Introduction to Linux Containers
Published:
Browse All Articles > Introduction to Linux Containers
Linux containers are abbreviated as LXC. They are the forms of lightweight operating system level virtualization for computers that are running Linux. Containers do not provide the virtual machine but provide a virtual environment where the containers share the same operating system as the host.
This is accomplished with some key features:
Concept behind the Implementation of Linux Containers
Containers are considered a better alternative to the traditional hypervisors like ESXi, Xen and so on. The hypervisor is an emulated hardware for the virtual machine and on the top of these virtual machines. Users used to have memory and applications. With the help of a hypervisor, you can have multiple virtual machines on a physical server. It is effectively like virtualizing a system at the hardware level.
If you want to have multiple applications, you actually implement multiple virtual machines, each having their own operating system. Therefore, in case of a hypervisor there is complete isolation but with the overhead of multiple operating systems, and this probably the main reason why Linux containers came into space. The hypervisors are considered bulky in terms of system requirements.
One of the fundamental differences between containers and hypervisors is that hypervisors are based on emulative virtual hardware and containers are based on a shared operating system.
Because containers are built on the general concept of sharing the operating system, whenever users built a container, they actually share the same kernel, and how much of the remaining operating system it shares depends on how the system administrators configure the container.
![hardware.png]()
The hypervisor kernel emulates virtual hardware. One can clearly notice that they run a separate kernel for each instance.
![operating-system-kernel.png]()
The figure above shows containers. They share the same operating system kernel at the bottom.
![operating-system-kernel-1.png]()
Containers are less fastidious to start than the hypervisors because users do not have to worry about any virtual hardware or building up a separate kernel. The kernel is already available with the host system. As you can see, everything displayed in black belongs to the host system so there will not be many complications in building containers.
If we combine containers with other features such as the Btrfs file system, it will be very easy to set up a number of lightweight isolated Linux instances on any single host quickly. This definitely marks as a striking difference between the implementation of hypervisors and containers as there would be a matter of thousand milliseconds when starting a container as compared to hypervisor.
The containers are so tiny with literally no components in them so they are incredibly fast as compared to hypervisors. The lightness of containers makes them more elastic in nature.
Architecture of a Container
Various components are required for the proper functioning of Linux containers. The architecture of a specific Linux container will give you an idea regarding the tools that are essential for the construction and management of a container.
![linux-kernel.png]()
Namespaces
The kernel of the Linux operating system provides isolation through the creation of separate namespaces for containers. The namespaces allow a process or multiple processes to have various views of the system than other processes. It enables the multiple containers to share the same resource concurrently without resorting to any conflicts between them.
There are six different types of Namespaces:
This is a Linux kernel feature that is responsible for limiting and isolating the usage of resources and this includes CPU, disk I/O, network, memory and so on of processes.
Cgroups provide the following features:
Resource Constraints: Groups can be created to put a constraint on the usage of memory.
Establishes Priority: There may be priority when groups are assigned a bigger share of CPU utilization or disk I/O.
Keeps an Account: It figures out the amount of resources that specific systems use.
Puts a Control: It enables to freeze down the processes restarting and check pointing.
SELinux
This represents the short form for security enhanced Linux. It is a Linux kernel feature that allows enhanced secured separation of containers through the application of SELinux policy that give authority to or forbid operations. It can be considered as an access control mechanism by which, if a system administrator puts up some rules in the user space and if the kernel has been compiled with the set of SELinux policies, then those rules will be held fast to the kernel.
Conclusion
Containers offer an environment that you would get from hypervisors but without the overhead that comes with running a separate kernel and simulating all the hardware. The size of the containers makes it easy to transfer them to other operating systems. Practically all the features of container that has been discussed above shows that the containers are more elastic than the hypervisors and because of this, they are considered next generation virtualization for cloud.
This is accomplished with some key features:
- Chroot
- Namespaces
- Cgroups
Concept behind the Implementation of Linux Containers
Containers are considered a better alternative to the traditional hypervisors like ESXi, Xen and so on. The hypervisor is an emulated hardware for the virtual machine and on the top of these virtual machines. Users used to have memory and applications. With the help of a hypervisor, you can have multiple virtual machines on a physical server. It is effectively like virtualizing a system at the hardware level.
If you want to have multiple applications, you actually implement multiple virtual machines, each having their own operating system. Therefore, in case of a hypervisor there is complete isolation but with the overhead of multiple operating systems, and this probably the main reason why Linux containers came into space. The hypervisors are considered bulky in terms of system requirements.
One of the fundamental differences between containers and hypervisors is that hypervisors are based on emulative virtual hardware and containers are based on a shared operating system.
Because containers are built on the general concept of sharing the operating system, whenever users built a container, they actually share the same kernel, and how much of the remaining operating system it shares depends on how the system administrators configure the container.
The hypervisor kernel emulates virtual hardware. One can clearly notice that they run a separate kernel for each instance.
The figure above shows containers. They share the same operating system kernel at the bottom.
Containers are less fastidious to start than the hypervisors because users do not have to worry about any virtual hardware or building up a separate kernel. The kernel is already available with the host system. As you can see, everything displayed in black belongs to the host system so there will not be many complications in building containers.
If we combine containers with other features such as the Btrfs file system, it will be very easy to set up a number of lightweight isolated Linux instances on any single host quickly. This definitely marks as a striking difference between the implementation of hypervisors and containers as there would be a matter of thousand milliseconds when starting a container as compared to hypervisor.
The containers are so tiny with literally no components in them so they are incredibly fast as compared to hypervisors. The lightness of containers makes them more elastic in nature.
Architecture of a Container
Various components are required for the proper functioning of Linux containers. The architecture of a specific Linux container will give you an idea regarding the tools that are essential for the construction and management of a container.
Namespaces
The kernel of the Linux operating system provides isolation through the creation of separate namespaces for containers. The namespaces allow a process or multiple processes to have various views of the system than other processes. It enables the multiple containers to share the same resource concurrently without resorting to any conflicts between them.
There are six different types of Namespaces:
- Mount
- PID
- Net
- IPC
- UTS
- User
This is a Linux kernel feature that is responsible for limiting and isolating the usage of resources and this includes CPU, disk I/O, network, memory and so on of processes.
Cgroups provide the following features:
Resource Constraints: Groups can be created to put a constraint on the usage of memory.
Establishes Priority: There may be priority when groups are assigned a bigger share of CPU utilization or disk I/O.
Keeps an Account: It figures out the amount of resources that specific systems use.
Puts a Control: It enables to freeze down the processes restarting and check pointing.
SELinux
This represents the short form for security enhanced Linux. It is a Linux kernel feature that allows enhanced secured separation of containers through the application of SELinux policy that give authority to or forbid operations. It can be considered as an access control mechanism by which, if a system administrator puts up some rules in the user space and if the kernel has been compiled with the set of SELinux policies, then those rules will be held fast to the kernel.
Conclusion
Containers offer an environment that you would get from hypervisors but without the overhead that comes with running a separate kernel and simulating all the hardware. The size of the containers makes it easy to transfer them to other operating systems. Practically all the features of container that has been discussed above shows that the containers are more elastic than the hypervisors and because of this, they are considered next generation virtualization for cloud.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (3)
Author
Commented:Thanks a ton.
Regards
Commented:
Commented: