Container

Telcos (Telecommunication companies) deploy networks that have high availability, are scalable, and resilient covering entire countries. Components like routers, firewalls, and DHCP servers (called Network Functions) are the building blocks of such large network deployments. Traditionally, network functions were deployed on proprietary hardware with application-specific integrated circuits and installed on the telco’s premise (baremetal deployment). Such network functions are called Platform Network Functions (PNFs). PNF deployments present the following challenges: ...

There is a multitude of choices for storage solutions (Amazon S3, Ceph, Google Cloud Storage, etc.) and combined with the choices of container orchestrators (Kubernetes, Apache Mesos, Docker Swarm, etc.) the permutations are endless. A Container Storage Interface (CSI) plugin is implemented by the storage providers (Amazon, Google, IBM) as an interface to provision and mount volumes for workloads when requested by container orchestrators. The CSI plugin provisions the volume, procures it from the node hosting the container, and mounts it to the requesting container. It standardizes the process of allocating storage for containers between different orchestrators. ...

Container runtimes allocate network namespaces for containers deployed on the host. A network interface (like docker0, bridge, or host) is configured inside the namespace to facilitate the communication with host, the internet, or other containers. The Container Network Interface (CNI) project provides specifications and libraries for implementing a plugin-based solution for managing network interfaces for containers. The runtime executes the CNI plugins provided as binary executable files. A network configuration is passed to the runtime as a JSON file. It contains the details of the CNI plugins and the network interfaces to be configured. ...

Public registries provide container images for most use cases but they might not cover all of them. That’s why container engines such as Podman & Docker and CLI tools like buildah provide utilities for creating custom container images. The build steps are written in a plaintext file called Containerfile and parsed by container engines (or buildah) during the build process. 1 2 3 4 5 6 7 8 # Containerfile FROM node:18-alpine LABEL version="1.0" WORKDIR /app COPY . . RUN yarn install --production CMD ["node", "src/index.js"] EXPOSE 3000 Containerfile Instructions Steps inside the containerfile are defined using instructions such as FROM, RUN, ADD, COPY, etc. Container Engines go through the containerfile line-by-line and perform each step, stacking a new image layer on top of the previous one. ...

A container image is a static file that contains the necessary resources (packages, configuration, other dependencies) required to provision a container. It consists of multiple layered-filesystems and a Manifest file, containing its metadata. Open Container Initiative (OCI) Specification Open Container Initiative was established by The Linux Foundation in 2015 to provide Runtime specification Image specification Distribution specification for container images. A container image created from OCI Image specification should have ...

Container Engines like Podman and Docker provide GUI and CLI utilities for managing the state of containers. They also provide features such as container image management, metrics, logging, and debugging tools. The examples in this article use Podman but CLI commands are mostly interoperable with Docker. We can install Podman on your system by following the steps in Podman Installation Instructions. Podman also provides a graphical interface for managing containers, images, and other resources called Podman Desktop. ...

To isolate the processes running inside a container from its host system, container engine uses the following four features: Namespaces Control Groups Secure Computing Security-Enhanced Linux Namespaces Namespaces are created to limit the reach of a container to its host’s resources. It helps with security and well as limits resources available to the container. Linux command lsns could be used for listing details of namespaces. The namespaces essential for containers are User, Mount, Unix Timesharing System, Process ID, Network, and Inter-Process Communication. ...

While creating an application in any programming language or framework you have to install its dependencies on your system. This could include the compiler for the programming language, libraries, and frameworks. If the environment for the deployment of this application is different then the whole process of dependency installation has to repeat. You might have to some other changes, like setting up environment variables and making changes to the configuration files. ...