TIL, 2023-07-12
Complete Intro to Containers
- Bare metal -> Virtual machines (I can have machines inside my machines). They have individual operating systems, and are running on bare metal themselves. They are in a guest OS.
- Public cloud - having to manage the servers yourselves.
- Containers - gives the security and resource-management features of VMs but without the cost of having a whole other operating system.
-
chroot
- Set the root directory of a new process. In the container’s case, it will be wherever the new container’s new root directory should be. - Namespace - Even if you chroot environments and limit them, people sharing the server can still see all the processes going on in the computer. Namespaces allow you to hide processes from other processes.
-
unshare
- creates a new isolated namespace from its parent and all other future tenants. cgroups
- Normally, every isolated environment has access to all the physical resources on the server. There’s no isolation of physical components from these environments.- After the commands, now you can say that this is a “container”.
Getting Set Up with Docker
- Makes creating, updating, packaging, distributing, and running containers more easier.
- Docker daemon - runs in the background all the time, so we can download, run, and build containers.
-
Docker Hub - public registry of pre-made containers.
- Docker images without Docker: It’s about creating a new environment that’s isolated by namespace and limited by cgroups and chroot you in it.
$ docker run --interactive --tty alpine:3.10 # or, to be shorter: docker run -it alpine:3.10
-