When working on software development projects, have you ever run into a problem where you do not have the necessary framework or dependencies installed? This problem arises when the environment used to support or develop software is not identical to the production environment where it is run. For example, you may have Visual Studio 2019 installed, but Visual Studio 2017 is necessary to support a particular application. It is not merely different software that can cause this problem, but network topology could be different, or security policies and storage might differ. Today, a Container can be used to solve these issues.
How can a Container help you? A Container is a tool for lightweight virtualization. Like Virtual box and VM ware, a Container allows your single computer to act like multiple computers while only using operating system-level virtualization. A Container makes it easier for you to pack, ship, and execute your program with its framework and dependencies in one package. By containerizing the application platform and its dependencies, differences in OS distributions and underlying infrastructure are abstracted away. But how exactly does operating-system-level virtualization do this, and what makes it useful?
Operating-system-level virtualization is where your computer kernel allows the existence of multiple isolated user-space instances. These user-space instances enable applications and users to feel like they have a complete set of computer resources at their disposal, all within the host operating system. Several capabilities must be present for OS-level virtualization to function.
The first capability required for OS-level virtualization to function is the change root function, also known as chroot, created in Linux 1979. Chroot is a command which causes a different directory to be the new root directory. The operating system boots up from the root directory, so changing the root directory enables a different operating system to boot up on a device.
Two additional capabilities are now central parts of enabling OS-level virtualization, Namespaces and Control groups.
Namespace’s limit what each user-space can see by providing isolation. Containers use namespaces of various kinds to provide the seclusion that is needed to remain portable and refrain from affecting the host system. Each aspect of a container runs in a separate namespace, which has limited access.
1. In a pid namespace you become a process identified by a PID # and your children are other processes. All the other programs outside of this tree not visible within the namespace.
2. In a mount namespace you can mount and unmount filesystems without affecting the host filesystem. This allows you to have a totally different set of devices mounted (usually less).
3. In a network namespace you can run programs on any port you want without it conflicting with what’s already running.
Control group (Cgroup)
Cgroup provides resource limitations and reporting capabilities within the container space.
Control group commonly manage:
- Network Bandwidth
In this article, you have learned a little about containers. You learned how OS-level virtualization creates the illusion of multiple user-spaces on a single computer and how Namespace isolates the user-space from the underline host. In addition, Cgroup gives you the ability to limit resources within your containers like CPU or memory. When considering which tool to use in your future software development projects, I hope you remember the benefits that Containers provide and how its lightweight virtualization could lighten your load.