Virtualization

• Multiple virtual machines (VMs) operate independently on a single physical

hardware system.
• Virtualization is the ability to run multiple operating systems on a single physical
system and share the underlying hardware resources
• It is the process by which one computer hosts the appearance of many computers.
• Virtualization is used to improve IT throughput and costs by using physical
resources as a pool from which virtual resources can be allocated
• Virtualization refers to the partitioning the resources of a physical system (such as
computing, Storage, Network and Memory) into multiple virtual resources.

• In cloud computing, resources are pooled to serve multiple users

• The physical resources such as computing, storage, memory and network

resources are virtualized.

• The virtualization layer partitions the physical resources into multiple virtual
machines
• Virtualization technology is a key component of cloud computing, particularly for
infrastructure-based services.
• It enables the creation of secure, customizable, and isolated execution
environments for running applications, even untrusted ones, without impacting
others.
• This is achieved through the ability of software and hardware to emulate a
separate execution environment, such as running Windows OS on a virtual
machine hosted on Linux OS.
• Virtualization supports the development of elastically scalable systems, allowing
for cost-effective, on-demand provisioning of additional capabilities.
• Virtualization is a large umbrella of technologies and concepts that are meant to
provide an abstract environment—whether virtual hardware or an operating
system—to run applications.

• This term is often synonymous with hardware virtualization, which plays a

fundamental role in efficiently delivering Infrastructure-as-a-Service solutions for
Cloud computing
Major Reasons for Virtualization
• Increased Performance and Computing Capacity
• Underutilized Hardware and Software Resources.
• Lack of Space.
• Greening Initiatives
• Rise of Administrative Costs
Increased Performance and Computing Capacity.

• Nowadays, the average end-user desktop PC is powerful enough to fulfill almost

all the needs of everyday computing, and there is an extra capacity that is rarely
used.

• Supercomputers can provide an immense compute power that can accommodate

the execution of hundreds or thousands of virtual machines
Underutilized Hardware and Software Resources

• Computers today are so powerful that in most cases only a fraction of their
capacity is used by an application or the system.

• Moreover, if we consider the IT infrastructure of an enterprise, there are a lot of

computers that are partially utilized, while they could have been used without
interruption on a 24/7/365 basis.
Lack of Space.

• The continuous need for additional capacity, whether this is storage or compute
power, makes data centers grow quickly.

• Companies like Google and Microsoft expand their infrastructure by building data
centers, as large as football fields, that are able to host thousands of nodes.
Rise of Administrative Costs.

• Power consumption and cooling costs have now become higher than the cost of
the IT equipment. Moreover, the increased demand for additional capacity, which
translates into more servers in a data center, is also responsible for a significant
increment in the administrative costs.

• Common system administration tasks include

• Hardware monitoring; defective hardware replacement; server setup and updates;
server resources monitoring; and backups.

• These are labor-intensive operations, and the higher the number of servers that
have to be managed, the higher the administrative costs.

• Virtualization can help in reducing the number of required servers for a given
workload, thus reducing the cost of the administrative personnel.
Greening Initiatives.

• Recently, companies are increasingly looking for ways to reduce the amount of
energy they consume and to reduce their carbon footprint.
• Data centers are one of the major power consumers and contribute consistently to
the impact that a company has on the environment.
• Maintaining a data center operational does not only involve keeping servers on,
but a lot of energy is also consumed for keeping them cool
Components of Virtualized Environment

• In a virtualized environment, there are three major components: guest, host, and
virtualization layer,

• The guest represents the system component that interacts with the
virtualization layer
• The host represents the original environment where the guest is supposed to be
managed.
• The virtualization layer is responsible for recreating the same or a different
environment where the guest will operate.
• Characteristics of Virtualized Environments

• Increased Security
• Managed Execution
• Sharing
• Aggregation
• Emulation
• Isolation
• Portability
Increased Security
• Virtual machines act as intermediaries, translating guest operations to the host.

• This setup enhances control and security by allowing the virtual machine manager
to filter guest activities, preventing harmful actions.

• It also ensures host resources and sensitive information are protected without
complex security policies.

• This is particularly useful for running untrusted code, such as Internet-downloaded

applets in a sandboxed Java Virtual Machine (JVM), which restricts their access to
the host system's resources.
Managed Execution:
• Sharing: Virtualization allows the creation of a separate computing environment within the same host

• Aggregation: A group of separate hosts can be tied together and represented to guests as a single virtual
host.

• Emulation: enables guest systems to operate in a controlled environment managed by the

virtualization layer.
• This allows the virtualization layer to emulate environments and hardware characteristics that differ
from the host system.
• This capability is especially useful for testing software on various platforms,
• Example :emu8086.

