Skip to content

Latest commit

 

History

History
68 lines (46 loc) · 2.9 KB

containers.md

File metadata and controls

68 lines (46 loc) · 2.9 KB

Devops-tools

REF LINK : https://github.com/pavankumar0077/Docker-Zero-to-Hero

Containers image

physical servers -- the problems with physical servers are solved by virtual machines to some extend.

Virtual machines or EC2 -- if we are not using completely then it is heavy loss for the organization to solve this problem containers takes place. image

NOTE: Virtual machines are very very secure than containers -- VM's have a full OS that is they have complete isolation, where as containers do not have a complete OS and they do not run their full OS, they is a logical isolation but it is not complete, there is one or other way to talk to the another container or each of this talk to the host OS to share some resources.

Architecuture of containers

image

image

Life cycle of docker

image

Ex: Docker --> very much dependent on docker engine -- single point of failure If docker engine is down then all the docker containers will stop working conatiners will not responding

issues

--While creating docker images it will be created as layers it takes lots of storage on disk
--  single point of failure
-- and other issues
-- To avoid this issue - we use BUILDAH

BUILDAH

-- Buildah works with commands
-- works very well with podman, scopio
-- not need of dockerfiles 
-- write a shall script to create images
-- images can be docker image or any OCI image

image

containers do not have operating system

  1. Containers have a base OS or they minimum system dependencies, This system dependencies are definictly required to form a logical isolation from one container to other container.
  2. If the logical isolation is not there, or minimum dependencies are not there they however you manage to run the application on that specific conttainer, A Hacker who is entering into your container typically get into all of the containers and compressize the security of the organization.
  3. /bin /sbin /etc /lib and etc these basic folders form a logical isolcation from one container to other container that means the container can not share these files and folders with other container, if these file and folders are sharing by the conatiner that me you are compresizing the security
  4. This files are folders are using from the kernel they are basically part of the container base image