What is containerization?

To understand containers, you first need to have a little background on exactly how your operating system runs on your computer.

This is a brief overview of the operating system on a computer, as shown in Figure 1

Figure 1

Most operating systems have what is called a kernel. This kernel is a running software process that handles access between all the programs running on your computer and all the physical hardware connected to your computer.

If you have ever used Node.js and written a file to disk, technically it’s not Node.js talking directly to the physical device, it’s Node.js saying to your kernel: I want to write a file to disk, the kernel then takes that information and eventually processes it on disk. So, the kernel is always kind of an intermediate layer that handles access between these programs and the actual disk.

These programs interact with the kernel through what are called system calls. They are essentially like function calls (to execute function code).

The kernel provides various endpoints to say, hey, if you want to write a file to disk, call this endpoint of this function here, it needs a certain amount of information, and that information is eventually written to disk or memory and so on.

Let us take an imaginary example as shown in Figure (2). Suppose Chrome needs Python v2 to run and Node.js needs Python v3, and we have Python v2 installed on our disk, and it is not allowed to have two identical Python installations at the same time.

Figure 2

How can we solve this problem? One way is to use a feature of the operating system known as Name Spacing. With Name Spacing, we can look at all the different hardware resources that are connected to our computer, and we can segment parts of those resources so that we can create a segment of our hard drive specifically to house Python v2 and another to house Python v3 & so that Chrome has access to the segment that contains Python v2, and also Node.js has access to the segment that contains the Python version v3. Every time one of them makes a system call to read information from disk, the kernel looks at the incoming system call and tries to figure out which process it is coming from and directs it to its segment, as displayed in Figure 3.

Figure 3

By using this type of namespace or segmentation feature, we can ensure that Chrome and Node.js can operate on the same machine.

 Name spacing says that this area of disk is dedicated to this process, and control groups can be used to limit the amount of memory a process can use, the amount of CPU, memory, and disk.

So, these two functions together can be used to isolate a single process and limit the number of resources it can communicate with.

 A container, then, is a process or set of processes that has a group of resources specifically assigned to it, as shown in Figure 4 and Figure 5.


Figure 4
Figure 5

But the feature of name spacing, and control groups
(C-groups) is not standard in all operating systems, they are specific to Linux
operating system, not Windows or Mac OS. So how we can create containers on
Windows and MAC OS will be discussed in the next article.

Any Questions?

We will be more than happy to hear from you don’t hesitate to contact us

en_USEnglish