Doc: Containers vs VMs #186
Comments
I hope this helps. Also see: lxc#186 Thanks a lot for the review Signed-off-by: ShalokShalom <shalokshalom@protonmail.ch>
|
A Linux system is made of the Linux kernel, an Is it possible to have more than one Linux system on a Linux system? On a running Linux system you could launch a init-compatible process on a separate One application of containers is the application containers (pun intended), like Docker. The init has been optimized so that it runs only the specific things that you have described in the Dockerfile. When it is done running, the application container stops. Another application of containers is the system containers, like incus. You have many options for a Can you mess up the distinction even further? Sure you can. You can take Docker, replace the All in all, with containers you are reusing the running Linux kernel to launch new process trees of different Namespaces can also be nested. You can run a namespace in a namespace. This means that you can run a container within a container. An incus server inside an incus container. Docker inside an incus container. |
|
So, the difference between a system container and an application container is, as assumed, that the system container runs the native init system, and the application container has a modified init system, that is limited to only one process. That is unless we use namespaces, which allow us to run multiple processes in one Docker container. Is this correct so far? 😃 So then: What can I do with a system container from Incus, that a Docker container with multiple namespaces can not? Is there any difference? Can you take a look at my proposal, and tell me, if you think it is accurate, please 👍🏻 |
I would say that a system container is like a typical Linux system. You boot it up, it gets ready, and it keeps running. If you want it to stop, you would shut it down like you do with a Linux system. I would not consider the On the other hand, an application container has a sole purpose to run a set of instructions to either perform a task and stop running at the end of it. Or it could be a service like a Web server that keeps running until you send a command to stop the Web server. When the Web server stops, this stops the container. You could create a Dockerfile that runs several services (like Web server, FTP server). It is due to best practices that you would keep separate tasks between application containers. That is, an application container is task-oriented. The task finishes and the application container stops. A system container is a Linux system. You can keep one running without doing any task, you can run a task and then another task. The system container stops when you shut it down.
About 15 years ago there was this need to add support for containers to the Linux kernel. There was some talk to add specific container support. There was however another view to add new generic Linux kernel features that could be used for containers but also for possible other needs that do not relate to containers. That is, try to break down the requirements into a set of primitives. One such primitive is the namespaces, which allows to isolate processes, devices, etc (this process does not know that this other process exists. Another is cgroups, which allows to put limits on processes (i.e. a process cannot use more that X memory). Any Linux container implementation would make use of namespaces, cgroups. Apart from incus, Docker uses both of them as well.
Both Incus and Docker use namespaces. The high-level difference between the two is that Incus is a Linux system while Docker is task-oriented.
Have a look at my PR. Take them as a suggestion. I would expect that it might require further changes in the wording. |
Closes lxc#186 Signed-off-by: ShalokShalom <shalokshalom@protonmail.ch>
Closes lxc#186 Signed-off-by: ShalokShalom <shalokshalom@protonmail.ch>
I am currently improving this page of documentation, and like to understand some aspects of it first myself, so I can do that.
My assumption is, that most people come from a world, that consists mainly of containers and VMs.
I did not read before, that there may be a difference between something like an application container, and a system container.
I struggle to understand, what a system container contains, that an application container doesn't.
As far as I am aware, a Docker container always contains an operating system - including a file system, a certain userland, and the application itself.
Only the kernel is left to the host. So now I am reading, that there is a distinction between two types of container, and the provided documentation is not really going into the details, what parts are shared and what not.
From the limited information provided, do I assume that the difference is simply, that system containers allow to run multiple applications side by side and within the same container.
So it basically groups applications, and is besides this, still a container?
A multi-app container?
In order to improve the understanding of this page, do I consider making a table in Markdown.
I also seek to retain the black text of the provided images, and that one disappears in dark mode.
The images in question are both svg with a transparent background.
We would need to rerender them with an opaque background, to work.
The text was updated successfully, but these errors were encountered: