34,333
edits
Changes
Created page with "{{#pagetitle: An Introduction to Linux Containers on RHEL 8}} <table border="0" cellspacing="0" width="100%"><tr> <td width="20%">Managing KVM on RHEL using the virsh Comman..."
{{#pagetitle: An Introduction to Linux Containers on RHEL 8}}
<table border="0" cellspacing="0" width="100%"><tr>
<td width="20%">[[Managing KVM on RHEL using the virsh Command-Line Tool|Previous]]<td align="center">[[Red Hat Enterprise Linux Essentials|Table of Contents]]<td width="20%" align="right">[[A RHEL Container Tutorial using Podman and Skopeo|Next]]</td>
<tr>
<td width="20%">Managing KVM on RHEL 8 using the virsh Command-Line Tool<td align="center"><td width="20%" align="right">A RHEL 8 Container Tutorial using Podman and Skopeo</td>
</table>
<hr>
<htmlet>rhel8</htmlet>
The preceding chapters covered the concept of virtualization with a particular emphasis on creating and managing virtual machines using KVM. This chapter will introduce a related technology in the form of Linux Containers. While there are some similarities between virtual machines and containers, there are also some key differences that will be outlined in this chapter along with an introduction to the concepts and advantages of Linux Containers. The chapter will also provide an overview of some of the RHEL 8 container management tools. Once the basics of containers have been covered in this chapter, the next chapter will work through some practical examples of creating and running containers on RHEL 8.
== Linux Containers and Kernel Sharing ==
In simple terms, Linux containers can be thought of as a lightweight alternative to virtualization. In a virtualized environment, a virtual machine is created that contains and runs the entire guest operating system. The virtual machine, in turn, runs on top of an environment such as a hypervisor that manages access to the physical resources of the host system.
Containers work by using a concept referred to as ''kernel sharing'' which takes advantage of the architectural design of Linux and UNIX-based operating systems.
In order to understand how kernel sharing and containers work it helps to first understand the two main components of Linux or UNIX operating systems. At the core of the operating system is the kernel. The kernel, in simple terms, handles all the interactions between the operating system and the physical hardware. The second key component is the root file system which contains all the libraries, files and utilities necessary for the operating system to function. Taking advantage of this structure, containers each have their own root file system but share the kernel of the host operating system. This structure is illustrated in the architectural diagram in Figure 25-1 below.
This type of resource sharing is made possible by the ability of the kernel to dynamically change the current root file system (a concept known as Podman as the default in RHEL 8.
[[File:linux_container_diagram.png]]
Figure 25-1
== Container Uses and Advantages ==
The main advantage of containers is that they require considerably less resource overhead than virtualization allowing many container instances to be run simultaneously on a single server, and can be started and stopped rapidly and efficiently in response to demand levels. Containers run natively on the host system providing a level of performance that cannot be matched by a virtual machine.
Containers are also extremely portable and can be migrated between systems quickly and easily. When combined with a container management system such as Docker, OpenShift and Kubernetes, it is possible to deploy and manage containers on a vast scale spanning multiple servers and cloud platforms, potentially running thousands of containers.
Containers are frequently used to create lightweight execution environments for applications. In this scenario, each container provides an isolated environment containing the application together with all of the runtime and supporting files required by that application to run. The container can then be deployed to any other compatible host system that supports container execution and run without any concerns that the target system may not have the necessary runtime configuration for the application - all of the application’s dependencies are already in the container.
Containers are also useful when bridging the gap between development and production environments. By performing development and QA work in containers, those containers can then be passed to production and launched safe in the knowledge that the applications are running in the same container environments in which they were developed and tested.
Containers also promote a modular approach to deploying large and complex solutions. Instead of developing applications as single monolithic entities, containers can be used to design applications as groups of interacting modules, each running in a separate container.
One possible drawback of containers is the fact that the guest operating systems must be compatible with the version of the kernel which is being shared. It is not, for example, possible to run Microsoft Windows in a container on a Linux system. Nor is it possible for a Linux guest system designed for the 2.6 version of the kernel to share a 2.4 version kernel. These requirements are not, however, what containers were designed for. Rather than being seen as limitations, therefore, these restrictions should be viewed as some of the key advantages of containers in terms of providing a simple, scalable and reliable deployment platform.
== RHEL 8 Container Tools ==
RHEL 8 provides a number of tools for creating, inspecting and managing containers. The main tools are as follows:
* '''buildah''' – A command-line tool for building container images.
* '''podman''' – A command-line based container runtime and management tool. Performs tasks such as downloading container images from remote registries and inspecting, starting and stopping images.
* '''skopeo''' – A command-line utility used to convert container images, copy images between registries and inspect images stored in registries without the need to download them.
* '''runc''' – A lightweight container runtime for launching and running containers from the command-line.
* '''OpenShift''' – An enterprise level container application management platform consisting of command-line and web-based tools.
