Oldie but goldie

The general ingredients of containers and the building blocks of Linux containers in special — cgroups, namespaces and chroot — have been already around for a while, up to 8 years. I recommend the following resources from Justin Weissig’s awesome Sysadmin Casts to gain a deeper understanding:

• Episode #14 — Introduction to Linux Control Groups (Cgroups)
• Episode #24 — Introduction to Containers on Linux using LXC

New kids on the block

The first generation of containers was mainly lacking one thing: usability. There was little or no common way to define, package and distribute the container images.

Docker is probably the best known and most hyped example in the 2nd generation of container technologies, addressing the usability issue. Though it was certainly the first attempt to establish a def-facto standard, others are emerging and should not be under-estimated, especially the appc specification and CoreOS’s reference implementation rkt.

If it looks like a duck …

However, let us not forget about other, related things in this space: YARN containers and JVMs.

In this context, questions as the following typically arise:

• Should I run a JVM inside a container, since it already provides isolation?
• When/where to use cpushare and cpusets?
• What about the security or networking side of things with containers?
• How to orchestrate containers (at scale)?