Container
- A computer program running on an ordinary operating system can see all resources (connected devices, files and folders, network shares, CPU power, quantifiable hardware capabilities) of that computer. However, programs running inside a container can only see the container's contents and devices assigned to the container.
- Operating-system-level virtualization implementations capable of live migration can also be used for dynamic load balancing of containers between nodes in a cluster.
- The key difference between containers and VMs is while the hypervisor abstracts an entire device, containers just abstract the operating system kernel.
-
Several cloud companies offer container hosting and container image registry services: Azure Kubernetes Service (AKS), Amazon EC2 Container Service (ECS), AWS Elastic Container Registry (ECR), Google Cloud Container Registry, Docker Trusted Registry.
Linux Namespaces
- The Linux Namespaces originated in 2002 in the 2.4.19 kernel with work on the mount namespace kind. Additional namespaces were added beginning in 2006 and continuing into the future. Adequate containers support functionality was finished in kernel version 3.8 with the introduction of User namespaces.
- Since kernel version 4.10, there are 7 kinds of namespaces: Mount namespaces, PID namespaces, Network namespaces, IPC namespaces, UTS namespaces, User namespaces, cgroup namespace.
Linux cgroup
- The cgroup (control groups) subsystem is a Resource Management and Resource Accounting/Tracking solution, providing a generic process-grouping framework. It handles resources such as memory, cpu, network, and more. cpu, memory and io are the most important resources that cgroup deals with.
- The implementation of the cgroup subsystem required a few, simple hooks into the rest of the kernel, none in performance-critical paths.
- cgroup v2 establishes a strict and consistent interfaces. You cannot use the same type of controller simultaneously both in cgroup v1 and cgroup v2.
Orchestration - Kubernetes
- Kubernetes is by far the most dominant cloud-orchestration program.
Docker市场
- Far from being an experimental technology only deployed by fast-moving startups, it was apparent that Docker adoption was being driven by companies with more sizable infrastructure deployments.
- Real-world data backs up the conclusion that Docker is being widely adopted. Proprietary software companies such as Oracle and Microsoft have also embraced Docker. Today, almost all IT and cloud companies have adopted Docker.
- The most widely used images for Docker are: Nginx, Redis, Postgre.
- The median company that adopts Docker runs eight containers simultaneously on each host.
- In organizations running an orchestrator, the typical lifetime of a container is about 12 hours. At organizations without orchestration, the average container lives for six days.