. Podman
  3. Spring profiles
  4. Localstack
  5. tsh - Trusted Shell
  6. Kubernetes
  7. Red Hat Openshift

Links to this note