Using Containers in Production
The course is part of these learning paths
This course is for anyone with a basic understanding of what containers are, and even why you'd want to use them, but who doesn't understand the nitty-gritty of how they work yet. You should have a basic technical literacy, as well as an understanding of cloud app architecture. In this course, you'll learn about the major concepts around containers. You'll learn about different container systems, learn all about orchestration, get a better understanding of how and why to build and run 12-factor apps on containers, container security issues, and you'll even get a quick look at how to get a microservices app up-and-running on your computer in about two minutes with Docker compose.
- Understand the options for running containers
- Understand the common security concerns
- Know why orchestration is important
- Understand what types of applications should be containerized
- Understand how logging and monitoring works with containers
- Project Manager
- Business Manager
A good prerequisite for this course is to take the Introduction to Containers course.
This Course Includes
- 47 minutes of high-definition video
- Console demonstrations
What You'll Learn
- Course Intro: What to expect from this course
- Microservices: Designing Microservices and 12-factor apps.
- Running a Microserve App on Compose: Demo of using Compose.
- Container Orchestration: What is orchestration and how does it work?
- Container Security: Best practices to make containers more secure.
- Container Logging and Monitoring: An overview of tools commonly used for monitoring.
- Container Systems and OSs: Different Linux Containers: LXC, Docker, rkt, OCI, and an overview of Windows Containers.
- Wrap-Up: Course summary
Most of the containers we've been talking about so far are Linux containers, run using the Docker container engine. However, there are different engines for Linux containers, as well as containers that work with other operating systems. Here, we'll discuss these in brief, as well as discuss why Docker is the top choice for most people.
Docker is built on top of Linux containers, which are built directly into the Linux kernel. The kernel itself implements the ability to sandbox parts of the OS to be run as a container, but then Docker has built a bunch of functionality on top of that. Technically, Docker doesn't actually use Linux containers, but rather uses the tools built into the kernel for Linux containers such as cgroups and namespaces, and then rewraps them with its own interface. Without Docker, defining images would be a lot harder than writing a Docker file, and building them would be a lot harder than running Docker build and so on.
There are other Linux container systems other than Docker. For instance, the version of containers built into Linux itself is often called LXC. LXC containers are a lot harder to work with than Docker containers, and unlike Docker containers, aren't built with stateless, single process applications in mind. Rocket, or rkt, is another system which, like Docker, is built on top of the Linux container tools.
Rocket is managed by a company called CoreOS and focuses specifically on secure, cloud-based containers. In addition, there's the Open Container Initiative, a joint venture between Docker, CoreOS, Linux and other container industry companies and groups. The OCI defines standards for what containers should look like, so that the workflow between systems like Docker and Rocket will be the same. Docker and Rocket containers won't necessarily work on each other's systems, but they use generally the same paradigm for building, sharing and more, because of the OCI. The OCI also maintains its own runtime environment, runC, which is lightweight, and as they say, unopinionated. runC can be used in concert with Docker or OCI container systems.
Other, non Linux operating systems also implement containers. BSD is another free, open source OS that implements what it calls jails. Jails are like a combination of virtual machines and containers. They run at a deep system level, like containers, but they use virtualization in order to separate the parts so that they're more secure. However, BSD is much less commonly used than Linux, so you'll rarely see these in commercial environments. I also wanted to mention macOS here.
While macOS is built on top of a BSD kernel, called Darwin, macOS does not support jails or containers. Sure, you can run containers on macOS, but you can't run macOS inside a container. It's not something that Apple supports, and since macOS is mainly a consumer, and not server, operating system, it's not something the market is demanding either. On the other hand, there are Windows containers.
Windows containers come in two types. Windows Server Containers work just like Linux containers. They share a kernel with the host Windows Server through otherwise separate processes. Then you have Hyper-V containers, which are further isolated from the host Windows machine through a highly optimized virtual machine, which, as we mentioned, in the security lesson, leads to a more secure, but slightly less performative system.
Docker allows you to define, build, manage and run Windows containers, just like it does Linux containers. This means that you don't have to learn a new workflow to work with Windows containers if you already use Docker. Windows containers only run on machines running Windows 10 Professional, Windows 10 Enterprise or Windows Server 2016. Even on Windows 10, the OS your container will be running will be Windows Server. You can't run Windows 10 in a container. In addition, the only orchestration software that currently works with Windows containers is Docker Swarm. Although, as of the publishing of this course, both Kubernetes and Mesos are working on these features.
Adrian M Ryan is an educator and product manager. He was an early employee at General Assembly, has co-founded an education startup and a consultancy, and he loves teaching. He grew up in rural Alaska, and while he now lives in New York City he makes sure to find time to get out in the woods hiking whenever possible.