.
What is a Container
- A container is a self-contained ready-to-run application
- This is what makes it different from a virtual machine!
- Containers have all on board that is required to start the application
- To start a container, a container runtime is required
- The container runtime is running on a host platform and establishes communication between the local host kernel and the container
- So, all containers, no matter what they do, run on top
of the same local host kernel
Container Components
- Images are read-only environments that contain the runtime environment, which includes the application and all libraries it requires
- Containers are the isolated runtime environments where the application is running. By using namespaces the containers can be offered as a strictly isolated environment
- Registries are used to store images. Docker Hub is a common registry, other registries exist (like quay.io) and private registries can be created also
Containers are Linux!
- Containers are based on features offered by the Linux
operating system - Linux Kernel Namespaces provide strict isolation between system components at different levels
- network
- file
- users
- processes
- IPCs
- Linux CGroups offer resource allocation and limitation
Container Runtimes
- The container runtime allows for starting and running the container on top of the host OS
- The container runtime is responsible for all parts of running the container which are not already a part of the running container program itself
- Different container runtime solutions exist
- docker
- Ixc
- runc
- cri-o
- containerd
- These runtimes are included in the different container solutions
The OCI
- OCI is the Open Containers Initiative (https://opencontainers.org)
- It standardizes the use of containers
- The image-spec defines how to package a container in a “filesystem bundle”
- The runtime-spec defines how to run that filesystem in a container
- OCI standardization ensures compatibility between containers, no matter which environment they originally come from
- The result is that for instance images made for Docker work without modifications in Red Hat Podman
Docker
- Docker is important in the container landscape, but Docker is NOT the only way to run containers
- When it started in 2013, Docker offered the following:
- Container image format
- Dockerfile, which is a method for building container images
- A way to manage container images
- A way to run containers
- A way to manage container instances
- A solution to share container images
- Podman is the main alternative to Docker
Alternatives to Docker
- With the launch of RHEL 8, Red Hat started offering Podman as an alternative to Docker
- Podman runs containers without the need of having a daemon directly on top of the cri-o container runtime
- Buildah is the related service that is used for managing container images
- Other solutions for running containers also exist
- LXC is a Linux-native container runtime
- systemd-nspawn offers containers integrated in Systemd
Registries
- Container registries are used to provide access to container images
- Registries make distribution of containers easier: anyone can publish images on public registries
- Docker Hub (hub.docker.com) is the biggest registry
- Other registries exist as well, like quay.io
- It’s also possible to create private registries
Accessing Registries
- Access to registries is normally free
- In some cases, additional authorization is required and you’ll need an account to access registry contents
- On Docker Hub, an account gives access to additional features
- Higher image pull limit
- Web hooks connecting to GitHub
- Use the browser-based login, or
docker login
from the command line
Starting Containers
- Many environments are available, let’s look at Docker
- To use containers on RHEL 8 and related distributions, you can use podman instead of docker
- Use
dnf install -y container-tools
to install podman and related utilities
Installing Docker on Ubuntu
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo apt-key fingerprint OEBFCD88
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(Isb_release -cs) stable"
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo docker run hello-world
Running a Container
mkdir -p /var/www/html
echo hello from docker >> /var/www/html/index.html
docker run -d -p 8080:80 --name="myapache" -v /var/www/html:/var/www/html httpd
docker ps
ss -tunap | grep 8080
curl http://localhost:8080
Running Another Container
docker run -it busybox
will start the busybox container with an interactive terminal to the entrypoint applicationCtrl-p, Ctrl-q
to disconnect and keep it runningexit
to stop the current container application- If you were connected to the entrypoint application, the container will stop
- If you were connected to another shell session, the container will continue
Managing Containers – Common Commands
docker ps [-a]
: shows currently [and past] running containersdocker start
: starts a container from a locally stored imagedocker stop
: stops a container using Linux SIGTERMdocker restart
: restarts a currently running containerdocker kill
: stops a container using Linux SIGKILLdocker rm
: removes all container files from the host operating system
Inspecting Container Settings
docker ps
will show the IDs of containers: pick one!docker inspect <ID> | less
docker inspect --format='{{.NetworkSettings.IPAddress}}' containername
docker inspect --format ='{{.State.Pid}}' containername
- Alternatively, use
ps aux
on the host to find the container PID
Managing Images
- After fetching, the container images are stored on the host
- Use
docker images
to get a list of images - Or use
docker image --help
to get an overview of all options related to managing container images
Container Logging
- The container application does not connect to a STDOUT, which is why logs,
by default, are written to the container - Use
docker logs mycontainer
to get access to the container log - Using
docker logs
is convenient for troubleshooting
Lab: Using Containers
- Run the latest version of Ubuntu in a container
- In interactive mode, start a bash shell and explore the
/etc/os-release
file, as well as the kernel version (uname -r
) - Disconnect from the container without shutting it down
As we see the kernel version in the container is alwys the same like in the virtual machine.