1 00:00:00,780 --> 00:00:05,640 In the last section we continue to talk a little bit about images but we're still surprising light on 2 00:00:05,640 --> 00:00:08,040 some of the details around exactly what a container is. 3 00:00:08,340 --> 00:00:13,050 So in this section I'm going to give you a behind the scenes look at what a container is and how it 4 00:00:13,050 --> 00:00:15,120 is created on your machine. 5 00:00:15,150 --> 00:00:20,010 Now to understand the container you first need to have a little bit of background on exactly how your 6 00:00:20,070 --> 00:00:22,350 operating system runs on your computer. 7 00:00:22,350 --> 00:00:27,170 So going to first give you a quick overview of your operating system. 8 00:00:27,230 --> 00:00:31,300 So this is a quick overview of the operating system on your computer. 9 00:00:31,300 --> 00:00:37,630 Most operating systems have something called a kernel this kernel is a running software process that 10 00:00:37,630 --> 00:00:43,510 governs access between all the programs that are running on your computer and all the physical hardware 11 00:00:43,600 --> 00:00:45,910 that is connected to your computer as well. 12 00:00:45,940 --> 00:00:49,930 So if you're at the top of this diagram we have different programs that your computer's running such 13 00:00:49,930 --> 00:00:56,680 as chrome or terminal Spotify or no J.S. if you've ever made use of no JSA before and you've written 14 00:00:56,710 --> 00:00:58,380 a file to the hard drive. 15 00:00:58,480 --> 00:01:05,620 It's technically not no J.S. that is speaking directly to the physical device instead no J.S. says to 16 00:01:05,620 --> 00:01:08,740 your colonel hey I want to write a file to the hard drive. 17 00:01:08,890 --> 00:01:12,900 The colonel then takes that information and eventually persists it to the hard disk. 18 00:01:12,940 --> 00:01:17,260 So the colonel is always kind of this intermediate layer that governs access between these programs 19 00:01:17,490 --> 00:01:19,300 and your actual hard drive. 20 00:01:19,420 --> 00:01:24,430 The other important thing to understand here is that these running programs interact with the kernel 21 00:01:24,730 --> 00:01:27,210 through things called System calls. 22 00:01:27,250 --> 00:01:30,580 These are essentially like function invocations. 23 00:01:30,580 --> 00:01:35,770 The kernel exposes different endpoints to say hey if you want to write a file to the harddrive call 24 00:01:35,800 --> 00:01:37,910 this endpoint or this function right here. 25 00:01:37,990 --> 00:01:41,650 It takes some amount of information and then that information will be eventually written to the hard 26 00:01:41,650 --> 00:01:45,410 disk or memory or whatever else is required. 27 00:01:45,710 --> 00:01:50,480 Now thinking about this entire system right here I want to pose a kind of hypothetical situation to 28 00:01:50,480 --> 00:01:51,090 you. 29 00:01:51,170 --> 00:01:57,710 I want you to imagine for just a second that you and I have two programs running on our computer maybe 30 00:01:57,710 --> 00:02:02,930 one of them is chrome like chrome the web browser and the other is no J.S. the javascript server side 31 00:02:02,930 --> 00:02:04,190 runtime. 32 00:02:04,190 --> 00:02:09,800 I want you to imagine that we're in a crazy world where Chrome in order to work properly has to have 33 00:02:09,800 --> 00:02:15,500 python version 2 installed and no J.S. has to have Version 3 installed. 34 00:02:15,500 --> 00:02:22,130 However on our hard disk we only have access to python version 2 and for whatever crazy reason we are 35 00:02:22,130 --> 00:02:27,790 not allowed to have two identical installations of Python at the same time. 36 00:02:27,920 --> 00:02:33,260 So as it stands right now chrome would work properly because it has access to version 2 but no J would 37 00:02:33,260 --> 00:02:38,120 not because we do not have a version or a copy of python version 3. 38 00:02:38,120 --> 00:02:41,000 Again this is a completely make believe situation. 