Let's talk about Containers

Welcome to the first lesson! Before we dive straight into Kubernetes, I would like to talk to you about Containers and why they have become central to our deployment paradigms in recent years. It is essential that we understand what containers are in order to see the true value of the Kubernetes ecosystem.

What are containers?

A Container is a unit of software that packages code and its dependencies, such that it can be executed reliably across different computing environments.

In other words, a container is an executable package that includes everything an application needs to run, such as code, necessary frameworks, libraries, packages and system tools. Essentially, containers help us create reproducible environments for an application. This is particularly useful for deploying applications in a distributed system with many nodes, where dependencies need to be consistent across different machines.

Why use containers?

Scalability and Parallelization:

If the code is an isolated/decoupled manner, containers can help us scale the application to manage heavy loads and perform operations in parallel across a large number of compute instances. This means we can more easily handle spikes in traffic without having to manually provision additional servers or resources.

Portability

Containers follow standard formats for packaging an app and its dependencies, which makes it possible to move an application from one environment to another, such as from a developer's laptop to a staging environment to a production environment in a cloud provider. This enables faster development and deployment cycles, and predictable production deployment behavior.

Isolation and Security:

Containers help run applications in their own self-contained environments. This level of isolation allows for multiple apps with their own dependencies to run on the same hardware without conflicts and limits the blast radius of security vulnerabilities. Beyond that, they can be made to adhere to the principle of least privilege, subject to access control and network restrictions. This means that even if a container is compromised, it cannot affect the host system or other containers running on the same machine.

Efficiency of Resources

Containers usually define the amount of resources they require in order to run. This (combined with isolation guarantees) makes it simple to run containers of varying sizes and to optimize costs by running multiple containers on the same machine.

How do containers work?

Containers are run on a host OS and share the Host OS's kernel. "But you told us there was isolation in containers, but now you say it shares the kernel with the same OS?!?!". You're right, it does share the kernel, but it uses a few kernel tricks to achieve the isolation.

First, it uses cgroups. Cgroups allows containers to allocate and limit the system resources provisioned for it. This includes resources such as CPU, memory, and disk I/O. It ensures that a container cannot use more resources than it is allowed and allows for resource allocation to be managed at the container level.

Second, it uses namespaces. Namespaces allow the container to obtain a separate view of the system's file system resources and network interfaces. Each container has its own file system, network interfaces, and hostname, which are separate from the host system. This ensures that different containers do not interfere with each other and operate as though they are on separate machines.

I'm sure there are more tricks but knowing this should be enough for now.

How are containers run?

Now for a container to run an application, it first needs to be packaged. For that, we introduce the concept of container images.

A Container Image is a single unit of packaged code, which includes both your applications and all of its dependencies, that can be stored, distributed and run via container runtimes.

What is a container runtime?

Once you have created a container image, you need a container runtime to execute the container image.

A Container Runtime creates a container instance from a container image, and provides the necessary runtime assistance for the container, such as provisioning a read-write layer for the container to use during runtime.

The two most popular container runtimes are Docker and containerd.

Docker is a high-level container runtime that provides a simple and easy-to-use interface for building, managing, and running containers.

Containerd is a low-level container runtime that provides a more modular and extensible architecture for managing containers.

Regardless of which runtime you choose, the runtime alone is not enough to manage a large number of containers. There needs to be a component that can help manage and coordinate these containers, so they can play well with each other. This is where Kubernetes comes in, and we'll take a look at that in the next chapter.

Conclusion

Containers have become an essential component of modern-day software development. If you were previously intimidated by containers, I hope that this course helps you build an appreciation for their value. In the long term, containers can enhance your productivity and the quality of the software you build.

With their ability to provide an isolated and portable application environment, containers offer numerous benefits including efficient resource utilization, consistent deployment, and ease of management. By embracing containers, you can stay ahead of the curve and take advantage of the latest technologies to improve your development workflow.

Excited to be on this journey with you!