All of the above tools are compliant with the Open Container Initiative (OCI), a set of specifications designed to ensure that containers conform to the same standards between competing tools and platforms.
== Container Catalogs, Repositories and Registries ==
The Red Hat Container Catalog (RHCC) provides a set of pre-built images that have been tested by Red Hat and can be downloaded and used as the basis for your own container images. The RHCC can be accessed at the following URL and allows searches to be performed for specific images:
https://access.redhat.com/containers/
After a search has completed, the catalog will display a list of matching repositories. A repository in this context is a collection of associated images. Figure 25-2, for example, shows a partial list of the container image repositories available for RHEL 8 related containers:
[[File:rhel_8_container_catalog.png]]
Figure 25-2
Selecting a repository from the list will display detailed information about the repository. When reviewing a repository in the catalog, key pieces of information are the repository name and the location of the registry where the repository is stored. Both of these specifications will need to be referenced when the container image is downloaded for use.
In addition to downloading (referred to as “pulling” in container terminology) container images from Red Hat and other third party hosts registries, you can also use registries to store your own images. This can be achieved either by hosting your own registry, or by making use of existing services such as those provided by Amazon AWS, Google Cloud and IBM Cloud to name a few of the many options.
== Container Networking ==
By default, containers are connected to a network using a Container Networking Interface (CNI) bridged network stack. In the bridged configuration, all the containers running on a server belong to the same subnet (10.88.0.0/16 by default) and, as such, are able to communicate with each other. The containers are also connected to the external network by bridging the host system’s network connection. Similarly, the host is able to access the containers via a virtual network interface (usually named cni0) which will have been created as part of the container tool installation.
== Summary ==
Linux Containers offer a lightweight alternative to virtualization and take advantage of the structure of the Linux and Unix operating systems. Linux Containers essentially share the kernel of the host operating system, with each container having its own root file system containing the files, libraries and applications. Containers are highly efficient and scalable and provide an ideal platform for building and deploying modular enterprise level solutions. A number of tools and platforms are available for building, deploying and managing containers including third-party solutions and those provided by Red Hat.
<htmlet>rhel8</htmlet>
<hr>
<table border="0" cellspacing="0" width="100%"><tr>
<td width="20%">[[Managing KVM on RHEL using the virsh Command-Line Tool|Previous]]<td align="center">[[Red Hat Enterprise Linux Essentials|Table of Contents]]<td width="20%" align="right">[[A RHEL Container Tutorial using Podman and Skopeo|Next]]</td>
<tr>
<td width="20%">Managing KVM on RHEL 8 using the virsh Command-Line Tool<td align="center"><td width="20%" align="right">A RHEL 8 Container Tutorial using Podman and Skopeo</td>
</table>
<table border="0" cellspacing="0" width="100%"><tr>
<td width="20%">[[Managing KVM on RHEL using the virsh Command-Line Tool|Previous]]<td align="center">[[Red Hat Enterprise Linux Essentials|Table of Contents]]<td width="20%" align="right">[[A RHEL Container Tutorial using Podman and Skopeo|Next]]</td>
<tr>
<td width="20%">Managing KVM on RHEL 8 using the virsh Command-Line Tool<td align="center"><td width="20%" align="right">A RHEL 8 Container Tutorial using Podman and Skopeo</td>
</table>
<hr>
<htmlet>rhel8</htmlet>
The preceding chapters covered the concept of virtualization with a particular emphasis on creating and managing virtual machines using KVM. This chapter will introduce a related technology in the form of Linux Containers. While there are some similarities between virtual machines and containers, there are also some key differences that will be outlined in this chapter along with an introduction to the concepts and advantages of Linux Containers. The chapter will also provide an overview of some of the RHEL 8 container management tools. Once the basics of containers have been covered in this chapter, the next chapter will work through some practical examples of creating and running containers on RHEL 8.
== Linux Containers and Kernel Sharing ==
In simple terms, Linux containers can be thought of as a lightweight alternative to virtualization. In a virtualized environment, a virtual machine is created that contains and runs the entire guest operating system. The virtual machine, in turn, runs on top of an environment such as a hypervisor that manages access to the physical resources of the host system.
Containers work by using a concept referred to as ''kernel sharing'' which takes advantage of the architectural design of Linux and UNIX-based operating systems.
In order to understand how kernel sharing and containers work it helps to first understand the two main components of Linux or UNIX operating systems. At the core of the operating system is the kernel. The kernel, in simple terms, handles all the interactions between the operating system and the physical hardware. The second key component is the root file system which contains all the libraries, files and utilities necessary for the operating system to function. Taking advantage of this structure, containers each have their own root file system but share the kernel of the host operating system. This structure is illustrated in the architectural diagram in Figure 25-1 below.
This type of resource sharing is made possible by the ability of the kernel to dynamically change the current root file system (a concept known as Podman as the default in RHEL 8.
