Container
To understand the container you first need to have a little bit of background on exactly how your operating system runs on your computer.So going to first give you a quick overview of your operating system.So this is a quick overview of the operating system on your computer.
Most operating systems have something called a kernel.The kernel is a running software process that governs access between all the programs that are running on your computer and all the physical hardware that is connected to your computer as well.So if you're at the top of this diagram we have different programs that your computer's running such as chrome or terminal.
lest see this example.
The other important thing to understand here is that these running programs interact with the kernel through things called system calls.These are essentially like function invocations.The kernel exposes different end points to say hey if you want to write a file to the hard drive call this endpoint or this function right here it takes some amount of information and then that information will be eventually written to the hard disk or memory or whatever else is required.
Now thinking about this entire system right here I want to pose a kind of hypothetical situation to you.I want you to imagine for just a second that you and I have two programs running on our computer.Maybe one of them is chrome like chrome the web browser and the other is Nodejs.
Yes the javascript server side runtime .I want you to imagine that we're in a crazy world where Chrome in order to work properly has to have Python version 2 installed and no Jesus has to have version 3 installed.However on our hard disk we only have access to Python version 2 and for whatever crazy reason we are not allowed to have two identical installations of Python at the same time.So as it stands right now Chrome would work properly because it has access to version 2 but no chaffs would not because we do not have a version or a copy of Python version 3.Again this is a completely make believe situation.I just want you to kind of consider this for a second because this is kind of leading into what a container is.So how can we solve this issue.
Well one way to do it would be used to make use of a operating system feature known as name spacing
NAME SPACING AND CONTROL GROUP
We can look at all of the different hardware resources connected to our computer and we can essentially segment out portions of those resources so we could create a segment of our hard disk specifically dedicated to housing Python version 2.And we could make a second segment specifically dedicated to housing Python version 3.
Then to make sure that Chrome has access to this segment over here and nodeJs has access to this segment over here any time that either them issues a system call to read information off the hard drive the kernel will look at that incoming system call and try to figure out which process it is coming from. So the kernel could say okay if Chrome is trying to read some information off the hard drive I'm going to direct that call over to this little segment of the hard disk over here.The segment that has Python version 2 and for Node other segment.
Each time that makes the system call the read the hard drive the kernel can redirect that over to this
segment for Python version 3.And so by making use of this kind of name spacing we're segmenting feature.We can have the ability to make sure that Chrome and node us are able to work on the same machine.Now again in reality neither of these actually needed installation of Python.This is just a quick example.
So this entire process of kind of segmenting a hard or a you know a heart of a resource based on the
process that is asking for it is known as name spacing with name spacing we are allowed to isolate resources per a process or a group of processes and we essentially saying that any time a particular process asks for a resource we're going to direct it to this one little specific area of the given piece of hardware.Now name spacing is not only used for hardware it can be also used for software elements as well.So for example we can namespace a process to restrict the area of a hard drive that is available or the network devices that are available or the ability to talk to other processes or the ability to see other processes.These are all things that we can use named spacing for.
To essentially limit the resources we're kind of redirect requests for resource from a particular process very closely related to this idea of some name spacing is another feature called control groups .
A control group can be used to limit the amount of resources that a particular process can use.
So name spacing is for saying hey this area of the hard drive is for this process a control group can
be used to limit the amount of memory that a process can use the amount of CPU the amount of hard drive input or the input output and the amount of network bandwidth as well.
So these two features put together it can be used to really kind of isolate a single process and limit
the amount of resources it can talk to and the amount of bandwidth essentially that it can make use of.
This are the diagram that we're going to be looking at quite a bit Any time that we think about
a container.
Example diagram of a docker run command
we can call docker run command in 2 steps
1. docker create -> this command just create container , i.e copy files , and other info in container space .
also this command return id of docker created.
2. docker start -a <dockerId> -> run the start script of the docker .
LIFE CYCLE OF CONTAINER
we can restart a stopped container , but we can't change the command which was used to create the container.
REMOVING ALL THE CONTAINERS WHICH HAS STOP
If we are done with all the dockers which are stop we can remove all the containers which is created for each of them so that we can remove disk space which is being consumed by them .
we need to hit command docker prune .
one thing to notice is that after running this command it will remove local cache also we when we will again run docker run <image> than it will again download image form docker hub.
stop command or the docker kill command.
Both these are going to stop the running container and what they look like they kind of do the same
thing here so what's the difference between them.Well here's what happens behind the scenes when you issue a docker stop command a hardware signal is sent to the process.
So the primary process inside that container in the case of dock or stop we send a sig term message
which is short for terminate signal it's a message that's going to be received by the process telling
it essentially to shut down on its own time.Sick term is used any time that you want to stop a
process inside of your container and shut the container down.
And you want to give that process inside there a little bit of time to shut itself down and do a little
bit of cleanup.A lot of different programming languages have the ability for you to listen for these
signals inside of your code base.
And as soon as you get that signal you could attempt to do a little bit of cleanup or maybe save some
file or emit some message or something like that.
On the other hand the docker kill command issues a sig kill or kill signal to the primary running process
inside the container.Sick kill essentially means you have to shut down right now and you do not get to do any additional work.
So ideally we always stop a container with the Dockers stop command in order to get the running process inside of it a little bit of time to shut itself down.
Otherwise if it feels like the container has locked up and it's not responding to the docker stop command then we could issue a dock or kill instead.
Comments
Post a Comment