Containers - bobbae/gcp GitHub Wiki

What is a container?

A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings.

An OS-level virtualization, different from Virtual Machines, is an operating system paradigm in which the kernel allows the existence of multiple isolated user space instances. Such instances, called containers (LXC, Solaris containers, Docker), Zones (Solaris containers), virtual private servers (OpenVZ), partitions, virtual environments (VEs), virtual kernels (DragonFly BSD), or jails (FreeBSD jail or chroot jail), may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources (connected devices, files and folders, network shares, CPU power, quantifiable hardware capabilities) of that computer. However, programs running inside of a container can only see the container's contents and devices assigned to the container.

A container is attached to different namespaces.

Namespaces, along with other technologies like cgroups and more, form the foundation of containerization.

https://www.docker.com/resources/what-container

Container Images

A container image is a ready-to-run software package, containing everything needed to run an application: the code and any runtime it requires, application and system libraries, and default values for any essential settings.

By design, a container is immutable: you cannot change the code of a container that is already running. If you have a containerized application and want to make changes, you need to build a new image that includes the change, then recreate the container to start from the updated image.

Container images use Union Filesystems. In Linux, docker originally use AUFS but they use OverlayFS now. The details of union filesystem use in docker container images can be found at https://martinheinz.dev/blog/44.

Borg and Omega

Google infrastructure is containerized, using a cluster management system called Borg and Omega.

Container runtimes

The container runtime is the software that is responsible for running containers.

Kubernetes supports several container runtimes: Docker, containerd, CRI-O, and any implementation of the Kubernetes CRI (Container Runtime Interface).

Containers vs. VMs

Virtual machines and containers differ in several ways, but the primary difference is that containers provide a way to virtualize an OS so that multiple workloads can run on a single OS instance. With VMs, the hardware is being virtualized to run multiple OS instances. Containers’ speed, agility, and portability make them another tool to help streamline software development.

https://www.weave.works/blog/a-practical-guide-to-choosing-between-docker-containers-and-vms

Comparison of containerizing vs using VMs

https://www.youtube.com/watch?v=TvnZTi_gaNc

Different ways to run containers in GCP

https://www.youtube.com/watch?v=jh0fPT-AWwM

Docker image and layered filesystem

https://medium.com/@BeNitinAgarwal/docker-containers-filesystem-demystified-b6ed8112a04a

https://blogs.cisco.com/developer/container-image-layers-1

Container Analysis

https://cloud.google.com/container-analysis/docs

containerization fit analysis

https://medium.com/google-cloud/to-containerize-or-not-c3366c55f0b

Artifact management

https://cloud.google.com/artifact-management/docs/overview

Container Scanning

https://cloud.google.com/container-analysis/docs/container-scanning-overview

Securing Containers With Google’s Container Optimized OS & Distroless Container Images

https://medium.com/google-cloud/securing-containers-with-googles-container-optimized-os-distroless-container-images-11449caba2ec