Containers, Docker, Kubernetes Flashcards
What are containers and what are their advantages over VMs?
A lightweight alternative to VMs that sits on top of the kernel of a host OS
- they start almost immediately
- less resource intensive
- easier to create and manage
- mostly same benefits of VMs but also remove drawbacks of VMs
How do containers provide encapsulation?
- they encapsulate an application and it’s dependencies
- ‘code running inside a container is really just running on the host OS but shielded from the rest of the OS
Name some popular containerisation tools:
Docker, PodMan, Kubernetes, OpenShift
Describe the tech stack for containers
Layers:
Application1 Application2 Application3
Container1 Container2 Container3
Linux Kernel
Hardware
Describe the tech stack for containers + virtualisation
- run containers on the VMs, these have a virtual linux kernel which the containers run on.
Layers:
Application1 Application2 Application3
Container1 Container2 Container3
VM1 VM2
Hypervisor
Hardware
Why would you use containers + virtualisation despite the fact that VMs are resource intensive?
- It means the only permanent piece of hardware is the bare metal server
- so everything can be completely changed. One day you can run a kubernetes cluster, the next you can run a web server, without having to uninstall the linux kernel from the server.
- this is a very scalable method (as easier to spin up than VMs)
What is Docker?
How does it work?
- The most well known solution for containerisation
- containers are created from images which are specified in Dockerfiles. e.g. an Ubuntu image
- always start from an existing image
What is the command for downloading the latest ubuntu image from the main docker image repository, Docker Hub?
What is the command for running the downloaded image in a container?
docker pull ubuntu:latest
docker run -it ubuntu:latest /bin/bash
// this runs a new container and starts a bash shell with an interactive terminal (interactive mode)
// there’s no boot process for containers because they sit on top of the linux kernel
If the code to load the latest ubuntu image and run it is saved in a file called Dockerfile, what commands are used to build and run the docker container?
docker build -t hello - world .
// builds the docker image
// -t specifies to tag a name “hello-world” to the image
// . tells docker to use the current directory, thus docker looks for the dockerfile in this directory to define what goes into the image
docker run hello - world
// runs the docker container
What are the key dockerfile elements?
*Base image: specifies another image on which the new image is being built
* instructions: defines steps to build the image e.g. installing dependencies, files and the environment configuration
* commands: execute commands within the image during the build process
* exposed ports: specify which ports should be exposed when running a container from the image
*endpoint: define the command to be executed when a container is started from the image
Describe docker layers:
- docker images are made up of read only layers, each representing a dockerfile instruction
- Each layer represents a set of file system changes (like adding files or installing software)
- so a layer contains only differences from the previous layer
- layers are stacked on top of each other to form a base for a containers file system
Why does Docker uses a layered architecture?
To make image creation efficient and to support caching and reuse.
- If nothing changes in a layer’s instruction or the ones before it, Docker reuses the cached version instead of rebuilding it.
- This speeds up image builds significantly.
- If multiple images share common base layers (like python:3.11), Docker only stores one copy of that layer.
- This saves disk space and improves efficiency.
List 5 docker CLI commands and explain what they do:
docker ps //lists all running containers
docker ps -a //lists all containers, including stopped ones
docker stop [ CONTAINER ID ] //stops a running container
docker rm [ CONTAINER ID ] //removes a stopped container
docker rmi ubuntu:latest // removes an image
Explain container isolation:
- containers create an illusion of separate OS’ on top of a host OS
- a container is just a collection of processing running on the host OS
- the linux kernel isolates the containers processes on the host OS, as well as providing resource management and file system abstraction
- Each container runs in its own set of namespaces, providing a somewhat isolated environment.
Describe the use of the linux kernel in regard to containerisation:
the linux kernel enables:
*Namespaces: that isolate system resources for a collection of processes
* control groups (cgroups): manages resources allocation and usage for containers
*union file systems: allow containers to share a read only base file system, maintaining separate writable layers
Describe linux namespaces:
*these isolate process groups, providing each container with it’s own view of system resources such as network, processes and mount points
*ensure each set of processes sees its own isolated instance of a global resource.
What are the 6 types of linux namespaces:
*PID: isolates the process ID number space: for a running container, shows only processes running in a specific namespace (won’t see processes for other containers with different namespaces)
*NET: the network namespace which virtualises the network stack. provides different network stacks for different containers.
*MNT: manages mount points (file systems)
*UTS: unix time sharing isoles host and domain names
*IPC: isolates inter process communication
*USER: provides privilege isolation and user identification segregation
Describe Control groups (cgroups)
- they manage resource allocation for containers
- limit/monitor resources (CPU, memory, disk, I/O) that a container uses
- ensures containers can’t monopolise resources
Describe union file systems:
- provide a layered file system
- allows containers to share the kernel and a read-only base file system while maintaining separate writable layers for each container
Explain how containers are useful for the proliferation of services?
- they’re so lightweight running a single process in a container isn’t inefficient
- they don’t require a lot of manual config like servers to do run applications on
- they are a solution for deploying services, so companies with large cloud computing resources can run billions of them
What is Kubernetes?
The most popular piece of container orchestration software that manages containers at a scale in the cloud.
- open source, automates deployment, scaling and operation of containers
What are microservices?
a style of software architecture that can take advantage of the ability to run large numbers of containers
What is orchestration software?
Sits on top of data centre hardware providing:
- deployment of applications on the data centre
- scaling of applications resources on demand
- self-healing: restarting applications that have crashes
- zero downtime updates and rollbacks
Describe the advantages of kubernetes:
- runs on DC servers abstracting away complexity of underlying hardware to provide a simple interface for running containers, known as OS for DCs
- Kubernetes does hardware difficulty abstraction for DCs full of servers.
