arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Container-based Virtualization: The Big Picture
#1
To answer the question asked in this post of mine, ie the 'where Docker containers fit in the big Container-based Virtualization picture, an overview of the whole field is warranted and -as usual with me- this is done in its historical context. So, this thread is about setting the broad historical context of Containers technologies, highlighting the milestones events occurring in the path towards the kick-starting of the LXC project in 2008, which led to the Docker project, open-sourced in 2013, which was foundational in setting the industry standard for 'containerized application' and all the tooling that goes with it.
-------------------------------------

Container-based virtualization (ie OS virtualization), as contrasted to the hypervisor-based or VM-based virtualization (ie machine/hardware virtualization), has been a hot subject in the IT world for more than a decade now.

The following table (*) gives a direct comparison between VMs and containers:
Virtual Machines (VMs)                   | Containers
--------------------------------------------------------------------------------------
Represents hardware-level virtualization     Represents OS-level virtualization
Heavyweight                                  Lightweight
Slow provisioning                            Real-time provisioning and scalability
Limited performance                          Native performance
Fully isolated thus more secure              Process-level isolation thus less secure
(*)- The code tag is used here to maintain the table formatting.

1- Containerization technologies
Containers are an old concept. Below is a summary list for the milestones and evolution of the concept which culminated in the split between system containers and the more popular application containers championed by Docker Inc. since 2013 and their standardization in the OCI specification in 2015:
  • For decades, UNIX systems have had the chroot command that provides a simple form of filesystem isolation.
  • The FreeBSD jail: since 1998, FreeBSD has had the jail utility, which extended chroot sandboxing to processes.
  • Solaris Zones offered a complete containerization technology around 2001 but was limited to the Solaris OS for the x86 and SPARC systems.
  • In 2001, Parrallels Inc released the commercial Virtuozzo container technology for Linux and later open sourced the core technology as OpenVZ in 2005.
  • In 2006, Google Inc. started the development of CGroups for the Linux kernel and began switching its infrastructure to containers.
  • In 2007, Linux kernel 2.6.24 released with support for cgroups v1 (Control groups.)
  • In 2008, The Linux Containers (LXC) project started and brought together CGroups, kernel namespaces, and chroot technology (among others) to provide a complete containerization solution in Linux systems.
    > LXC is a project centered around a C-based library, liblxc which allows for the creation of containers of any type from userspace. It also provides a set of tools (lxc-*) that allows interacting with that C library and offers a raw low level user interface. This is why it it remained only useful for system engineers with the required know-how.
  • In late 2014, Canonical launched LXD project which is a REST API written in Go around LXC and creates a system daemon that apps can access locally using a Unix socket, or over the network via HTTPS. The goal being the democratization of system containers by lowering the entry-level for non-specialists.
  • In 2016, Canonical released LXD, which is its own container manager that focuses on system containers and which uses liblxc through go-lxc.

Among the Containerization technologies listed above, LXC (for LinuX Containers) is the one that interests us in this thread as it's the original implementation from which all kinds of other Linux containers implementations derive, including Docker containers. It indeed represents an operating-system-level virtualization environment (VE) for running multiple isolated Linux systems (containers) on a single Linux machine. These Linux containers are basically made of three Linux kernel primitives:
  • Linux namespaces which defines what a process can see
  • CGroups which set the resources a process can use
  • A rootfs
More on this later when we'll be discussing the role of the so-called 'low-level container runtimes', like lxc, runc, crun etc..

Another interesting observation that can be made from the Containerization technologies listed above (ie Solaris Zones, Virtuozzo’s OpenVZ, FreeBSD jails and LXD/LXC containers) is that they are all designed primarily as a way to containerize a complete OS rather than just a single app, which means that they are all system containers.

Next post will be about the transition to the 'application containers' with the release of Docker as an open-source project in 2013.

2- From System Containers to Application Containers
VirMach's Buffalo_VPS-9 Holder (Dec. 20 - July 21)
microLXC's Container Holder (july 20 - ?)
VirMach's Phoenix_VPS-9 Holder (Apr. 20 - June 20)
NanoKVM's NAT-VPS Holder (jan. 20 - ?)


Messages In This Thread
Container-based Virtualization: The Big Picture - by fChk - 07-08-2021, 02:34 PM


person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting