Learn about Containers

26 April,2021 by Jack Vamvas

There is no question Containers have massive potential for database servers. (Also tons of debate about suitability). These are some building blocks - which I'll continue to append 

Container versus operating system differences 

-library dependencies added into the Container . Containers are segregated.

-Containers can be updated independently of each other 

-lightweight versions of an OS

-a container is a set of one or more processes that are isolated from the rest of the system aka lightweight VM

-they isolate the various components such as network & other libraries

-Containers run from an image , we copy the image & then deploy.The Open Container Initiative .If the image is built using the this initiative then they can start up on different platforms

Benefits

-Minimal hardware footprint through use of namespaces & cgroups

-Environment isolation - Container libraries are self contained - the container runs while other containers are updated

-Rapid deployment - don't require a full OS restart 

-Reusability  - the same db server can be reused , without having to deploy separate OS

 

It is technically possible to have an a web server & db server into one Container , but not a recommended pattern. More efficient to separate into separate containers

Not all apps suited to Containers - e.g access to hardware 

Containers are processes from the OS perspective

An image is a file system bundle that containers all dependencies required to execute the process

The image is the foundation , Running containers use an immutable view of the image allowing multiple containers to use the image

 

Kubernetes - managing orchestration of containers. Smallest unit manageable in Kubernertes is a pod

-Service discovery & load balancing 

-Horizontal Scaling 

-Self healing 

-Automated rollout 

-Secrets & configuration management 

 

Container Networking Interface aiming to standardise the network interface for containers in cloud network interface. 

Each host creates a software-defined network.

Mapping Network Ports - One of the building blocks is using the network port mappings. There are a number of problems to solve with Containers & ports

1)When a container is destroyed the container's address is released back to the address pool

2) The container software-defined network is only accessible from the container host

Port forwarding rules seek to address these problems - Use the -p [<IP address>:][<host port>:]<container port> option with
the podman run command to create an externally accessible container.  This allows you to create automation rules about assigning port forwarding and keeping consistency for inbound connections

Public Registries -  Image registries are services offering container images to download. Registries allow image creators to distribute container images to users - public\private.For example - Red Hat hosts a Container catalog offering a public image registry. 

Another example is Quay.io - which is a public image repository - this image repository  is sponsored by Red Hat.

Public and private are basically similar - differentiated by firewalls , access lists & privileges on the registry. Podman by default will search the list of registries configured. Trust is another factor to consider when configuring registries. Vulnerability testing to assess attack vectors . Bottom line - due diligence should be mandatory

On Podman use /etc/containers/registries.conf to look at the Registry details

Images - Although images can be created from commiting changes in a Container , Dockerfiles is another method of image management. Good practices include using a high-quality parent image - as an org you may want to add specifics or trim the images for production purposes. For example - a source of parent images is the Red Hat Container Catalog. There are also trusted sources - but due diligence should be maintained

Container orchestration - Looking beyond Containers - the question turns to managing Containers in an ecosystem. Here is a list of commercial Kubernetes platforms. These are very complex platforms - and require in depth study to master and manage critical Production platforms 

CoreOS Tectonic/Red Hat CoreOS.
Canonical Distribution of Kubernetes.
Docker Community Edition / Docker Enterprise.
Heptio Kubernetes Subscription.
Kontena Pharos.
Pivotal Container Service (PKS)
Rancher 2.0.
Red Hat OpenShift.

 


Author: Jack Vamvas (http://www.dba-ninja.com)


Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on Learn about Containers


dba-ninja.com