Containerization

In the context of IT, containerization is the virtualization of an OS or application so that software can run in isolated user spaces called containers in any environment, regardless its type.

Its management is part of the DevOps team.

This is part of a series of articles about virtualization.

Containerization Definition

Containerization is derived from virtualization.

In traditional virtualization, virtual machines can be ported to the same hypervisor type in other machines. Virtualization is a somewhat heavy solution as each VM contains its own OS and components.

A container is a file that bundle applications with its own namespace components, like libraries and other dependencies, that they need to run. This portable is easily exportable to different devices as long as they use the same kernel and containerization platform that corresponds to the container.

Take into account that containers are not OS independent, as they are dependent of the host kernel of the OS.

A container may contain:

• Binaries
• Libraries
• Configuration files

Containers should package a single application per container.

Tagging is critical to allow easy control of containers.

Immutability involves that a container is not modified once it has been released.

A containerization platform is an application that that run containers in a system. Docker would be an example of containerization platform.

The advantage of containerization over virtualization is that it consumes fewer resources than a VM. Instead of a hypervisor (e.g., VMWare ESXi or Microsoft App-V) or application virtualization software (e.g. Citrix Virtual Apps/XenApp), containerization requires a containerization platform installed in the host device.

Containerization Platform

A containerization platform is a software that is installed on any OS that is used to run containers. It provides a standard interface to the OS that allows containers to function regardless of the OS and hardware.

Docker is a commercial Linux containerization platform and runtime, and the de facto standard for containerization.

It allows to deliver software in packages called containers.

Docker Engine is the software that hosts the containers. It is free and open source software (FOSS) under an Apache 2.0 license.

Docker was first released in 2013.

Compose is a Docker tool for defining and running multi-container Docker applications.

Advantages of Containerization

Advantages of Containerization:

• Isolation: Containers provide a lightweight and isolated environment for applications. This isolation ensures that an application and its dependencies are encapsulated and don’t interfere with other applications or the underlying system.
• Consistency: Containers package applications and dependencies together, ensuring that the software runs consistently across different environments, from development to production.
• Resource Efficiency: Containers share the host OS kernel, making them more lightweight than traditional virtual machines. This results in faster startup times and more efficient resource utilization.
• Scalability: Containers can be easily scaled up or down to meet changing demand. This scalability is crucial for modern, dynamic applications.

Container Orchestration

As complexity of containerization increased, container orchestration systems were required.

Container Orchestration Engines

Container orchestration engines (COEs).

Container Orchestration engines featured on this post:

• Kubernetes
• OpenShift
• Docker Swarm

The most popular is Kubernetes.

Kubernetes

Kubernetes is a container orchestration system, and probably the most popular.

Kubernetes is free and open source software (FOSS) under an Apache 2.0 license.

It was first released in 2014.

You can find an introduction course to Kubernetes by the Linux Foundation on this external link.

There are different Kubernetes certifications offered by the Linux Foundation, including:

• Certified Kubernetes Administration (CKA)
• Certified Kubernetes Application Developer (CKAD)
• Certified Kubernetes Security Specialist (CKSS)

k0smotron is an enterprise-ready solution for production-grade Kubernetes cluster management with two support options. It is free and open source. You can read more about k0smotron on this external link.

OpenShift

OpenShift is developed by American company Red Hat, subsidiary of IBM.

Despite its name, it uses commercial license.

OpenShift official website

Docker Swarm

Deprecated

Docker Swarm is a deprecated project for Docker containerization.

Container Orchestration Security

There are some tools for container orchestration security.

Kubescape is a tool to secure their Kubernetes clusters. It is free and open source software (FOSS).

Applications of Containerization

Containerization is an essential part of microservices. You can read this post about microservices.

While they are commonly associated with cloud computing, Docker and Kubernetes can be used in various environments, including on-premises data centers and hybrid cloud setups. They abstract away the underlying infrastructure, allowing for consistent deployment and management across different environments.

Container OSs

You can read more about container OSs on this post.

Containerization Security

Containerization brings almost the same security issues as virtualization.

There is an external link about how to manage Docker security.

You might also be interested in…

• Virtualization
• Software
• Microservices

External References

• Wikipedia; “Containerization (computing)“; Wikipedia
• M. Chapple; “CCSP Study Guide Third Edition”, pp. 24-25; Wiley, 2023
• Containerization Security
  • Rani Osnat; “Top 22 Docker Security Practices“; Aquasec, 2021-07-01