1 00:00:06,570 --> 00:00:08,790 - So in this video, I will tell you how containers 2 00:00:08,790 --> 00:00:10,623 and Linux are closely related. 3 00:00:11,490 --> 00:00:13,020 From a Linux point of view, 4 00:00:13,020 --> 00:00:14,647 a container is an isolated process 5 00:00:14,647 --> 00:00:17,013 that runs with restricted resources. 6 00:00:17,880 --> 00:00:20,520 The Linux kernel provides namespaces and cgroups 7 00:00:20,520 --> 00:00:22,920 as a supporting features to do so. 8 00:00:22,920 --> 00:00:24,960 The namespace is for the isolation. 9 00:00:24,960 --> 00:00:27,003 The cgroup is for resource allocation. 10 00:00:28,380 --> 00:00:31,140 Namespaces have evolved from chroot, 11 00:00:31,140 --> 00:00:33,180 a solution that has been used for decades 12 00:00:33,180 --> 00:00:36,300 to run a process with a "fake root" directory. 13 00:00:36,300 --> 00:00:39,240 We have seen chroot in the lesson about troubleshooting 14 00:00:39,240 --> 00:00:40,263 the boot proceeder. 15 00:00:41,970 --> 00:00:44,490 To learn a successful chroot process, 16 00:00:44,490 --> 00:00:47,130 all dependencies that are required by the process 17 00:00:47,130 --> 00:00:49,500 that is running in the chrooted environment 18 00:00:49,500 --> 00:00:52,530 are required in the chrooted directory. 19 00:00:52,530 --> 00:00:54,360 So if you want to learn your web server 20 00:00:54,360 --> 00:00:56,880 as a chroot process, all of the dependencies 21 00:00:56,880 --> 00:00:59,550 need to be present for this web server 22 00:00:59,550 --> 00:01:00,993 in this chroot directory. 23 00:01:01,860 --> 00:01:05,790 From chroot to container is actually a very small step. 24 00:01:05,790 --> 00:01:08,520 Initially, the required dependencies were copied manually 25 00:01:08,520 --> 00:01:10,320 into the chrooted directory. 26 00:01:10,320 --> 00:01:11,400 That's before the days that 27 00:01:11,400 --> 00:01:13,650 we were talking about containers. 28 00:01:13,650 --> 00:01:15,570 Nowadays we have container images. 29 00:01:15,570 --> 00:01:17,768 The container image is really a tarball 30 00:01:17,768 --> 00:01:19,230 that comes with the container. 31 00:01:19,230 --> 00:01:20,670 It's an archive of files 32 00:01:20,670 --> 00:01:22,503 provided in a standardized format. 33 00:01:23,640 --> 00:01:26,070 The standardization for these images is provided 34 00:01:26,070 --> 00:01:28,890 by the Open Containers Initiative, or OCI, 35 00:01:28,890 --> 00:01:31,935 which is a foundation within LinuxFoundation. 36 00:01:31,935 --> 00:01:34,443 And OCI images are based on Docker images. 37 00:01:36,540 --> 00:01:38,190 So let's talk a bit about Docker. 38 00:01:39,180 --> 00:01:42,960 Before Docker, LXC, which is Linux Native Containers, 39 00:01:42,960 --> 00:01:45,270 was a common way to learn containers, 40 00:01:45,270 --> 00:01:48,420 and LXC comes very close to learning scripts 41 00:01:48,420 --> 00:01:51,660 where Tarballs are used in chrooted directories. 42 00:01:51,660 --> 00:01:54,663 That was foundation, the origin of the container. 43 00:01:55,560 --> 00:01:58,953 Now in 2013, Docker started the Container Revolution. 44 00:02:00,000 --> 00:02:03,150 Initially Docker was based on LXC, 45 00:02:03,150 --> 00:02:05,940 but Docker introduced the Docker image format 46 00:02:05,940 --> 00:02:07,560 as well as the Docker registry 47 00:02:07,560 --> 00:02:09,393 which is also known as Docker Hub. 48 00:02:10,830 --> 00:02:12,390 Docker Hub is a public platform 49 00:02:12,390 --> 00:02:15,420 where anyone can get and post container images. 50 00:02:15,420 --> 00:02:17,670 It's a little bit like GitHub, 51 00:02:17,670 --> 00:02:20,520 but specifically for container images 52 00:02:20,520 --> 00:02:22,950 and there's more than 10 million container images 53 00:02:22,950 --> 00:02:24,843 available on Docker Hub right now. 54 00:02:26,010 --> 00:02:28,350 The Docker image format introduced a solution 55 00:02:28,350 --> 00:02:30,840 to build container images in a smart way, 56 00:02:30,840 --> 00:02:32,940 using common images as parent images 57 00:02:32,940 --> 00:02:35,910 to which only modifications needed to be added. 