[[File:linux_container_diagram.png]]
Figure 25-1
== Container Uses and Advantages ==
The main advantage of containers is that they require considerably less resource overhead than virtualization allowing many container instances to be run simultaneously on a single server, and can be started and stopped rapidly and efficiently in response to demand levels. Containers run natively on the host system providing a level of performance that cannot be matched by a virtual machine.
Containers are also extremely portable and can be migrated between systems quickly and easily. When combined with a container management system such as Docker, OpenShift and Kubernetes, it is possible to deploy and manage containers on a vast scale spanning multiple servers and cloud platforms, potentially running thousands of containers.
Containers are frequently used to create lightweight execution environments for applications. In this scenario, each container provides an isolated environment containing the application together with all of the runtime and supporting files required by that application to run. The container can then be deployed to any other compatible host system that supports container execution and run without any concerns that the target system may not have the necessary runtime configuration for the application - all of the application’s dependencies are already in the container.
Containers are also useful when bridging the gap between development and production environments. By performing development and QA work in containers, those containers can then be passed to production and launched safe in the knowledge that the applications are running in the same container environments in which they were developed and tested.
Containers also promote a modular approach to deploying large and complex solutions. Instead of developing applications as single monolithic entities, containers can be used to design applications as groups of interacting modules, each running in a separate container.
One possible drawback of containers is the fact that the guest operating systems must be compatible with the version of the kernel which is being shared. It is not, for example, possible to run Microsoft Windows in a container on a Linux system. Nor is it possible for a Linux guest system designed for the 2.6 version of the kernel to share a 2.4 version kernel. These requirements are not, however, what containers were designed for. Rather than being seen as limitations, therefore, these restrictions should be viewed as some of the key advantages of containers in terms of providing a simple, scalable and reliable deployment platform.
== RHEL 8 Container Tools ==
RHEL 8 provides a number of tools for creating, inspecting and managing containers. The main tools are as follows:
* '''buildah''' – A command-line tool for building container images.
* '''podman''' – A command-line based container runtime and management tool. Performs tasks such as downloading container images from remote registries and inspecting, starting and stopping images.
* '''skopeo''' – A command-line utility used to convert container images, copy images between registries and inspect images stored in registries without the need to download them.
* '''runc''' – A lightweight container runtime for launching and running containers from the command-line.
* '''OpenShift''' – An enterprise level container application management platform consisting of command-line and web-based tools.
All of the above tools are compliant with the Open Container Initiative (OCI), a set of specifications designed to ensure that containers conform to the same standards between competing tools and platforms.
== Container Catalogs, Repositories and Registries ==
The Red Hat Container Catalog (RHCC) provides a set of pre-built images that have been tested by Red Hat and can be downloaded and used as the basis for your own container images. The RHCC can be accessed at the following URL and allows searches to be performed for specific images:
https://access.redhat.com/containers/
After a search has completed, the catalog will display a list of matching repositories. A repository in this context is a collection of associated images. Figure 25-2, for example, shows a partial list of the container image repositories available for RHEL 8 related containers:
[[File:rhel_8_container_catalog.png]]
Figure 25-2
Selecting a repository from the list will display detailed information about the repository. When reviewing a repository in the catalog, key pieces of information are the repository name and the location of the registry where the repository is stored. Both of these specifications will need to be referenced when the container image is downloaded for use.
In addition to downloading (referred to as “pulling” in container terminology) container images from Red Hat and other third party hosts registries, you can also use registries to store your own images. This can be achieved either by hosting your own registry, or by making use of existing services such as those provided by Amazon AWS, Google Cloud and IBM Cloud to name a few of the many options.
== Container Networking ==
By default, containers are connected to a network using a Container Networking Interface (CNI) bridged network stack. In the bridged configuration, all the containers running on a server belong to the same subnet (10.88.0.0/16 by default) and, as such, are able to communicate with each other. The containers are also connected to the external network by bridging the host system’s network connection. Similarly, the host is able to access the containers via a virtual network interface (usually named cni0) which will have been created as part of the container tool installation.
== Summary ==
Linux Containers offer a lightweight alternative to virtualization and take advantage of the structure of the Linux and Unix operating systems. Linux Containers essentially share the kernel of the host operating system, with each container having its own root file system containing the files, libraries and applications. Containers are highly efficient and scalable and provide an ideal platform for building and deploying modular enterprise level solutions. A number of tools and platforms are available for building, deploying and managing containers including third-party solutions and those provided by Red Hat.
<htmlet>rhel8</htmlet>
<hr>
<table border="0" cellspacing="0" width="100%"><tr>
<td width="20%">[[Managing KVM on RHEL using the virsh Command-Line Tool|Previous]]<td align="center">[[Red Hat Enterprise Linux Essentials|Table of Contents]]<td width="20%" align="right">[[A RHEL Container Tutorial using Podman and Skopeo|Next]]</td>
<tr>
<td width="20%">Managing KVM on RHEL 8 using the virsh Command-Line Tool<td align="center"><td width="20%" align="right">A RHEL 8 Container Tutorial using Podman and Skopeo</td>
</table>