Introduction to Linux Container / Docker (Part 1)

Preface

This article is for those who are just starting to use Linux containers and Docker. I've put together a rough overview to help you understand containers that are hard to reach if you haven't touched them.

Since it is long, I wrote it in two parts: Introduction to Linux Container / Docker (Part 2).

** Linux container (LXC) **

Concept of container

A container is simply a technology that isolates an application from the host OS. Create an isolated space in the Linux OS and create an environment that can operate without interfering with processes in other containers or processes on the host OS. At the same time, a clean environment can be provided by creating an environment separate from the existing host OS.

About the Linux kernel and distribution

Before we dive into the details of containers, let's start with Linux. The word Linux has two meanings: a "Linux kernel" in a narrow sense and a "Linux distribution" in a broader sense.

Linux in the narrow sense: Linux kernel

The kernel is the core part of the OS and performs basic process management and memory management. The kernel is common to all Linux operating systems.

Linux in a broad sense: Linux distribution (Linux OS)

The Linux kernel alone cannot be installed directly on a PC or server. A "Linux distribution" is a package of various drivers, libraries, and applications required to interact with HW.

Example:

** ⇒Although it looks different, all Linux operating systems use the same Linux kernel. ** (Of course, the version is different)

An overview of containers and the role of LXC

LXC is a tool for creating a container environment using the functions of the Linux kernel. It mainly uses the following kernel functions.

--Namespace… Divide processes and NW resources (virtual NIC, etc.) so that they cannot interfere with each other. --CGroup: Group procells and limit the resources such as CPU and memory that can be used by each.

Conventional case

--In many cases, the library (JDK in this case) on the OS is shared by multiple software. --Some of the libraries and packages included by default are not used --Software that works in one environment does not work in another environment (environmental difference)

image.png

With a container

--All dependent packages should be in the container, and vice versa. --It works the same on any Linux OS that uses the same kernel. --Processes inside the container are isolated by Namespace and cannot interfere outside the container.

image.png

** It's easier to understand (I think) to think of a container as an "isolated process" than to think of it as a "compact VM" **

Difference between VM and container

Difference in how to divide

VM ... Emulate hardware and boot OS on it Container ... Apparently quarantine processes and directories on the same OS

** VMs and containers are similar and different. The approach is exactly the opposite. ** **

overhead

VM ... Overhead for emulating hardware and running OS The container ... the entity is just a process running on the host OS, so there is almost no overhead. (*)

Software to put

VM ... Install and use a lot of software like a physical server Container ... Basically 1 container 1 software. Do not enter unnecessary libraries and commands (*)

You can see this by using the ps command inside the container.

psax2.png

Normally, Linux derives a large number of child processes from the init process of PID1, but you can see that PID1 suddenly becomes Apache in the container.

Usually like this. PID1 is init. psax.png

Benefits of using containers

It has the following merits. (Quoted from LXC official website)

  1. Improved security By preventing an application from interfering with other applications, it is possible to reduce the damage caused when the system is invaded.

  2. Improved loose coupling Since applications can be run in one host OS without interfering with each other, changes to one software do not affect other software.

  3. System abstraction The container hides the host OS and hardware, and can create an environment that operates stably in any environment.

Summary

container

--In a container, you can easily create and destroy an application and a set of libraries required to execute it.

--The substance of the container is a directory or process on the host OS separated by Namespace.

--Basically, only the minimum files necessary for operation are put in the container, It is not impossible to use it as a container for the entire distribution.

Part 2

Continue to Introduction to Linux Container / Docker (Part 2).

Recommended Posts

Introduction to Linux Container / Docker (Part 1)
Introduction to Linux Container / Docker (Part 2)
Introduction to Docker / Kubernetes Practical Container Development
Introduction of Docker --Part 1--
Introduction to Spring Boot Part 1
Pass environment variables to docker container
[Docker] Operation up to container creation # 2
[Linux] Start Apache container with Docker
Introduction to Docker (1) Frequently used commands
Docker push to GitHub Container Registry (ghcr.io)
Introduction to swift practice output Chapter 5 Part 2
[Docker] Copy files from docker container to host
Docker container build fails to install php-radis
Install Docker with WSL2 Memo ([Part 2] Docker introduction)
[Introduction to Docker] Official Tutorial (Japanese translation)
Introduction to Ruby 2
Introduction to SWING
[Summary of technical books] Summary of reading "Introduction to Docker / Kubernetes Practical Container Development"
Introduction to web3j
Introduction to Micronaut 1 ~ Introduction ~
[Java] Introduction to Java
Small Docker container
Introduction to migration
Rails Docker ~ Part 1 ~
Rails Docker ~ Part 2 ~
Introduction to java
Introduction to Doma
How to check the logs in the Docker container
[Docker] Introduction to docker compose Basic summary of docker-compose.yml
How to get a heapdump from a Docker container
Road to Java Engineer Part1 Introduction & Environment Construction
Setting to exit from Docker container with VScode
Copy files from docker container to host (docker cp)
I made a Docker container to run Maven
How to update pre-built files in docker container
Easy setup to run docker command without sudo (Linux)
Introduction to JAR files
[Introduction to Docker x ECS] ECS deployment with docker compose up
Introduction to Ratpack (8)-Session
Steps to push Docker image to GitHub Container Registry (ghcr.io)
Introduction to algorithms in java-lexicographic order / combination omnivorous (part1)
Introduction to RSpec 1. Test, RSpec
Introduction to bit operation
Introduction to Ratpack (6) --Promise
Introduction to Ratpack (9) --Thymeleaf
Introduction to PlayFramework 2.7 ① Overview
Introduction to Android Layout
Create a Docker container to convert EPS to PGF source
How to install Docker
Introduction to design patterns (introduction)
Introduction to Practical Programming
Introduction to javadoc command
Introduction to jar command
Introduction to Ratpack (2)-Architecture
Introduction to lambda expression
A memorandum when installing Docker and building a Linux container
Introduction to java command
Docker container usage scene
Introduction to RSpec 2. RSpec setup
Introduction to Keycloak development
Push Docker images from GitHub Actions to GitHub Container Registry