58 00:02:35,910 --> 00:02:37,050 What does that mean? 59 00:02:37,050 --> 00:02:40,140 Well, if you want to run a database application 60 00:02:40,140 --> 00:02:42,780 then you can focus on your own application 61 00:02:42,780 --> 00:02:45,120 and build a container image in which 62 00:02:45,120 --> 00:02:47,640 a standard database image is used, 63 00:02:47,640 --> 00:02:50,580 so you don't have to build everything from scratch. 64 00:02:50,580 --> 00:02:52,950 You can use already existing components 65 00:02:52,950 --> 00:02:55,170 and fetch these from the image registry, 66 00:02:55,170 --> 00:02:57,360 such as Docker Hub, and that really made 67 00:02:57,360 --> 00:02:59,403 working with containers a lot easier. 68 00:03:00,660 --> 00:03:03,660 At its launch, Docker was mainly open source. 69 00:03:03,660 --> 00:03:05,580 Over the years, the company behind Docker 70 00:03:05,580 --> 00:03:08,580 has moved components to a closed source model. 71 00:03:08,580 --> 00:03:10,680 And that created challenges for companies 72 00:03:10,680 --> 00:03:13,623 that are using Docker containers, including a Red Hat. 73 00:03:15,150 --> 00:03:16,200 Because of Red Hat, 74 00:03:16,200 --> 00:03:19,110 which after all is the biggest Linux distribution, 75 00:03:19,110 --> 00:03:22,050 because Red Hat needed a pure open source solution 76 00:03:22,050 --> 00:03:24,990 instead of a semi-proprietary solution, 77 00:03:24,990 --> 00:03:26,580 they introduced podman 78 00:03:26,580 --> 00:03:29,883 with the release of RHEL 8 in 2018. 79 00:03:31,680 --> 00:03:34,080 Podman of course is an open source project 80 00:03:34,080 --> 00:03:36,063 that has been adopted by Red Hat. 81 00:03:36,930 --> 00:03:39,990 As podman and Docker are fully OCI compliant, 82 00:03:39,990 --> 00:03:42,510 replacing Docker with podman is effortless. 83 00:03:42,510 --> 00:03:45,270 You just need to type the command podman instead of Docker. 84 00:03:45,270 --> 00:03:46,830 And if you don't want to do that, 85 00:03:46,830 --> 00:03:49,473 you just type alias docker is podman. 86 00:03:50,400 --> 00:03:53,190 Currently, podman is widely adopted and available 87 00:03:53,190 --> 00:03:55,383 in all main Linux distributions. 88 00:03:56,430 --> 00:03:59,100 Now working with podman has a couple of benefits. 89 00:03:59,100 --> 00:04:02,130 First, podman installation is very easy. 90 00:04:02,130 --> 00:04:05,430 Just use your local package manager to install it. 91 00:04:05,430 --> 00:04:08,913 So sudo apt install podman and you're ready to go. 92 00:04:09,900 --> 00:04:13,350 Podman requires no daemons or elevated privileges. 93 00:04:13,350 --> 00:04:16,140 And podman allows for rootless containers. 94 00:04:16,140 --> 00:04:19,200 In fact, rootless containers are the default 95 00:04:19,200 --> 00:04:22,500 and that means that management of restricted user entities 96 00:04:22,500 --> 00:04:26,733 inside containers is much easier and much more secure. 97 00:04:27,870 --> 00:04:30,780 Podman is also a full open source solution. 98 00:04:30,780 --> 00:04:32,850 And last, there was one thing very smart 99 00:04:32,850 --> 00:04:34,830 that the podman developers have done, 100 00:04:34,830 --> 00:04:37,890 and that is that they created a command line 101 00:04:37,890 --> 00:04:40,200 that is compatible to Docker. 102 00:04:40,200 --> 00:04:42,690 So you just replaced the Docker command with podman 103 00:04:42,690 --> 00:04:43,800 and you are ready to go 104 00:04:43,800 --> 00:04:46,470 and that makes a transition very easy. 105 00:04:46,470 --> 00:04:47,460 In the next video 106 00:04:47,460 --> 00:04:49,510 you'll learn more about container images.