39 00:02:41,000 --> 00:02:45,680 I just want you to kind of consider this for a second because this is kind of leading into what a container 40 00:02:45,680 --> 00:02:47,100 is. 41 00:02:47,330 --> 00:02:48,660 So how can we solve this issue. 42 00:02:49,100 --> 00:02:55,580 Well one way to do it would be used to make use of a operating system feature known as name spacing 43 00:02:56,240 --> 00:02:57,260 with name spacing. 44 00:02:57,260 --> 00:03:01,880 We can look at all of the different hardware resources connected to our computer and we can essentially 45 00:03:01,940 --> 00:03:08,900 segment out portions of those resources so we could create a segment of our hard disk specifically dedicated 46 00:03:08,900 --> 00:03:15,380 to housing python version 2 and we could make a second segment specifically dedicated to housing python 47 00:03:15,380 --> 00:03:16,980 version 3. 48 00:03:17,030 --> 00:03:22,130 Then to make sure that Chrome has access to this segment over here and no James has access to this segment 49 00:03:22,130 --> 00:03:28,970 over here any time that either them issues a system call to read information off the hard drive the 50 00:03:28,970 --> 00:03:34,520 kernel will look at that incoming system call and try to figure out which process it is coming from. 51 00:03:34,520 --> 00:03:40,370 So the kernel could say OK if Chrome is trying to read some information off the hard drive I'm going 52 00:03:40,370 --> 00:03:44,660 to direct that call over to this little segment of the hard disk over here. 53 00:03:44,930 --> 00:03:51,140 The segment that has python version 2 and No J.S. anytime that makes a system called the read the hard 54 00:03:51,140 --> 00:03:56,270 drive the kernel can redirect that over to this segment for python version 3. 55 00:03:56,450 --> 00:04:01,460 And so by making use of this kind of name spacing or segmenting feature we can have the ability to make 56 00:04:01,460 --> 00:04:05,660 sure that Chrome and no J.S. are able to work on the same machine. 57 00:04:05,660 --> 00:04:09,230 Now again in reality neither of these actually needed installation of python. 58 00:04:09,230 --> 00:04:16,890 This is just a quick example so this entire process of kind of segmenting a heart or a heart of a resource 59 00:04:17,190 --> 00:04:23,100 based on the process that is asking for it is known as names facing with names spacing we are allowed 60 00:04:23,100 --> 00:04:29,250 to isolate resources per a process or a group of processes and we essentially saying that anytime a 61 00:04:29,520 --> 00:04:34,710 this particular process asks for a resource we're going to direct it to this one little specific area 62 00:04:34,980 --> 00:04:36,940 of the given piece of hardware. 63 00:04:36,960 --> 00:04:39,180 Now name spacing is not only used for hardware. 64 00:04:39,180 --> 00:04:42,410 It can be also used for software elements as well. 65 00:04:42,420 --> 00:04:48,420 So for example we can namespace a process to restrict the area of a hard drive that is available or 66 00:04:48,480 --> 00:04:54,510 the network devices that are available or the ability to talk to other processes or the ability to see 67 00:04:54,540 --> 00:04:55,860 other processes. 68 00:04:55,860 --> 00:05:01,230 These are all things we can use namespace for it to essentially limit the resources or kind of redirect 69 00:05:01,230 --> 00:05:07,800 requests for resource from a particular process very closely related to this idea of name spacing is 70 00:05:07,800 --> 00:05:13,980 another feature called control groups a control group can be used to limit the amount of resources that 71 00:05:13,980 --> 00:05:15,930 a particular process can use. 72 00:05:15,990 --> 00:05:21,210 So name spacing is for saying hey this area of the harddrive is for this process a control group can 73 00:05:21,210 --> 00:05:27,720 be used to limit the amount of memory that a process can use the amount of spew the amount of hard drive 74 00:05:27,780 --> 00:05:33,210 input input or input output and the amount of network bandwidth as well. 75 00:05:33,240 --> 00:05:38,280 So these two features put together can be used to really kind of isolate a single process and limit 76 00:05:38,520 --> 00:05:44,700 the amount of resources it can talk to and the amount of bandwidth essentially that it can make use 77 00:05:44,700 --> 00:05:45,000 of. 78 00:05:46,320 --> 00:05:52,140 Now as you might imagine this entire kind of little section right here this entire vertical of a running 79 00:05:52,140 --> 00:05:58,880 process plus this little segment of a resource that it can talk to is what we refer to as a container. 