All About Containers Why Docker and Kubernates?
Hello All, Greetings for the day !!
Docker is a program written in Go language which is used to perform OS-level virtualization, also known as “containerization”. Docker is used to running software packages called containers.
In today’s world where the cost of a server is quite high and to minimize the cost of an extra server, technology had moved towards docker/container.
For high availability and scalability, Organizations are looking to run their micro services on the separate environment. Hence it requires more server for services/application which leads to extra cost in terms of Infra.
Below are the types of servers widely used in Data Centres.
1:- Physical Servers — These servers are placed in Data Centers and Operating System is installed on these servers, post-installation your application is configured and then this can be accessed by end-users. These servers can be of IBM, Dell, HP or of any other vendor.
2:- Virtual Server / Machine — These types of servers are created on the top of the Physical Server. Post OS installation one hypervisor is installed on the top of OS and then this hypervisor provides you all features which are required to create VMs (Virtual Machines). Mostly VMWARE and KVM or XEN are used for virtualization.
3:- Containers- Beauty of containers is, these can be installed on both Physical & Virtual Machines. What all you need is a Container Engine to be installed and running on the server and you are good to go for Containerization. You can use Docker or Kubernates for running your Containers.
Now I must tell you that there is segregation on the basis of Network Zones as well. There are three types of networks:
1:-PROD ZONE:- All Servers/services which do not need to interact with internet runs here. All servers can communicate with one another in this zone. If it is required to have communication open with other zones, that can be allowed with the permission of your organization’s security team. You must consult with the security team before opening ports between different zone. These port must be scanned and monitored all times post enabling connection. You can run your application and DB servers here.
You must ensure that all port and services should not be vulnerable which are communicating.
2:- DMZ ZONE (Demilitarized Zone):- All Servers/Services which need to interact with the internet are kept here. This zone has really high security. Only required ports are opened for public access. Access should be restricted to log in public IP Address, You should always have public and private IP configured on you DMZ zone servers and this should be in practice that you log in to your server using a private IP address. Only service ports should be opened form DMZ to Prod zone. SSH or RDP should be restricted. If someone (Hacker) get access to your DMZ server, the person should not be able to gain access to your prod servers.
3:- T&D ZONE:- As the name says Test and Development, these servers should be used only for T&D use cases. No Prod traffic should be sent to these servers. As most of the developers have access to these servers and keeps on installing new software for testing without any security testing. These can be vulnerable and Hackers can easily gain access to these servers. If you need to have Public IP or Internet access in T&D zone, all servers should no have public IP and servers which are assigned Public IP should be treated as DMZ.
There is one more segregation on the basis of usages of servers inside an organization.
1:- Dev:- Developers use these servers for their product development.
2:- UAT (User Acceptance Test): Once development is completed, the code is deployed on these servers and demonstrated to the Business team as they can check and give their sing-offs for Production deployment.
3:- SIT (System Integration Test): These servers just like production, once the code is deployed on these servers, testing is done here just to ensure the new code should not make any impact in production environment post-deployment.
4: PT ( Penetration Testing): Some organizations which are working with data of users and want to have high-end security, these have this environment just to ensure that code/server should not become vulnerable post-deployment of new code on prod servers.
5-PRODUCTION:- These servers are responsible for managing the traffic of real-time which comes from real/ end customers.
Now as we know that we have several types of serves and environment, so we need multiple environments to perform these kinds of activity. The small organization can hardly manage these environments. Here come Containers in the picture. You can create multiple environments on a single VM or Physical server. This type of requirement can be fulfilled by Container. Containers can be used to create an isolated environment, hence this improved security and provides you the different environment where developers can do their development and new software and new technologies can be tested without impacting other developers to work.
Apart from these Containers provide a lightweight environment and these are quite fast to be provisioned.
Now let’s try to understand What are Docker and Kubernates?
Docker and Kubernates are the computer programs which are written in GO language that performs operating-system-level virtualization, also known as “containerization”. Docker is used for running software packages called “containers”. Docker is a container Engine which is used to spin new container and manage existing container. Using container we can utilize VM resource in the proper manner.
Docker Container engine can work with Linux, Windows, and MacOS. You can easily download images of required software and start using it within minutes.
Now, let’s understand about components of container:-
1:-Namespaces- When the new container is provisioned, docker uses a technology called namespaces to keep workspace isolated for the new containers.
2:- Control Groups:- Cgroups are used to set specific limits of resources for the container. This allows sharing the resource of the same hardware among containers.
3:-Container format:- Libcontainer is the container’s default format. This is a combination of namespaces, cgroups, and UnionFS.
4:- Union file systems:-UFS is a file system that is operated by creating layers and by making them light weighed and fast. A container can use multiple USF. Some examples of UFS are- AUFS, BTRFS, VFS, and DeviceMapper.
5:- Docker Image:- This is a file, which is a combination of multiple layers and this is used to execute code inside a container. One or multiple containers can run using a single image. You can download these images form a Docker Repository.
Thanks!! Hope you had enjoyed reading.
Want to know more about DevOps Tools, click on the link below:-