26 April,2021 by Rambler
There is no question Containers have massive potential for database servers. (Also tons of debate about suitability). These are some building blocks - which I'll continue to append
Container versus operating system differences
-library dependencies added into the Container . Containers are segregated.
-Containers can be updated independently of each other
-lightweight versions of an OS
-a container is a set of one or more processes that are isolated from the rest of the system aka lightweight VM
-they isolate the various components such as network & other libraries
-Containers run from an image , we copy the image & then deploy.The Open Container Initiative .If the image is built using the this initiative then they can start up on different platforms
Benefits
-Minimal hardware footprint through use of namespaces & cgroups
-Environment isolation - Container libraries are self contained - the container runs while other containers are updated
-Rapid deployment - don't require a full OS restart
-Reusability - the same db server can be reused , without having to deploy separate OS
It is technically possible to have an a web server & db server into one Container , but not a recommended pattern. More efficient to separate into separate containers
Not all apps suited to Containers - e.g access to hardware
Containers are processes from the OS perspective
An image is a file system bundle that containers all dependencies required to execute the process
The image is the foundation , Running containers use an immutable view of the image allowing multiple containers to use the image
Kubernetes - managing orchestration of containers. Smallest unit manageable in Kubernertes is a pod
-Service discovery & load balancing
-Horizontal Scaling
-Self healing
-Automated rollout
-Secrets & configuration management
Container Networking Interface aiming to standardise the network interface for containers in cloud network interface.
Each host creates a software-defined network.
Mapping Network Ports - One of the building blocks is using the network port mappings. There are a number of problems to solve with Containers & ports
1)When a container is destroyed the container's address is released back to the address pool
2) The container software-defined network is only accessible from the container host
Port forwarding rules seek to address these problems - Use the -p [<IP address>:][<host port>:]<container port> option with
the podman run command to create an externally accessible container. This allows you to create automation rules about assigning port forwarding and keeping consistency for inbound connections
Public Registries - Image registries are services offering container images to download. Registries allow image creators to distribute container images to users - public\private.For example - Red Hat hosts a Container catalog offering a public image registry.
Another example is Quay.io - which is a public image repository - this image repository is sponsored by Red Hat.
Public and private are basically similar - differentiated by firewalls , access lists & privileges on the registry. Podman by default will search the list of registries configured. Trust is another factor to consider when configuring registries. Vulnerability testing to assess attack vectors . Bottom line - due diligence should be mandatory
On Podman use /etc/containers/registries.conf to look at the Registry details
Images - Although images can be created from commiting changes in a Container , Dockerfiles is another method of image management. Good practices include using a high-quality parent image - as an org you may want to add specifics or trim the images for production purposes. For example - a source of parent images is the Red Hat Container Catalog. There are also trusted sources - but due diligence should be maintained
Container orchestration - Looking beyond Containers - the question turns to managing Containers in an ecosystem. Here is a list of commercial Kubernetes platforms. These are very complex platforms - and require in depth study to master and manage critical Production platforms
CoreOS Tectonic/Red Hat CoreOS.
Canonical Distribution of Kubernetes.
Docker Community Edition / Docker Enterprise.
Heptio Kubernetes Subscription.
Kontena Pharos.
Pivotal Container Service (PKS)
Rancher 2.0.
Red Hat OpenShift.
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |