Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Linux Enterprise Server 15 SP2

1 Introduction to Linux Containers Edit source

Linux containers offer a lightweight virtualization method to run multiple virtual environments (containers) simultaneously on a single host. Unlike technologies like Xen or KVM, where the processor simulates a complete hardware environment and a hypervisor controls virtual machines, containers provide virtualization at the operating system level, where the kernel controls the isolated containers.

Advantages of Using Containers
  • Containers make it possible to isolate applications in self-contained units.

  • Containers provide near-native performance. Depending on the runtime, a container can use the host kernel directly, thus minimizing overhead.

  • It is possible to control network interfaces and apply resources inside containers through kernel control groups (see Chapter 9, Kernel Control Groups).

Limitations of Containers
  • Containers run on the host system's kernel, so they cannot use different kernels or different kernel versions.

  • Only Linux-based applications can be containerized.

  • Containers are not secure, and the overall security depends on the host system. Containerized applications can be secured through AppArmor or SELinux profiles. Securing containers is harder than securing virtual machines, due to the larger attack surface.

1.1 Key Concepts and Brief Introduction to Podman Edit source

Although Docker Open Source Engine is a popular choice for working with images and containers, Podman provides a drop-in replacement for Docker that offers several advantages. While Chapter 10, Podman Overview provides more information on Podman, this chapter offers a quick introduction to key concepts and a basic procedure of creating a container image and using it to run a container.

The basic Podman workflow is as follows:

Running a container, either on a local machine or cloud service, usually involves the following steps:

  1. Fetch a base image by pulling it from a registry to your local machine

  2. Create a Dockerfile and use it to build a custom image on top of the base image

  3. Use the created image to start one or more containers

To run a container, you need an image. An image includes all the dependencies needed to run the application. For example, the SLE base image contains the SLE distribution with a minimal package selection.

While it is possible to create an image from scratch, few applications would work in such an empty environment. Thus, using an existing base image is more practical in most situations. A base image has no parent, meaning it is not based on another image.

Although you can use a base image for running containers, the main purpose of base images is to serve as foundations for creating custom images that can run containers with specific applications, servers, services, and so on.

Both base and custom images are usually available through a repository of images called registry. Unless a registry is explicitly specified, Podman pulls images from the Docker Hub registry. While you can fetch a base image manually, Podman can do that automatically when building a custom image.

To build a custom image, you need to create a special file called Containerfile or Dockerfile, containing building instructions. For example, a Dockerfile can contain instructions to update the system software, install the desired application, open specific network ports, run commands, etc.

You can build images not only from base images, but also on top of custom images. So you can have an image consisting of multiple layers:

1.1.1 Practical Example Edit source

The following procedure shows how to build a custom Docker image that can be used to run a container with a simple PHP application called example, served using the built-in PHP development server.

Procedure 1.1: Building an Image and Running a Container
  1. Install Podman:

    tux > sudo zypper in podman
  2. Switch to the PHP project's directory and create a file named Dockerfile :

    tux > cd example
    tux > touch Dockerfile
  3. Open the Dockerfile file for editing, and add the following:

    FROM php:7.4-cli
    COPY . /usr/src/example
    WORKDIR /usr/src/example
    EXPOSE 8000
    CMD [ "php", "-S", "0.0.0.0:8000" ]
  4. Build a container image:

    tux > sudo podman build -t example .
  5. Run a container:

    tux > sudo podman run -it -p8000:8000 --rm example
  6. Point the browser to localhost:8000 to access the application running in the container.

Note that SUSE does not provide support for third-party images, such as the one used in this example.

Print this page