Containerization

Author: Peter Boy (pboy) | Creation Date: 2021-03-10 | Last update: 2021-03-26 | Related Fedora Version(s): 34

Work in progress. Coming soon

Planned content:

(Preliminary note)

  • Currently on everyone’s lips, prominent subject of public discussion

  • Often equated with "Docker"

  • But: One size doesn’t fit all. There are alternatives, some with a different application profile.

  • Fedora Server supports and allows several alternatives that can be used depending on the local / user’s requirement profile.

Overview

  • All containers on a system use the same kernel

  • Some kind of isolation using kernel capabilities (cname, etc) to isolate processes from each other

  • Differences in implementations, toolset, environment, community

  • system container vs application container (main feature existence of an init system)

Podman

  • application container

  • security enhancement: no root privileges required

  • optimized for interaction of several containers to perform a task

  • same container image as Docker, mutually usable

  • natively supported by Fedora Server

Docker

  • application container

  • dependent on a Damon with ROOT privileges

  • huge trove of pre-built containers for all sorts of software

  • no native support for Fedora Server, but a vendor repository maintained for Fedora

LXC (libvirt)

  • system container

  • support of container runtime based on kernel capabilities

  • rough toolset support (requires composing various xml files)

  • natively supported by Fedora Server (via libvirt as default virtualization tool)

LXC (linux containers)

  • system container

  • one of the first implementations of containers

  • system containers

  • originally base of Docker

  • complete toolset, container images, community

  • natively supported by Fedora Server (just LTS versions)

LXD (linux containers)

  • system container

  • LXC with advanced toolset

  • not natively supported by Fedora, but a COPR project available

  • vendor support for Fedora by third party package manager

systemd-nspawn container

  • system container and also configurable as a kind of application container

  • rather new development

  • toolset highly integrated into systemd system management

  • "lightweight virtual machine"

  • natively supported by Fedora Server

Linux Vserver

  • requires modified kernel

  • no native Fedora Server support

OpenVZ

  • Uses a self customized version of RHEL / CentOS

  • Not applicable for Fedora Server

These nice people helped write this page:

Peter Boy, Jan Kuparinen

Want to help? Learn how to contribute to Fedora Docs.