What is a Linux container?

An intro to Linux containerisation.

Basic: Containerisation helps to isolate processes. You can run your App/Services as an isolated process, running from a distinct image that provides all files necessary to support the processes.

Basically Linux containers are OS level virtualisation technique for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel.

How Linux kernel isolate containers each other?

The Linux kernel isolates containers with the help of cgroups functionality and namespace isolation functionality. The cgroups (Control Groups) is a Linux kernel feature to isolate a process or processes with pre defined resources like CPU, memory, disk I/O, network, etc.

The namespace helps to organise objects of various kinds. namespace allows complete isolation of an applications’ view of the operating environment, including process trees, networking, user IDs and mounted file systems.

Why containers?

To speed up Application deployment. How? Containers are platform independent. Consider the scenario, you are running an application on a live production server and you need to deploy changes on your application periodically. The containerisation technique helps the deployment process painlessly by reducing the total time required for rewriting, and break/bug-fixing on your App.

You can execute the same Application in your Lap by loading the container image. Also in the testing server. If everything okay, simply deploy it on production environment without massive headache. No matter the infrastructure.

That’s a simplified example, but Linux containers can be applied to problems in many different ways where ultimate portability, configurability, and isolation is needed.

Is it traditional virtualisation?

As we all are familiar with Linux Virtualisation techniques, so this question is relevant. However, the concept is entirely different. In Linux virtualisation many operating systems run simultaneously on a single system.

In containerisation, you are isolating your applications (it’s processes and dependencies) by sharing the same operating system kernel.

See the image added below. This can the concepts simply.

Containers are lightweight as compared to virtual machines.

The idea behind Linux containers were originated from FreeBSD jail. FreeBSD jail is a technology that allows the partitioning of a FreeBSD system into multiple subsystems, or jails. Jail is actually a chrooted environment where access to the filesystem, networking, and users is virtualized.

System administrators can share this jail with different users/groups in the system. Very quickly, the containerisation technology comes into reality by combining many technologies like cgroups, namespace, systemd etc.

Some containerisation techniques are:

1. LXC
2. systemd-nspawn — Spawn a namespace container for debugging, testing and building
3. Docker   etc..

Now-a-days Docker is one of the most popular Containerisation technology in industry. The docker technology combines the work of LXC with further-improved tools for developers, increasing the user-friendliness of containers.

Will add more details about Docker soon.

Linux containerisation in a nutshell.!

Linux containerisation is an evolutionary jump in how we develop, deploy, and manage applications. Linux container images provide portability and version control, helping ensure that what works on a developer’s laptop also works in production. That’s is the main advantage of containers.

Linux containers are portable, lightweight, platform independent etc…

 

Web hosting concepts – A simplified view with examples

Post navigation

Arunlal Ashok

Cloud Infrastructure / DevOps Engineer. I know her (Linux) since many years. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team CryBit.com

Leave a Reply

Your email address will not be published. Required fields are marked *