How Docker containers work - Kubernetes Tutorial

- [Instructor] Before we delve into getting explorecalifornia onto Kubernetes, let's briefly recap containers and how they work. Since we'll be using some of these concepts throughout our mission, it's a good idea to review them upfront. Containers are virtualized instances of operating system kernels. Unlike virtual machines, while containers look like separate smaller instances of Linux or Windows, they consume resources like processor time, memory, and disk space directly from their parent host as you can see in the diagram on the right. From your computer's perspective, containers look like separate apps running along same Word, Outlook, and the instance of Chrome that you're watching this course from. Well, what does that all even mean? Well, let's create a hypothetical file as an example. Let's say that we had a file called food dot TXT, and we put it in the directory slash TMP as you can see on the upper right-hand corner. When I create slash temp slash food dot TXT inside of a Linux container, the container will use your computer's Linux installation to write that file. And that file will live inside of your computer's hard disk, as you can see on the bottom right-hand corner of the screen. So while the file from inside of the container will look like slash TMP slash food dot TXT, inside of your actual computer it looks like something completely different, usually a much longer path here. And you can see an example of that path if you squint and look real close at this slide, but that's just an example of how Docker or another container runtime might store that file. However, if I were to do the same exercise inside of a Linux virtual machine, the virtual machine would write that file on its own virtualized hard disk. So while your computer will store a file that represents that virtual machine's hard disk, your computer actually knows nothing about that file. So how does this all even work? Why does the container see slash TMP slash food dot TXT but my actual computer see some crazy long path? Well, this bit of magic is achieved through something called a union file system. Union file systems work by combining multiple different layers of file systems, such as files, directories, and otherwise into a single file system. I like using sandwiches or burgers to explain how this works. When you build a delicious burger like this one on your screen, you start with a layer of bread. You then put stuff on top of that layer of bread, like cheese, tomato, lettuce, extremely secret sauce. You can put whatever you want in there. You can put as many layers of things as you like, but the entire sandwich is just a combination of all these layers of bread and stuff. In your container's case, it looks like this, where you start from an existing layer, say the bread or even a command, as you can see here and then you can add as many different layers on top of it. And even though they're separate layers that all do separate things, at the end of the day when you squash all of them down, you get a Docker image or a container image. So in your containers case, to go back to our previous example, the final sandwich is mounted at the root directory of your container's file system at slash. Virtual machines are literally virtual instances of machines. They come with their own virtualized processors, virtualized memory, virtualized hard disks, Necker cards, graphics cards sometimes, et cetera. As you can imagine, creating virtual machines to run applications like explorecalifornia can be quite heavy. Basic website like the one that we're going to work with and a Linux distribution to run it on would need something like 128 megabytes of memory at the very least, say a gigahertz of processor resources and five gigs of hard space, just to be conservative. That's a lot for a website, especially if you're just testing it on your computer. Containers allow you to put the files of your website and the web server like Nginx into a few layers of directories and run your web server in a website as if it were another application on your machine. This way, instead of needing all of the resources that you'd need to run an entire virtual machine, you can run your website with 50 megs of memory and maybe a few megahertz of processor time. Containers are created and run by things called container runtimes. There are many different runtimes out there. I referenced Docker earlier, that's one of the most popular ones, but Docker actually runs on a container runtime called container D, and Kubernetes also uses container D. However, there's other runtimes like Podman, Rocket, et cetera that all accomplish the same thing which is to allow your application to run inside of a container just like the sandwich we saw earlier. The magic that Docker brings to containers comes in two parts, the first is a Docker file, and the second is a Docker API. Docker files, like the example that we see here, allow you to write instructions for creating those layers that we spoke about earlier. With a quick invocation of Docker build and a command line terminal, Docker takes most of the lines in those Docker files and compresses them into something called a Docker image. Docker then uses container D to create containers mounted from the images by running Docker run in that same terminal window. The beauty behind Docker is that these images can be used on any computer that can run Docker and container D. It doesn't matter how fast, slow, big or small that computer is, as long as it has Docker and container D. And as long as the operating system used to create those layers is the same as a computer's operating system, Docker can create containers from those images. As you might expect, this is huge for developing software. Instead of having to worry about crafting local VMs that are just like the machines, running your software in production, or having the laptop big enough to run those VMs in the first place, you can store your application and everything that it needs into a Docker image and run that wherever Docker is installed. The same Docker image that you can run on your machine can also run on production hardware, which has massive.