Open in app

Sign in

Write

Sign in

Containers Part 1: Why You Need them

Primer on how Docker works

Maria Valcam
Beamery Hacking Talent

--

This blog post will explain how Docker works. It is divided in two parts:

  • This First Part explains what virtualization is and why we should use containers.
  • The Second Part focuses on Docker and its many features (check it here).

Why using virtualization?

There are several reasons why using virtualization is a good idea:

  • Easier to Deploy. There is no need to install dependencies and configure your application.
  • Consistent environments. The application and dependencies are abstracted and are very easy to move it from one environment to another.
  • Security. Processes are isolated and they do not have permission to the rest of the machine.

For using virtualization, we have two options: Virtual Machines and Containers.

Virtual Machines

VM structure — OS are in yellow and Virtualizations are in blue

Virtual Machines (VMs) require its own dedicated OS. When the physical server is powered on, once the hypervisor boots, it lays claim to all physical resources (CPU, RAM, storage, NICs,..). The hypervisor then carves these hardware resources into virtual versions that look and feel exactly like the real ones. It then packages them into a software construct called Virtual Machine. We then take all those VMs and install OS and applications.

Containers

Containers structure — OS are in yellow and Virtualizations are in blue

You can see a container as a process in your machine that runs with very limited resources and permissions.

All containers in a single host share a single Kernel.

So container images for Windows, will not run on a Linux host.

A Linux container can be created thanks to:

  • Kernel namespaces. It is a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources. Since kernel version 4.10, there are 7 kinds of namespaces: Mount, process ID, network, interprocess communication (IPC), UTS, User ID and Control Group
  • Control groups (cgroup). It isolates the resource usage (CPU, memory, disk I/O, network, etc.) for a collection of processes.
  • Unionfs. It allows files and directories of separate file systems, known as branches, to be transparently overlaid, forming a single coherent file system.

Why using Containers instead of VMs?

VMS are less efficient because they use an OS. Every OS:

  • Consumes resources: CPU, RAM and storage.
  • Has a license cost.
  • Needs patching and monitoring.
  • Requires time to initialize hardware and kernel bootstrap.

The only feature that containers cannot offer, is to run a Windows container on a Linux host… but who cares? 😆

How to create a container?

There are many ways to create a container… you can even create them by typing some code! Liz Rice made an amazing talk on How to create containers from scratch:

Containers From Scratch — Liz Rice

You can also use RKT or containerd, but Docker has become the de facto tool for creating containers, so we are going to deep dive on it in the second part of this series.

Thanks for reading!

Hope you liked this blog post. Check the second part in here if you want to know more about Docker.

Please leave a comment or send me a message on Twitter to @Marvalcam1.

Docker
Virtualization
DevOps
Containers
Engineering

--

--

Maria Valcam
Beamery Hacking Talent

Written by Maria Valcam

523 Followers
Writer for

Engineer with an MBA. I am interested in Business, Doversity and Engineering.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams