Can Containers Really Ship Software?

Container history, how containers work, why software should be run on containers

May be by copying to a disk? If you are thinking why in this world we need containers to ship software when the internet is out there, this is not about containers that ship goods, rather this is about Linux containers which provides an operating system level virtualization technology for creating an isolated environment similar to virtual machines for running software applications.

A brief history on containers

The container concept started way back in 1979 with the inception of chroot on Version 7 Unix (thanks to Sanjiva for pointing this out). Later technologies like FreeBSB Jails, Linux vServer, Solaris Containers/Zones & OpenVZ were emerged. In year 2006 Google introduced the Process Container concept for aggregating a set of processes together and sharing resources among them. Later this was renamed to cgroups and merged in to the Linux kernel (version 2.6.24). In year 2008 LXC was introduced, it uses cgroups and namespace features for providing the container isolation. After few years time in around year 2013 Google started an open source project called LMCTFY (Let Me Contain That For You) for implementing a container manger. During the same period a company called dotCloud started researching on the same topic and introduced Docker. With the inception of Docker and libcontainer project Google put the LMCTFY project on hold and contributed its concepts and abstractions to libcontainer.

Later in year 2013 the container concept became very popular with the innovative ecosystem built by Docker. LXC was out there for sometime and was used by many large organizations but did not take much traction as Docker may be due to the low level APIs provided and the complexity of using it. After sometime a company called CoreOS initiated a separate container technology called Rocket, which they say they want the containers to be composable, have production grade security, image distribution needs to be federated and finally the image format & runtime needs to be open. At the time of writing Docker and Rocket are the most popular container technologies.

How does containers work?

Linux Container Brief for IEEE WG P2302

In general, containers make use of Linux kernel namespaces (ipc, uts, mount, pid, network and user), cgroups, Apparmor & SELinux profiles, Seccomp policies, chroots for providing an abstraction layer on top of an existing kernel instance for creating isolated environments similar to virtual machines. The main difference between virtual machines and containers is that, virtual machines need to run a guest operating system and containers don’t. As a result containers consume less resources and starts up in no time (in milliseconds).

Can traditional software be run on containers?

The simplest answer is yes. Anything that can be run on a virtual machine can be run on a container. Containers provide almost all the features provided by virtual machines such as dedicated IP addresses, volume mounting, resource management (CPU, memory, disk), SSH (containers provide SSH differently and its called exec), OS images, container images, etc. However unlike virtual machines, containers do not provide an init system, they are designed to run a single process inside a container. What if multiple processes are needed for running a single unit of a system? For an example a log publisher process might be needed for publishing logs of a server to a central location. If so containers can be grouped together and let them share the kernel namespaces such as disk, processes, users.

Nevertheless to take the best out of the container world, software needs to be designed in a way to be able to start extremely fast, be more light weight, operate as a composition of individual units or rather be adhere to Microservices Architecture (MSA). Otherwise the end solution would only gain very few advantages.

Are there any container optimized operating systems available?

Image source: CoreOS

Yes, CoreOS is a smaller, minimal Linux operating system distribution optimized for containers. Traditional Linux distributions may contain unwanted software packages and they may increase the attack surface. They may also increase the size of the OS image.

CoreOS has built a fresh Linux distribution by optimizing system packages needed. It also provides container runtimes, regular automatic OS updates, networking configurations and integrates with etcd (a distributed key/value store).

Can Microsoft Windows based software be also run on containers?

Image source: MSDN, Microsoft

As of year 2016 yes, Microsoft very recently did a project on implementing container support for their Windows Server operating system and now it is available for preview. It allows Windows users to run Windows based containers by sharing Windows kernel similar to Linux containers. In parallel to this effort Docker implemented support for Windows containers, as a result Docker can now run on Windows with native Windows container support.

Why should I run my software on containers?

  • Mainly because of the less resource usage (meaning less cost): Say that a software needs ten virtual machines to run. If so it would need to allocate resources to run ten operating system instances (each virtual machine would run an operating system instance). The same software can be run on ten containers with may be four container hosts, which would only need to run four operating system instances.
  • Less startup time: Containers start in milliseconds compared to ten to twenty seconds taken by virtual machines, purely because of the operating system boot up time.
  • Layered container images: Compared to virtual machine images, container images are created using multiple layers. As a result image creation process and the bandwidth needed to transfer images are optimized.
  • Container image repositories: Container images can be host in container image repositories. Docker provides a public image repository called Docker Hub and CoreOS provides one called Quay. Any organization can have their own private container repositories.
  • A large container ecosystem: Currently there is a considerably large ecosystem being developed around containers and most widely used operating systems and software can be run on containers with few clicks/commands.
  • Aligns well with Microservices architecture: Microservices is a software architecture pattern which allows software to be deployed as a composition of individual deployable units. As a result each software unit can be managed and scaled separately depending on the required demand.