Difference between revisions of "Introduction to containers"

From Knowledge Kitchen
Jump to navigation Jump to search
m
m (Registries)
 
Line 56: Line 56:
  
 
==Registries==
 
==Registries==
Since multiple developers may be working on the same project, there is a need for developers to be able to share the same container configuration (i.e. the image) the same way develoeprs may share code using pull/push from a central version control system.  Sharing configurations in this way will allow multiple developers to work on software under the exact same environmental conditions at all times by sharing images.
+
Since multiple developers may be working on the same project, there is a need for developers to be able to share the same container configuration (i.e. the image) the same way developers may share code using pull/push from a central version control system.  Sharing configurations in this way will allow multiple developers to work on software under the exact same environmental conditions at all times by sharing images.
  
 
Registries are:
 
Registries are:

Latest revision as of 09:09, 2 December 2019


A brief history of virtualization environments

Virtual Machines vs Containers vs. Bare Metal

A brief and very generalized walk-through of the various innovations in server virtualization. In reality, there are many varieties of virtualization at almost every level of computing.

Dedicated bare metal machines

  • Back in "the old days", a server was a some computer hardware in a single box
  • These boxes, like your personal computers, typically had one set of hardware, an operating system, and some applications installed on it.

Blade servers

  • A single physical machine is reduced to a single card, including the hardware, operating system, and applications for that computer.
  • Many such cards are slotted into a single "box", reducing space and sharing a single power supply.
  • This allows many dedicated machines packed more efficiently into a small space.

Virtual machines

  • One physical machine houses many "virtual machines" or "virtual servers" that each have a share of the resources of that single physical machine allocated exclusively to them.
  • Virtual machines are isolated from each other - each has its own operating system and apps and allocated resources
  • Virtual machines have protections against one consuming the resources of another.
  • This allows developers to be able to test applications quickly on many differently set-up virtual machines.

Containers

Self-propelled double-ended self sustained container barge. Photo by Prof. Dr.-Ing. Ulrich Malchow, via Wikimedia

Containers are a solution to the problem of having different environments where code is developed, tested, and deployed. Containers aim to package software up in a standardized way, as if they were standard-sized shipping containers on sea barges.

Containers deploy an entire environment together with the software running in that environment.

  • Application software
  • Libraries and other resources

Features of containers:

  • Like a virtual machine, a container is a virtual environment that is allocated some of the resources of the machine within which it is running.
  • Like virtual machines, there may be many containers running within the same machine.
  • Unlike virtual machines, containers do not need to include the operating system - the operating system can be a property of the machine within which many containers are running. This keeps containers smaller and simpler than traditional virtual machines.
  • Containers only include the bare minimum environment setup necessary for the application they have hosted within them to run.
  • Containers may be run in either physical or virtual machines.
  • Developers may ship the container to another physical or virtual machine and guarantee that the container will function the same on that other machine.

Key advantages of containers

  • Portability
  • Scalability

Current disadvantages

  • Costs more
  • More complex
  • Support/documentation sometimes lacking


Images

A container's configuration is specified in its "image"

  • images are the stuff from which containers are made
  • containers are instances of an image
  • creating a container is achieved by designing an image and instantiating it
  • a single image can be instantiated into many containers, which can then be run across many different machines, if desired

Registries

Since multiple developers may be working on the same project, there is a need for developers to be able to share the same container configuration (i.e. the image) the same way developers may share code using pull/push from a central version control system. Sharing configurations in this way will allow multiple developers to work on software under the exact same environmental conditions at all times by sharing images.

Registries are:

  • a central server used to store the images used to make containers
  • allow sharing of those images with teammates and the public
  • essentially the same concept as repositories in version control

It is possible to create Docker image repositories in services such as:

It is also possible to pass around Docker image files informally, as with any file sharing, for small teams.

Security

Containers can make testing more robust, since testing, development, and deployment environments are all set up the same way.

  • All security tests can be packaged into single container and then handed to all the different app development teams to build and test on.

Can have different containers for each type of apps (one each for Java, .NET, Node.js, etc)

  • in each, you put all tools necessary for testing, securing those kinds of apps

However, container technology can be less secure than a virtual machine, since containers do not run in isolation of one-another as containers do. Containers all share the underlying operating system as well as any resources in common. A security hole in one container may lead to catastrophic failure of the entire physical machine.

Automation

Containers can be integrated with automation tools, such as Jenkins or via settings within container registries such as Docker Hub.

References


What links here