Tech Interview Series (DevOps) Part 2: Containers
A series of technical interview questions brought to you by DevOps Engineers.
Containers have taken their place as one of the most powerful paradigms for application development that is in use today and its adoption is still on the rise.
Quick Reminders:
Join our 10-hour Linux Course waiting list ➡️ http://bit.ly/3pEZ4XQ
Subscribe to our YouTube Channel, we are currently working on something, click on the 🔔 so you don’t miss out: CoderCo
By the very nature of containers, developers and engineers can share their software and dependencies easily in environments while eliminating the typical issue of “it works on my machine”. To also make it clear, Docker !=Container. This is a common mistake that is made these days by engineers.
Questions:
What is Docker?
What does containerisation mean?
What is the difference between a container and a VM?
What is the difference between an image and a container?
What is a container image registry?
Is it good practice to run stateful applications on Docker? How can we slightly overcome this problem?
How do containers work at a lower level? (more advanced question)
What are some use cases for containers?
What is the difference between containers and Kubernetes (container orchestration)?
What are some best practice considerations when building containers?
Answers:
What is Docker?
Docker is essentially a containerisation platform that packages your application and all its dependencies together in the form of a container so as to ensure that your application works seamlessly in any environment be it development, test or production.
To also make it clear, Docker !=Container. This is a common mistake that is made these days by engineers.
2. What does containerisation mean?
Containerisation is a type of virtualisation strategy that emerged as an alternative to traditional hypervisor-based virtualisation.
In containerisation, the operating system is shared by the different containers as opposed to having separate virtual machines for each container. Docker provides a container virtualisation plat
3. What is the difference between a container and a VM (virtual machine)?
Containers provide an isolated environment for running applications. The entire used space can be dedicated to a single application. Any changes made inside the container are never reflected on the host or even on other containers running on the same host. Essentially, containers are an abstract of the application layer and each container is a different application.
Compared to VMs, hypervisors provide you with an entire VM to the guest (including the kernel). Virtual machines are essentially an abstraction of the hardware layer and each VM is a physical machine.
4. What is the difference between an image and a container?
A docker image is an immutable file that consists of the application source code, libraries, dependencies and other files needed for the application to run. They represent an application and its virtual environment at a specific point in time and this consistency is one of its greatest features. Allowing devs to test and experiment with software in uniform and stable conditions.
A container is a virtualised run-time environment where users can isolate applications from the underlying system. Containers are portable units where you can start up applications quickly. Unlike VMs where virtualisation happens at the hardware level, containers work on the application layer as discussed in the previous questions.
Images can exist without containers, whereas a container would require an image to exist. Thus, containers rely on images and use them to produce a runtime environment for the application to run.
Both of these stages are vital phases in the process of running a container. The running container is essentially the “final phase” and hence container images are what shapes containers in the way they are.
5. What is a container image registry?
A docker image registry is just a location where container images are kept. Instead of converting apps to containers each time, a dev can use the images stored directly in the registry.
The image registry can be public or private, Docker Hub is currently the most popular and well-known public registry.
6. Is it good practice to run stateful applications on Docker? How can we slightly overcome this problem?
The main issue with stateful applications is that by default they store their state in the containers file-system. Once you want to update your software or move to another machine, it's much harder to retrieve data from there.
So to overcome this, you will need to bind a volume to the container and store any data in the volume.
Answering this question might be more of a discussion as opposed to a straightforward answer; some may totally be against the idea and some will be for it. As you long as you can address the ephemeral nature of containers then you are good to go.
7. How do containers work at a lower level? (more advanced question)
10/15+ years ago, engineers implemented a new Linux kernel level feature called namespaces (the idea of course existed before this). One of the function of the operating system is to allow sharing of global resources like network and disk. Let’s assume these global resources were put in a certain namespace so they can only be seen by processes in the same namespace. Let’s say you wanted to put a chunk of disk memory and put it in namespace A then processes in namespace B cannot see nor access it. This is how isolation is provided for global resources.
This is how containers work at a lower level. Each container runs in its own namespace but uses exactly the same kernel as all other containers. The isolation takes place because the kernel knows the namespace that was assigned to the process and when making API calls, it ensures only processes can only access those in their own namespace otherwise it’s restricted.
8. What are some use-cases for containers?
Containers essentially provides a low overhead to run virtual machines on your local machine or in the cloud.
Containers can be used to build test applications, during your deploy process to facilitate for CI (continuous integration) testing
Containers can be used to “lift and shift” applications into modern cloud architectures
To refactor existing applications for containers.
To provide better support for microservice architectures. Distributed systems and applications can easily be more isolated, deployed and scaled using individually container building blocks.
Easier deployments of repetitive jobs and tasks. Containers are being deployed to support ETL functions or even batch jobs due to their speed and consistency.
9. What is the difference between containers and Kubernetes (container orchestration)?
Docker and Kubernetes are complimentary
Docker provides an open standard for packaging and distributing containerised applications
Whereas, Kubernetes provides for the orchestration and management of containerised applications.
In other words, Kuberenetes provides the infrastructure needed to deploy and run applications built with containers.
10. What are some best practice considerations when building containers?
Aim to create the smallest image possible. You can do this by starting with minimal base images and using the multi-stage builds
Use proper image tags with correct versioning
Package a single application per container
Use official images and those that are verified by well-known container image registries
Optimise caching for image layers when building an image
Ensure to use the least privileged user and only permissions that suffice for the task
Regularly scanning your image for vulnerabilities
Use .dockerignore files. You don’t need everything in the project to run inside the application.
These are just some of the questions you may come across. We can go much deeper into containers and there is so much more to know. I hope this has given you a good intro to how they work and what they are like. Watch out for this space for a deeper dive into container works ✅
Until next time, keep learning! 😃