Containerization
|
Work in progress. Coming soon |
Planned content:
(Preliminary note)
-
Currently on everyone’s lips, prominent subject of public discussion
-
Often equated with "Docker"
-
But: One size doesn’t fit all. There are alternatives, some with a different application profile.
-
Fedora Server supports and allows several alternatives that can be used depending on the local / user’s requirement profile.
Overview
-
All containers on a system use the same kernel
-
Some kind of isolation using kernel capabilities (cname, etc) to isolate processes from each other
-
Differences in implementations, toolset, environment, community
-
system container vs application container (main feature existence of an init system)
Podman
-
application container
-
security enhancement: no root privileges required
-
optimized for interaction of several containers to perform a task
-
same container image as Docker, mutually usable
-
natively supported by Fedora Server
Docker
-
application container
-
dependent on a Damon with ROOT privileges
-
huge trove of pre-built containers for all sorts of software
-
no native support in Fedora Server, but a vendor repository maintained for Fedora
LXC (libvirt)
-
system container
-
support of container runtime based on kernel capabilities
-
rough toolset support (requires to compose various xml files)
-
natively supported by Fedora Server (via libvirt as default virtualization tool)
LXC (linuxcontainers)
-
systemcontainer
-
one of the first implementations of containers
-
system containers
-
originally base of Docker
-
complete toolset, container images, community
-
natively supported by Fedora Server (just LTS versions)
LXD (linuxcontainers)
-
system container
-
LXC with advanced toolset
-
not natively supported by Fedora, but a COPR project available
-
vendor support for Fedory by third party packagemanager