What is Virtualization?
It is the technique with which the IT person can create the isolated environments such that the process or the group of processes operating within that isolated environment assumes as if it is executing in the real computing infrastructure, this kind of practice leads to more effective use of resources available to the organization along with this the concept of virtualization is the fundamental block upon which the whole cloud computing infrastructure works.
There are several different kinds of virtualization used like:
- Hardware Virtualization (most widely known type VMs)
- Operating System Virtualization (trending nowadays containers)
- Network Virtualization
- Storage Virtualization
The Containers work on the concept of Os-level virtualization. Os level virtualization is the kernel's ability to make multiple isolated environments on a single host; These environments encapsulate the programs and hide the true nature of the environment.
Three fundamental components enable OS-level virtualization possible Control Groups, Namespaces, and Unification Filesystem.
Control Groups(Cgroups)
A control group is the mechanism of the Linux kernel that allows the limitation, accounting, and isolation of resources used by a group of processes and their subgroups. It allows the limitation of resources such as memory, disk, I/O, and network usage for a group of processes.
The processes of a container are treated as a whole unit, containers benefit from Cgroups primarily because they allow system resources to limit for processes grouped by a container, also a container may be prioritized for resource allocation.
Namespaces
Another feature of the Linux system, it allows the processes to have restricted visibility of the host system resources. It can limit the visibility of cgroups, hostname, process IDs, etc. To a process running inside a namespaced resource, appear as its dedicated resources.
Namespace isolates processes from one container to prevent modifying the hostname, network interfaces, or mounts for processes running in other containers.
Unification Filesystem
This feature allows the overlay of the multiple filesystems to produce a single mock filesystem. The contents of different filesystems are virtually stacked, and their contents appear to be in a single filesystem, although, physically, they remain separate.
unionfs is used in containers to overlay a base container image with other writable layers. Storage layers such as ephemeral storage layers, custom storage layers, config layers are stacked. unionfs uses the mechanism called copy-on-write (cow) to modify the files in a running container cow strategy lets users indirectly change the content of files available to the running container from the base container image. Container image files are read-only, when a user attempts to modify such files the base image file is copied into the ephemeral storage layer of the container, a user is allowed to make changes to this new copy while the base container image files remain untouched.
Here are some great resources for further read:
Top comments (0)