Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Arrow up icon
GO TO TOP
Learn OpenShift

You're reading from   Learn OpenShift Deploy, build, manage, and migrate applications with OpenShift Origin 3.9

Arrow left icon
Product type Paperback
Published in Jul 2018
Publisher Packt
ISBN-13 9781788992329
Length 504 pages
Edition 1st Edition
Languages
Arrow right icon
Authors (3):
Arrow left icon
Denis Zuev Denis Zuev
Author Profile Icon Denis Zuev
Denis Zuev
Aleksey Usov Aleksey Usov
Author Profile Icon Aleksey Usov
Aleksey Usov
Artemii Kropachev Artemii Kropachev
Author Profile Icon Artemii Kropachev
Artemii Kropachev
Arrow right icon
View More author details
Toc

Table of Contents (24) Chapters Close

Preface 1. Containers and Docker Overview FREE CHAPTER 2. Kubernetes Overview 3. CRI-O Overview 4. OpenShift Overview 5. Building an OpenShift Lab 6. OpenShift Installation 7. Managing Persistent Storage 8. Core OpenShift Concepts 9. Advanced OpenShift Concepts 10. Security in OpenShift 11. Managing OpenShift Networking 12. Deploying Simple Applications in OpenShift 13. Deploying Multi-Tier Applications Using Templates 14. Building Application Images from Dockerfile 15. Building PHP Applications from Source Code 16. Building a Multi-Tier Application from Source Code 17. CI/CD Pipelines in OpenShift 18. OpenShift HA Architecture Overview 19. OpenShift HA Design for Single and Multiple DCs 20. Network Design for OpenShift HA 21. What is New in OpenShift 3.9? 22. Assessments 23. Other Books You May Enjoy

Docker container architecture

Docker is one of the most popular application containerization technologies these days. So why do we want to use Docker if there are other container options available? Because collaboration and contribution are key in the era of open source, and Docker has made many different things that other technologies have not been able to in this area.

For example, Docker partnered with other container developers such as Red Hat, Google, and Canonical to jointly work on its components. Docker also contributed it's software container format and runtime to the Linux Foundation's open container project. Docker has made containers very easy to learn about and use.

Docker architecture

As we mentioned already, Docker is the most popular container platform. It allows for creating, sharing, and running applications inside Docker containers. Docker separates running applications from the infrastructure. It allows you to speed up the application delivery process drastically. Docker also brings application development to an absolutely new level. In the diagram that follows, you can see a high-level overview of the Docker architecture:

Docker architecture

Docker uses a client-server type of architecture:

  • Docker server: This is a service running as a daemon in an operating system. This service is responsible for downloading, building, and running containers.
  • Docker client: The CLI tool is responsible for communicating with Docker servers using the REST API.

Docker's main components

Docker uses three main components:

  • Docker containers: Isolated user-space environments running the same or different applications and sharing the same host OS. Containers are created from Docker images.
  • Docker images: Docker templates that include application libraries and applications. Images are used to create containers and you can bring up containers immediately. You can create and update your own custom images as well as download build images from Docker's public registry.
  • Docker registries: This is a images store. Docker registries can be public or private, meaning that you can work with images available over the internet or create your own registry for internal purposes. One popular public Docker registry is Docker Hub, discussed later in this chapter.

Linux containers

As mentioned in the previous section, Docker containers are secured and isolated from each other. In Linux, Docker containers use several standard features of the Linux kernel. This includes:

  • Linux namespaces: It is a feature of Linux kernel to isolate resources from each other. This allows one set of Linux processes to see one group of resources while allowing another set of Linux processes to see a different group of resources. There are several kinds of namespaces in Linux: Mount (mnt), Process ID (PID), Network (net), User ID (user), Control group (cgroup), and Interprocess Communication (IPC). The kernel can place specific system resources that are normally visible to all processes into a namespace. Inside a namespace, a process can see resources associated with other processes in the same namespace. You can associate a process or a group of processes with their own namespace or, if using network namespaces, you can even move a network interface to a network namespace. For example, two processes in two different mounted namespaces may have different views of what the mounted root file system is. Each container can be associated with a specific set of namespaces, and these namespaces are used inside these containers only.
  • Control groups (cgroups): These provide an effective mechanism for resource limitation. With cgroups, you can control and manage system resources per Linux process, increasing overall resource utilization efficiency. Cgroups allow Docker to control resource utilization per container.
  • SELinux: Security Enhanced Linux (SELinux) is mandatory access control (MAC) used for granular system access, initially developed by the National Security Agency (NSA). It is an additional security layer for Debian and RHEL-based distributions like Red Hat Enterprise Linux, CentOS, and Fedora. Docker uses SELinux for two main reasons: host protection and to isolate containers from each other. Container processes run with limited access to the system resources using special SELinux rules.

The beauty of Docker is that it leverages the aforementioned low-level kernel technologies, but hides all complexity by providing an easy way to manage your containers.

You have been reading a chapter from
Learn OpenShift
Published in: Jul 2018
Publisher: Packt
ISBN-13: 9781788992329
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image