Why use containers and container tools? Container engines
Devopsity on 02-08-2022
Devopsity on 02-08-2022
The very beginning of containers and containerization started in 1979, when chroot - a Unix operation - was introduced. Chroot was changing the apparent root directory for the current running process and connected processes. This enabled developers to isolate a safe environment in which processes were carried independently to the rest of the system. In the 21st century this function was developed into a command called jail andthrough the next decadeit evolved from a small function into a whole advanced system inspired by logistics known as containerization and container service.
As it was mentioned in our previous article about container orchestration tools, containers are packages of software with essential elements needed for starting an application. Thanks to them, creating automation or testing are easier and faster. What’s more, they are reusable and don’t need many resources like, e.g. separate OS or kernel. To main advantages of containers we can also add mobility and scalability.
Does it mean containerization is the one and only good way of IT future? Not really.
Containers provide better security, but require specific knowledge about the system configuration. Also in case of software working only locally in a form of a single binary, it might be more practical to run an application without containers.
LXC is a shortcut of Linux Containers and was created for a software container environment with a Linux source. It is very rapid, user-friendly and fast deployable. LXC gives a possibility to control the virtual environment with userspace tools on the same operating system, which reduces costs. Main advantages of this container engine are: simplicity, in-built support for various Linux hardening policies and running on almost every architecture. On the other hand, the LXC container relies on the host kernel directly, so it won’t run on other systems than Linux.
LXD is the next generation, an extension of the LXC in virtual machines management. It uses the REST API that connects one of the LXC software resources, i.e. libxlc. Everything is managed with a simple command line tool, which makes LXD more user-friendly and intuitive. Besides it also provides mass storage management, a flexible network for operational teams and better container configuration. However, same as LXC, it can be only run on Linux system.
Docker was created in 2011 and presented in 2013 during PyCon conference in Santa Clara. With this system, developers can easily separate containerized applications from the infrastructure. Each container is independent, so a few containers from one server can be run simultaneously. This reduces the problem of delays and makes the whole process of deployment, testing, and shipping much faster.
There are two specific tools in Docker enterprise - DevOps engineers can use Docker Compose and Docker Swarm. Docker Compose configures multiple containers only in one host, whereas Docker Swarm can do the same process across many hosts, providing higher application availability. Docker Swarm becomes more helpful in container management, as mentioned in the previous post.
Among the most frequently cited advantages of Docker Compose are: multi-container descriptor, fast development environment setup, easy linking of containers and simple yaml configuration. When it comes to limitations, Compose requires a manual installation and updates, it also keeps data in the container (which means that when a container goes down, it needs a backup and recovery) and doesn’t provide access to the yum/apt packages.
Introduced by CoreOS in December 2014 rkt is a container engine developed for modern cloud-native solutions. The basic units of rkt are pods, collections of one or more containerized applications working with a shared context (these pods are similar to Kubernetes container orchestration system). Rkt architecture provides a modern, standard container format where every pod executes directly in the classic Unix process model. To the main advantages we can count also composable (rkt integrates with init systems, scripts, and complex devops pipelines), customizable isolation (it has pluggable runtime architecture that can give an appropriate level of isolation), and also smaller footprint in comparison to e.g. Docker.
Established by Docker and other running containers leaders in June 2015, OCI is an open system of management with two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec). The first one briefly describes how to run an unpacked bundle of filesystems, whereas the second is responsible for the archive format of OCI container images. The goal is to create interoperable tools for building, transporting, and preparing a container image to run.