Container runtimes allocate network namespaces for containers deployed on the host. A network interface (like docker0, bridge, or host) is configured inside the namespace to facilitate the communication with host, the internet, or other containers. The Container Network Interface (CNI) project provides specifications and libraries for implementing a plugin-based solution for managing network interfaces for containers. The runtime executes the CNI plugins provided as binary executable files. A network configuration is passed to the runtime as a JSON file. It contains the details of the CNI plugins and the network interfaces to be configured. ...

Package managers like dnf and apt increase the convenience of installing, updating, and maintaining applications on operating systems. For developers, a package manager provides a standardized way of packaging and distributing their applications. Helm is a package manager for Kubernetes. It is implemented in Go and installed as a binary helm. It interacts with the Kubernetes cluster using Kubernetes API. Charts Helm distributes Kubernetes-based applications in a format called Chart. Charts can deploy all kinds of Kubernetes resources such as Deployments, Pods, Services, Persistent Volumes, etc. ...

An Operator Bundle Image (OBI) is created to package custom resources and metadata associated with an operator. It’s like any other container image only difference is that it couldn’t be executed but it could be distributed through an OCI-compliant image registry. Contents of a bundle image are: Kubernetes Custom Resource Definitions (CRDs) ClusterServiceVersion (CSV) Specification of operator’s dependencies Operator metadata like its name, version, channels, etc. The control loops associated with the operator are defined in its Controller Manager. It is an executable that contains one or more custom controllers. ...

OpenShift provides an Operators section in its web console UI for the installation and management of operators on the cluster. OperatorHub The OperatorHub is an interface for searching and installing operators. It has the following categories of operators: Red Hat Operators: Operators developed and supported by Red Hat. Example: Red Hat Quay Operator Certified Operators: Operators listed by Red Hat’s Independent Software Vendors (ISVs). Example: CockroachDB Operator Red Hat Marketplace Operators: Applications purchased from Red Hat Marketplace available as Operators. Example: Dynatrace Operator Community Operators: Default catalog of Operators maintained by their communities. Example: Infispan Operator OperatorHub fetches the catalog data from an operator installed by default on all clusters called Marketplace Operator. ...

Applications built to be deployed on Kubernetes could be packaged as Operators. Operators automate the process of installation, updates, and management of the application. These automations are defined by developers based on the application’s business logic. An Operator consists of: Custom Resources (CRs) required by the application Custom controller for managing these CRs Control Loop A control loop is an infinite loop for monitoring the state of a system. If the desired state of the system is different from its current state then the control loop makes changes to the system until it reaches its desired state. ...

There is an app for everything and modern app stores have made it extremely convenient to install them on your device. However, some underlying issues need to be discussed Each application has a different set of terms and services. A small subset of users read it and a smaller subset of them will refuse to use the application if they disagree with it. These applications are critical for your daily life but if you lose access to them, there might not be a proper support channel to regain access or retrieve data. ...

Public registries provide container images for most use cases but they might not cover all of them. That’s why container engines such as Podman & Docker and CLI tools like buildah provide utilities for creating custom container images. The build steps are written in a plaintext file called Containerfile and parsed by container engines (or buildah) during the build process. 1 2 3 4 5 6 7 8 # Containerfile FROM node:18-alpine LABEL version="1.0" WORKDIR /app COPY . . RUN yarn install --production CMD ["node", "src/index.js"] EXPOSE 3000 Containerfile Instructions Steps inside the containerfile are defined using instructions such as FROM, RUN, ADD, COPY, etc. Container Engines go through the containerfile line-by-line and perform each step, stacking a new image layer on top of the previous one. ...

A container image is a static file that contains the necessary resources (packages, configuration, other dependencies) required to provision a container. It consists of multiple layered-filesystems and a Manifest file, containing its metadata. Open Container Initiative (OCI) Specification Open Container Initiative was established by The Linux Foundation in 2015 to provide Runtime specification Image specification Distribution specification for container images. A container image created from OCI Image specification should have ...

Container Engines like Podman and Docker provide GUI and CLI utilities for managing the state of containers. They also provide features such as container image management, metrics, logging, and debugging tools. The examples in this article use Podman but CLI commands are mostly interoperable with Docker. We can install Podman on your system by following the steps in Podman Installation Instructions. Podman also provides a graphical interface for managing containers, images, and other resources called Podman Desktop. ...

To isolate the processes running inside a container from its host system, container engine uses the following four features: Namespaces Control Groups Secure Computing Security-Enhanced Linux Namespaces Namespaces are created to limit the reach of a container to its host’s resources. It helps with security and well as limits resources available to the container. Linux command lsns could be used for listing details of namespaces. The namespaces essential for containers are User, Mount, Unix Timesharing System, Process ID, Network, and Inter-Process Communication. ...