The container technology is one among a number of different OS-level virtualization technologies and is not a new virtualization concept. Problems of container cluster management and automatic service orchestration have been solved in recent years as the container orchestration platform has become more mature, facilitating the wide-spread use of container technology.
Containers share OS kernels of a host and provide an isolated running environment through the host OS. Each container contains the independent file system namespace (MNT NS), host and domain namespace (UTS NS), inter-process communication namespace (IPC NS), process namespace (PID NS), network protocol stack namespace (NET NS), and user namespace (USER NS).
The following figure describes container composition.
Containers consume fewer resources of the hypervisor and guest OS than VMs do and deliver improved resource utilization (as shown in the following figure). Given the same hardware specifications, a greater number of container instances can be run than VMs.
Container images contain only the binaries or libraries (bins or libs) required for running applications. The size of a container image can be as small as only a few MB. VM images contain the binaries or libraries (bins or libs) required for running applications and the guest OS kernel. The size of tailored VM images is often hundreds of MB. Container images depend on the Linux kernel, and VM images are closely related to a hypervisor. Different hypervisors have different formats. To run a VM, you need to load the guest OS and then load applications in the guest OS. In addition, you need to switch the CPU from the root mode of the host OS to the non-root mode of the guest OS. The loading process is slow. To load a container application, you only need to load the binaries or libraries (bins or libs) required for running the container and application. There is no need to load the guest OS or switch the CPU mode. Therefore, containers have better portability, faster startup speed, and higher virtualization ratio. The following figure describes comparison between containers and VMs.
The following table lists the main differences between container and VM technologies.
|Portability of images||Platform-agnostic||Platform-specific|
|Startup speed||Seconds or milliseconds||Several seconds or minutes|
|Running performance compared with bare metal (BM)||The loss is less than 2%.||The loss is about 15%.|
|Image size||Minimum: several MB||Hundreds of MB to several GB|
|Density||Single node: 100-1000||Single node: 10-100|
Docker is an LXC-based advanced container engine developed by PaaS provider dotCloud. The source codes are hosted on Github, are based on the Go language, and comply with the Apache2.0 protocol.
Docker has been very popular since 2013. The codes are active on Github, Red Hat provides good support for Docker in RHEL6.5, and Google's Compute Engine also supports Docker. Docker has become the current container technology standard.
As shown in the following figure, container technology is developed in two phases: standalone mode and cluster mode.
- In standalone mode, multiple OS virtualization or isolation technologies, such as chroot, FreeBSD jail, and Control Group, are used. Containers are used only as lightweight VMs to solve the problem of process-level resource isolation during application running.
- In cluster mode, multiple container cluster management systems are introduced to provide unified computing, storage, and network orchestration capabilities for large-scale container deployment.
The following figure describes two phases of container technology development.
Because containers are more flexible and efficient than VMs, software applications are gradually migrated from VMs to containers. Single containers are prone to single points of failure; however, container cluster technology solves this issue and accelerates the migration of applications to containers. In terms of container technology development, the major orchestration platforms include Docker's Swarm, Apache's Mesos (initially developed by AMPLab of the University of California, Berkeley), and Google's Kubernetes. Kubernetes (K8S) has become the standard of container management platforms, as shown in the following figure.
Kubernetes is an open source version of Borg, Google's internal container-oriented cluster-management system. Borg is a well-known large-scale cluster management system of Google. It is based on container technology and aims to achieve automatic resource management and maximize resource utilization across multiple data centers. For more than a decade, Google has been managing a large number of application clusters through the Borg system. Until April 2015, the rumored Borg paper was released by Google for the first time with Kubernetes's high-profile publicity. Based on experiences and lessons learned in Borg over the past decade, Kubernetes becomes predominate in the container technology field after being open source.
Kubernetes cluster management technology has been verified by Google for more than 10 years. It has high maturity and supports hybrid deployment of BMs and VMs. It is applicable to various application scenarios and can be used to solve enterprises' problems in IT construction in a quick, simple, and lightweight manner. It assists in cluster-oriented development. According to a recent survey by CNCF, more than 75% respondents have applied Kubernetes to the actual production environment. At present, many large global institutions are using Kubernetes to engage in production activities on a large scale.