Containers are the bomb.
If you don't believe me look at how many jobs and tech articles on any job site or any geek/tech site. The number of jobs asking for Docker or Kubernetes(K8s) experience are un-ending. So first I want to talk about the history of "containers." Below is a list of the dates that the various containerization systems were released.Timeline of the History of Containers
################################################################################# **CHROOT** - In 1979 in the Version 7 of Unix chroot was invented. (chroot = root and their children) and worked by restricting access to a specified directory. It gave basically an isolated environment to run tasks. **JAILS** - In 2000, March 14th to be exact, in FreeBSD 4.0, jails were introduced to the world. it was a improvement from the original unix containers made with chroot. **VSERVER** - In 2001 Jacques Gilinas created VServer project for Linux. **SOLARIS ZONES** - In February 2004 with build 51 of Solaris 10 Solaris Containers (zones) was introduced. **GOOGLE BORG** - In 2003 amd 2004 Google developed Borg. Borg was an unknown project at google that they used to run and manage containers at Google, long before they helped create Borg's ancestor, Kubernetes. **GOOGLE PROCESS CONTAINERS** - In 2006 Process containers were launch by Google. **CGROUPS** - These were added to the Linux kernel (kernel v2.6.24) in January 2008. The cgroup scheme was a method to keep processes separate from each other **OPEN CONTAINER INITIATIVE (OCI)** - The Open Container Initiative (OCI), established in June 2015 **KUBERNETES(K8S)** - IN 2007 multiple high profile tech companies adopted Kubernetes. Docker, AWS, Rancher and others ramped up their support for k8s. #################################################################################As you can see from the history Jails have been around and used in production for over 21 years. We joke about Docker isn't old enough to drive, but Jails are old enough to buy you a drink!! I first ran Jails in production in 2008 at a credit card processing company I worked for. In today's technical environment most engineers either don't know jails exist, or they think those are some outdated technology that is no longer valid. This is a shame considering the stability and uses of jails.
To start this conversation the first thing we need to talk about the different type of "containers". I put that in quotes because I am going to use a very broad definition, which is: Any computer method that allows you to run other operating systems, or subsets of them in an isolated manner. So this included jails, docker and its derivates, but also VMs. VMs are just a heavy form of a container if you think about it. Within containers there are two main types of containers, *App Containers* and *O/S Containers*.
App Container Definition
Per the medium.com website, here is an exact copy of their definition of an App Container: `While OS containers are designed to run multiple processes and services, application containers are designed to package and run a single service. Container technologies like Docker and Rocket are examples of application containers. So even though they share the same kernel of the host there are subtle differences make them different,While OS containers are designed to run multiple processes and services, application containers are designed to package and run a single service. Container technologies like Docker and Rocket are examples of application containers. So even though they share the same kernel of the host there are subtle differences make them different.`O/S Container Definition
Per the medium.com website, here is an exact copy of their definition of an O/S Container:
`OS containers are virtual environments that share the kernel of the host operating system but provide user space isolation. For all practical purposes, you can think of OS containers as VMs. You can install, configure and run different applications, libraries, etc., just as you would on any OS. Just as a VM, anything running inside a container can only see resources that have been assigned to that container.`**And this means what?**
My favorite by far is the O/S Containers. Specifically FreeBSD jails. I feel I can do anything with a jail that I can do with docker. NOW I am the first to tell you there are just some things that you can't do on jails that you could do with a docker container. Why is that?
The first reason I like jails is because it is FreeBSD. I have given presentations on why FreeBSD has some design advantages on Linux, but that is a topic for another day. Jails are unique to FreeBSD and do not exist on the other BSDs. Net and Open both broke off from FreeBSD before the code for jails was in the codebase. I tend to run FreeBSD on my home computers, my personal laptop, on my raspberry pis etc. And we all chose something we know and love.
Since an O/S container does not have to include the portions of the O/S the host is providing, they tend to be smaller in size. Also, there have been multiple instances of them finding spyware etc built into some of the docker images hosted on docker.io. Not an accusation, but just a fact tht happened. Jails, on the other hand, are not "shipped" as a prebuilt image. Jail mentality is is the template file, a simple text file, and your system builds it on the fly every time. This would be analogous of docker only shipping dockerfiles and you take the docker file and build your own image every time. To me, I am not downloading an image. I am giving FreeBSD a "script file" to tell it what to build and how to build. FreeBSD can run any version of FreeBSD in a jail as long it is the same or older than the host system. Almost every open source program out there can be run on a jail. Now, there are some things like apps written in electron that can be the exception here. But almost any software you want to run in production on a server, there is a version to run on FreeBSD. (We have successfully run a couple of "linux jails" on freebsd, but that is experiemental at best, and done to prove we could). So as long as you can run the software on FreeBSD, then you can run it on a FreeBSD jail. Where it fails is you need a specific linux, or a different BSD.
App Containers (I will talk about Docker and its derivatives specifically) are better if you need a system that will allow you to run multiple versions of Linux. So if you have software that is specific to some version of Linux, or one of the few that just can not be run on FreeBSD due to some failed dependency, then Docker/k8s is the way to go. Bigger sized containers, and your company really should write the docker files and create your own docker containers and store them locally for use. This assures that the image was built without any extra. These are really good for a lot of commercial software. Commercial Paid software very rarely makes a version for BSD. Until the last few years, there was some software out there that will only run on Windows. Now most supply Linux packages and a lot now will let you download a docker image of their software. I have even seen a specific phone system that I worked on in a past life that one of the phone modules required you to run a docker image in kubernetes if you wanted that feature. Docker is very very embedded in the market and hiring someone with experience with Docker images, or using k8s to manage them is doable. FreeBSD experience out there is tiny compared to Docker.
**Which is best?** you chose based on your needs. I will do my next blog on BastilleBSD and what the goals that came up on it were, and how it has all come together. The founder pinged me the other day that it has been 4 years since we released our first version. So a lot more to come.
BCM~