A Brief Overview of the History of Linux Containers
Linux containers are enjoying something of a Renaissance right now. Across the IT industry, we're hearing about success stories and intriguing applications that underscore how impactful this technology has been. But even though Linux containers have been around for more than 15 years, they still largely exist in the experimental phase.
Originally, they were known as Virtual Private Servers when they were introduced in 2001. In their earliest form, they were a lot like chroot on steroids — an isolated library that copies the essential system libraries and run times. Rather than being a hypervisor, it was running multiple copies of the user land or everything but the kernel.
The term Linux container is not entirely accurate because it's really not a thing at all. It's a series of techniques for running isolated processes. The developer defines what is put into the chroot, creating a locked down environment. That way, when the process runs it's not affected by anything else in the system.
It's a mistake to think of Linux containers as simply lightweight virtual machines. Instead, think of them as an accessible and flexible way to run isolated workloads.
Understanding Cgroups and Processes
A Cgroup is a way to limit the number of resources a process could conceivably consume on a system. That might include CPU time, use time, or disk space — it's up to the developer. But these restrictions are not as limiting or inflexible as they would be with disk quotas.
This proves to be a huge asset to developers who want to run a job on a particular server and study exactly how it will perform. Cgroups allow these developers to verify that a process has all the resources it requires while not overwhelming other processes.
There is some overlap between Cgroups and Linux containers for practical purposes, but a Cgroup is more limited overall. Developers still have access to the same file system and packages installed on the server.
Processes in a container can also be limited, and the advantage of running processes in Linux containers is that they're only exposed to the other processes in the container. It's possible to input user zero and then use the host operating system to translate that to user 10,000. The container user may appear to have root within the containers, but it's actually mapped to a non-root user.
Linux Containers vs. Virtual Machines
A container replicates many of the functions of a virtual machine without requiring the same amount of resources. Since it does not have to spin up a kernel or launch hardware, the startup process is almost instantaneous.
Software maintenance is also simplified. With VMs, it's a huge undertaking to apply a security patch to the operating system running on each one. But with containers, the software footprint is much smaller. In essence, containers make it possible to run a job on a server without depending on the software already installed on that server.
In practice, Linux containers make the onboarding process as easy as possible. All the necessary tools are built into the container, and software requirements become almost irrelevant. The complexity of virtual machines is replaced by something that is simplified and streamlined.
Making the Most of Linux Containers
Linux containers are an exciting opportunity and are capable of transforming your development workflow, but they’re not an instantaneous solution. Without things like continuous development and integration or automated production deploys, Linux containers lose a lot of their value.
In the right hands, however, Linux containers create a number of invaluable opportunities for developers. New tools are being developed constantly to help solve problems, and the container ecosystem makes it possible to leverage the solutions and workarounds of other developers.
To make the most of Linux containers, don’t just move the problem. Think hard about the problem you’re trying to solve and consider whether adding a container will help. Containers can help improve efficiency and solve problems, but they can't fix everything.
It’s an exciting time for Linux containers, and they can revolutionize the IT industry — if utilized properly. Containers alone won’t solve all your problems, but they do make it easier to find solutions. They take the machine out of the equation and let you focus more on the process and results.