??Deep into Container — Deep into Container Runtime

???????????????????? ?????? ???????????????? ????????, ???? ?????????????? ?????????? ?????? ?????? ???????? ???????????????????? ???? ???????????????? ???????????????????? ?????? ?????????? ???????????????????? ?????? ??????????????. ???? ???????? ????????, ???? ?????? ?????????? ???? ?????????? ???????? ???? ?????????????????? ?????????????? ?????? ?????? ???????? ???? ???????? ???????? ???????????????????

???????????????????? ?????? ?????????????????? ???????????????

??Containers were created to help us run a program in an environment completely independent of other programs on the same computer. But we will have some problems later if we only use the Linux namespace and Cgroup to run the container.

???The first problem is that to create a container, we need to run a lot of commands, which are the command to create Linux namespace, the command to create Cgroup process, the command to configure limit for Cgroup process, then if we want to delete the container, we must run commands to clear namespace and Cgroup.

??And the second problem is when we run dozens of containers with the Linux namespace and Cgroup commands, how do we manage those containers, how do we know what the container is running and which process it is used for?

???The third problem is that there are containers that already have what we need and it’s on the Container Registry, how can we download it and run it instead of having to create the container from scratch?

With the above problems, instead of having to run so many commands, why don’t we build a tool to reduce this work, we just need to run one command to create the container and delete it. And that tool can also help us manage many running containers and we know which container is being used for which process. And we can also use that tool to download containers available on the internet.?????????’?? ?????? ?????? ?????????????????? ?????????????? ?????? ????????.

??To summarize, Container Runtime is a tool that manages all running processes of a container, including creating and deleting containers, packaging, and sharing containers. Container runtime is divided into two types:

??Low-level container runtime: with the main task of creating and deleting containers.

??High-level container runtime: manage the container, download the container image, then extract the container image and pass it to the low-level container runtime so that it creates and runs the container.

????????-?????????? ?????????????????? ??????????????:

As I said above, the main task of low-level container runtime is to create and delete the container.

What the low-level container runtime will do is:

??Create the cgroup.

??Run CLI in the cgroup.

??Run?unshare?command to create an isolated process.

??Set up a root file system.

??Clean up the cgroup after the command completes.

The low-level container runtime will do a lot more, but the above are the main jobs. For example, simulating the process of container runtime creating the container.

??High-level Container Runtime:

While the low-level container runtime focuses on creating and deleting containers, the high-level container runtime will focus on managing multiple containers, transporting and managing container images, and loading and unpacking container images to the low-level container runtime.

Probably,?containerd?is a common high-level container runtime, it provides us with the following features:

• Download the container image from the container registry.
• Manage container images.
• Run a container from a container image.
• Managing containers.

Although you can load and run a container from an existing container image,?containerd?and many other high-level container runtimes don’t help you build containers, and the high-level container runtime doesn’t focus on UI support for users.

So to make it easier for users to communicate with containers, a new tool called?Container Management?was born, and Docker is one of them.

??Docker

Docker was one of the first tools to fully support container interaction. Docker support:

• Image build (Dockerfile/docker build).
• Manage container images (docker images).
• Creating, deleting, and managing containers (docker run, docker rm, docker ps).
• Sharing container image (docker push).
• Provide UI for users to manipulate instead of using CLI.

And Docker will go through the APIs to interact with the underlying container runtime to create and run the container for us. The high-level container runtime that docker uses is?dockerd,?docker-containerd,?dockerd-runc.

With?dockerd?will provide us with a build image feature,?docker-containerd?is similar to?containerd, and?docker-runc?is similar to?runc.

??Conclusion:

So we have learned about the container runtime. The low-level container runtime will be responsible for creating and deleting containers. The high-level container runtime will be responsible for managing container images and containers. And Docker is a complete tool for us to interact with the underlying container through the container runtime, including building the container image.

if you like the Article do follow Sushant S.