Linux Containers: About Linux Containers and More
Containerisation using Docker is the new way of virtualizing servers to provide services. Containers have the benefit of sharing common libraries and binaries which means they are less resource intensive than virtualization. A single VPS or server can host hundreds of docker containers with minimal effort.
Docker containers are also very fast as they don’t have to boot an entire OS. This makes them ideal for scaling as orchestration software like Swarm or Kubernetes can start up more machines as needed, then shut them down when traffic to the application subsides.
Containers are portable which means you can move them from one Docker server to another quite easily and because they contain the entire environment in a single file, you never have the issue of “but it works on my machine”
Benefits of containers vs virtual machines
Virtualization | Docker Containers |
|---|---|
Hypervisor | Libcontainer |
Virtual Machine | Container |
Template | Image |
Linked VMs | Repository |
Catalog | Registry |
Boots in minutes | Boots in milliseconds |
Variety of guest OSes | Limited to Linux |
VMs are dependent on hypervisor | Containers are portable |
VMs can be multiple GB’s in size | Containers are lightweight |
Requires more memory | Require less memory space |
Hardware virtualization | OS virtualization |
Docker swarm is a container orchestration tool that comes with Docker. It provides clustering and scheduling of Docker containers to allow system administrators and developers to manage multiple docker nodes as a single virtual system. A node is the system that hosts docker containers.
This allows for high availability and load balancing of applications.
Docker Swarm can distribute containers in 3 ways across the nodes it controls:
- Spread — balances containers across the nodes based on the nodes’ available CPU and RAM, as well as the number of containers it is currently running.
- BinPack — Schedules containers to fully use each node. Once a node is full, it moves on to the next in the cluster.
- Random — Chooses a node at random.
We use 3rd party tools like Portainer so everything can be managed via a web interface so there is no need to learn the docker command line tools. We can also look at installing Watchtower to keep an eye out for new images and automatically deploy them when needed.
Google Cloud Platform (GCP) Container Services
GCP offers several container-focused services for deploying and managing containerized applications:
Google Kubernetes Engine (GKE)
- Fully managed Kubernetes service
- Autopilot mode for hands-off cluster management
- Built-in security and compliance features
- Automatic scaling and updates
- Integration with GCP’s monitoring and logging
- Support for both stateless and stateful applications
Cloud Run
- Serverless container platform
- Automatic scaling to zero when not in use
- Pay-per-use pricing model
- Support for any container that can handle HTTP requests
- Integration with Cloud Build for CI/CD
- Native support for container security scanning
Artifact Registry
- Centralized container registry
- Vulnerability scanning
- Integration with Cloud Build
- Support for container signing
- Fine-grained access controls
- Geographic replication options
Kubernetes Overview
Kubernetes is an open-source container orchestration platform that provides advanced features beyond Docker Swarm:
Key Features
- Advanced scheduling with pod affinity/anti-affinity
- Rolling updates and rollbacks
- Automatic bin packing
- Self-healing capabilities
- Service discovery and load balancing
- Automated rollouts and rollbacks
- Horizontal scaling
- Secret and configuration management
Core Concepts
- Pods: Smallest deployable units that can contain one or more containers
- Services: Abstract way to expose applications running on pods
- Deployments: Declarative updates for pods and ReplicaSets
- ConfigMaps and Secrets: Configuration and sensitive data management
- Namespaces: Virtual clusters for resource isolation
- Persistent Volumes: Storage abstraction layer
Advanced Features
- StatefulSets: For applications that require stable network identities and persistent storage
- DaemonSets: Ensure specific pods run on all or selected nodes
- Ingress Controllers: Advanced HTTP and HTTPS routing
- Custom Resource Definitions (CRDs): Extend Kubernetes API
- Helm: Package manager for Kubernetes applications
- Operators: Automated application management
Monitoring and Management
- Native integration with monitoring solutions
- Built-in logging and metrics
- Resource quotas and limits
- Role-Based Access Control (RBAC)
- Network policies for security
- Integration with external load balancers