80 00:05:58,920 --> 00:06:03,990 And so when people say oh yeah I have a docker container you really should not think of these as being 81 00:06:03,990 --> 00:06:07,710 like a physical construct that exists inside of your computer. 82 00:06:07,770 --> 00:06:14,430 Instead a container is really a process or a set of processes that have a grouping of resources specifically 83 00:06:14,490 --> 00:06:16,800 assigned to it. 84 00:06:16,800 --> 00:06:19,180 And so this is a diagram that we're gonna be looking at quite a bit. 85 00:06:19,190 --> 00:06:24,690 Anytime that we think about a container we've got some running process that sends a system call to a 86 00:06:24,690 --> 00:06:31,740 kernel the kernel is going to look at that incoming system call and direct it to a very specific portion 87 00:06:31,860 --> 00:06:39,580 of the hard drive the RAM CPE or whatever else it might need and a a portion of each of these resources 88 00:06:39,640 --> 00:06:42,730 is made available to that singular process. 89 00:06:42,730 --> 00:06:48,250 Now the last question you might have here is OK well I get what a container is but with that in mind 90 00:06:48,280 --> 00:06:54,160 what is the real relation between one of those containers or that kind of single singular process and 91 00:06:54,160 --> 00:06:56,590 grouping of resources to an image. 92 00:06:56,590 --> 00:06:59,560 How is that single file eventually create this container. 93 00:06:59,560 --> 00:07:00,220 That's a good question. 94 00:07:00,220 --> 00:07:02,860 One more quick diagram. 95 00:07:02,860 --> 00:07:07,800 Anytime that we talk about an image we're really talking about a file system snapshot. 96 00:07:07,810 --> 00:07:13,780 So this is essentially kind of like a copy paste of a very specific set of directories or files. 97 00:07:13,940 --> 00:07:20,650 And so we might have an image that contains just chrome and python and image will also contain a specific 98 00:07:20,650 --> 00:07:22,190 start up command. 99 00:07:22,210 --> 00:07:26,440 So here's what happens behind the scenes when we take an image and turn it into a container. 100 00:07:26,800 --> 00:07:31,420 First off the kernel is going to isolate a little section of the hard drive and make it available to 101 00:07:31,450 --> 00:07:33,470 just this container. 102 00:07:33,470 --> 00:07:39,670 And so we can kind of imagine that after that little subset is created the file snapshot inside the 103 00:07:39,670 --> 00:07:44,420 image is taken and placed into that little segment of the hard drive. 104 00:07:44,440 --> 00:07:50,230 And so now inside of this old very specific grouping of resources we've got a little section of the 105 00:07:50,270 --> 00:07:57,560 harddrive that has just chrome and Python installed and essentially nothing else the startup command 106 00:07:57,590 --> 00:08:02,360 is then executed which we can kind of imagine this case is like startup Chrome just from Chrome for 107 00:08:02,360 --> 00:08:09,620 me and so Chrome is invoked we create a new instance of that process and that created process is then 108 00:08:09,710 --> 00:08:13,940 isolated to this set of resources inside the container. 109 00:08:13,940 --> 00:08:15,020 So that's pretty much it. 110 00:08:15,020 --> 00:08:20,390 That is the relationship between a container and an image and it's how an image is eventually taken 111 00:08:20,660 --> 00:08:23,110 and turn into a running container. 112 00:08:23,120 --> 00:08:26,660 Now there's still a tremendous amount more to learn about containers and images. 113 00:08:26,660 --> 00:08:29,360 So let's take a quick break and continue in the next section.