Lesson 1.1: Overview of Containerization

Linux Containers

An operating system-level virtualization method for running multiple isolated Linux systems (containers) on a single control host.

Linux Functional Components

• In Linux system their are two space ie, user space ( User Shell, Regular Processes ) and kernel space ( Kernel ).
• Regular process can contact with the Kernel process through system calls ( Fork(), Exec() ).
• In a Linux system, the user shell, regular processes, and the Linux kernel are fundamental components that work together to provide a functional operating system. Here's a breakdown of each:

1. User Shell

The shell is a command-line interface (CLI) or graphical interface that allows users to interact with the operating system. It acts as an intermediary between the user and the kernel.

Key Features:

• Command Interpretation: Takes user commands, interprets them, and executes corresponding programs.
• Scripting: Allows writing shell scripts for automation.
• Environment Management: Manages environment variables (PATH, HOME, etc.).
• Job Control: Supports foreground/background process execution (&, jobs, fg, bg).

Types of Shells:

• Bash (Bourne Again Shell) – Default on most Linux distributions.
• Zsh (Z Shell) – Enhanced Bash alternative with better scripting.

2. Regular Processes

A process is an instance of a running program. Regular processes are created by users or the system and run in user space.

Key Features:

• Process ID (PID): Unique identifier for each process.
• Parent-Child Relationship: Processes are created via fork() and exec().
• User vs. System Processes:
  • User Processes: Launched by users (e.g., firefox, vim).
  • Daemon Processes: Background system services (e.g., sshd, nginx).
• Process States: Running, Sleeping, Stopped, Zombie

3. Linux Kernel

The kernel is the core of the Linux OS, acting as a bridge between hardware and software.

Key Responsibilities:

• Process Management: Schedules processes using CPU time.
• Memory Management: Allocates RAM via virtual memory (paging/swapping).
• Device Management: Interacts with hardware via drivers.
• Filesystem Management: Handles file operations (ext4, XFS, etc.).
• System Calls (syscalls): Provides APIs for processes to request kernel services (e.g., open(), read(), write()).

Subsystems in Linux (cgroups, Namespaces, and Kernel Components)

In Linux, subsystems refer to modular components that manage specific system resources or functionalities. The term is most commonly used in the context of:

• Control Groups (cgroups) Subsystems
  • Control Groups (cgroups) are kernel features that limit, account for, and isolate resource usage (CPU, memory, disk I/O, etc.).
  • Each cgroup subsystem manages a specific resource type.
  • Examples: cpu, memory, io, pids, net_cls, devices, freezer.
  • Each subsystem attaches to a individual hierarchy (tree of cgroups).
  • Processes are placed in cgroups, inheriting resource limits.
• Kernel Subsystems – Core parts of the Linux kernel.
• Namespace Types – Isolation mechanisms for containers.
  • Namespaces are another form of subsystem, providing isolation for containers. Each namespace type virtualizes a global system resource.
  • The key feature of namespaces is that they isolate processes from each other. On a server where you are running many different services, isolating each service and its associated processes from other services means that there is a smaller blast radius for changes, as well as a smaller footprint for security‑related concerns. Mostly though, isolating services meets the architectural style of microservices.
  • Namespace Type : PID, Mount, Network, UTS, IPC, User, Cgroup

Containers in Linux: How They Work Under the Hood

Containers in Linux are just processes with isolated views of system resources, enforced by the kernel. Unlike virtual machines (VMs), containers do not run a separate OS kernel. Instead, they share the host kernel but are restricted to their own namespaces and cgroups.