patternMajor
What is a container?
Viewed 0 times
containerwhatstackoverflow
Problem
There are some questions about containers, such as:
My questions:
- What role do Configuration Managment tools play in immutable infrastructure?
- Which problems does a container orchestration solve?
- Simple CI/CD Containers in AWS
My questions:
- What is actually a "container" (in the context of DevOps)?
- Why are they used?
Solution
The very first thing to know about a container is:
It is, first and foremost, a process.
Once that is understood, one can start to understand how containers compare and contrast with virtual machines. Containers and VMs both share isolation from their hosts. The method of isolation is the critical difference.
Container processes use extensions to the OS kernel host on which they run to isolate themselves from other processes. Other extensions also provide disk and resource isolation. Containers share their kernel and memory with the host OS.
Virtual Machines use a hypervisor to isolate VMs from their hosts. This is a layer of software that forwards requests for resources from "guests" (VMs) to the hardware. Disk isolation is provided by disk virtualization. VMs do not share a kernel with the host- they load their own kernels into memory space dedicated to the VM.
One important impact of this difference is that a container must be kernel-compatible with its host. For example, it is not possible to run a Windows Nano Server-based container on a Linux host, or an Ubuntu container directly on a Windows host. Virtual Machines, by contrast, can run any kernel regardless of host OS. When running a Linux container on a Windows host, Docker runs the container in a Linux VM.
The operational differences are in agility: containers start and stop about as fast as a normal process. VMs are "heavier," requiring dedicated resources set aside for them and take longer to start and shut down.
Containers offer a lot of flexibility to a DevOps operating model:
It is, first and foremost, a process.
Once that is understood, one can start to understand how containers compare and contrast with virtual machines. Containers and VMs both share isolation from their hosts. The method of isolation is the critical difference.
Container processes use extensions to the OS kernel host on which they run to isolate themselves from other processes. Other extensions also provide disk and resource isolation. Containers share their kernel and memory with the host OS.
Virtual Machines use a hypervisor to isolate VMs from their hosts. This is a layer of software that forwards requests for resources from "guests" (VMs) to the hardware. Disk isolation is provided by disk virtualization. VMs do not share a kernel with the host- they load their own kernels into memory space dedicated to the VM.
One important impact of this difference is that a container must be kernel-compatible with its host. For example, it is not possible to run a Windows Nano Server-based container on a Linux host, or an Ubuntu container directly on a Windows host. Virtual Machines, by contrast, can run any kernel regardless of host OS. When running a Linux container on a Windows host, Docker runs the container in a Linux VM.
The operational differences are in agility: containers start and stop about as fast as a normal process. VMs are "heavier," requiring dedicated resources set aside for them and take longer to start and shut down.
Containers offer a lot of flexibility to a DevOps operating model:
- Containers isolate software component dependencies. Developers can use containers to guarantee that an application module will function as well on their development machines as in QA/UA/Production
- Containers use software-defined networking to communicate
- Container definitions are declarative and can be source-controlled
- Container management systems (Kubernetes, DC/OS, Swarm) can manage hardware resource (compute/RAM/storage) pools and dynamically scale containers
Context
StackExchange DevOps Q#390, answer score: 20
Revisions (0)
No revisions yet.