• Isolation: Allowing multiple guests to run separately on the same host without interference
while protecting the host from harmful guest operations.
• Additionally, it supports performance tuning, resource control, and features like virtual machine
migration, enhancing efficiency and service quality in data centers.
• Portability in virtualization enables virtual images to be moved and executed across
different virtual machines, provided the specific virtual machine manager is available.

• Programming-level virtualization, like JVM or .NET runtime, allows applications to

run on various platforms without recompilation, simplifying deployment.

• This flexibility ensures users can carry and use their systems anywhere, as long as the
required virtual machine manager is present.
 Taxonomy of Virtualization Techniques

• Taxonomy of Virtualization Techniques refers to the classification and organization of

different methods and technologies used to implement virtualization.

• These techniques are grouped based on how they abstract, emulate, or virtualize physical
resources, enabling the creation of virtual environments.
• Virtualization is classified based on the service or entity being emulated, focusing on
execution environments, storage, and networks.

• Execution virtualization, the most developed category, is further divided into two types:
Process-level techniques, which run on an existing operating system, and System-level
techniques, which run directly on hardware with minimal OS support.

• These techniques offer varying levels of virtual environments, such as bare hardware, OS
resources, programming languages, or application libraries.
• Process-level virtualization is a lightweight form of virtualization that isolates
processes within a single operating system environment. It allows multiple
isolated applications or tasks (often referred to as containers) to run as though
they are separate systems

• System-level virtualization, often referred to as full virtualization or

hypervisor-based virtualization, creates virtual machines (VMs) that run entire
operating systems
1. Based on Resource Type
• Hardware Virtualization:
• Focuses on virtualizing physical hardware.
• Examples: Hypervisors like VMware, VirtualBox, and KVM.
• Storage Virtualization:
• Combines multiple physical storage devices into a single, unified virtual
storage.
• Examples: Storage Area Networks (SANs).
• Network Virtualization:
• Abstracts physical network infrastructure to create virtual networks.
• Examples: VLANs, SDN (Software-Defined Networking).
2. Based on Level of Virtualization
• Full Virtualization:
• Emulates the entire hardware, allowing unmodified guest operating systems to
run.
• Example: VMware Workstation.
• Para-Virtualization:
• Guest operating systems are aware of the virtualization environment and
optimized to run on it.
• Example: Xen.
• OS-Level Virtualization:
• Multiple isolated instances (containers) run on a single operating system
kernel.
• Example: Docker, LXC.
3. Based on Technology
• Hypervisor-Based Virtualization:
• Uses a software layer called a hypervisor to manage virtual machines.
• Examples: Type 1 (bare-metal) hypervisors like VMware ESXi;
• Type 2 (hosted) hypervisors like VirtualBox.
• Emulation:
• Simulates hardware entirely in software, allowing software for one
architecture to run on another.
• Example: QEMU.emu8086
• Binary Translation:
• Dynamically translates instructions for compatibility between the guest and
host.
• Example: VMware Player.
4. Based on Use Cases
• Application-Level Virtualization:
• Virtualizes only specific applications.
• Example: Wine for running Windows applications on Linux.
• Desktop Virtualization:
• Virtualizes desktop environments.
• Example: Citrix Virtual Apps and Desktops.
• Server Virtualization:
• Divides physical servers into multiple virtual servers.
• Example: VMware vSphere
5. Based on Execution Environment

• Programming-Level Virtualization:
• Abstracts runtime environments for applications.
• Examples: JVM (Java Virtual Machine), .NET CLR.

• Process-Level Virtualization:
• Virtualizes individual processes.
• Example: Chroot.
 Execution Virtualization
• The Machine Reference Model provides a structured framework for understanding the
virtualization of computing environments across different layers of the computing stack.
• This model defines the interfaces and abstraction layers
• Key components include
• Instruction Set Architecture (ISA)
• Application Binary Interface (ABI)
• Application Programming Interface (API)
• Security and Privilege Levels
• Execution Modes
• Hypervisor
Instruction Set Architecture (ISA):
• The lowest layer defines hardware interaction, including processor instructions,
registers, memory, and interrupts.
• ISA is essential for OS developers (System ISA) and application developers (User
ISA).
Application Binary Interface (ABI):
• ABI separates the operating system from applications and libraries.
• It includes details like low-level data types, alignment, and system call formats,
ensuring application portability across OS implementations with the same ABI.
Application Programming Interface (API):
• Represents the highest level of abstraction, linking applications with libraries and
the OS.
• Operations initiated at the API level rely on ABI and ISA to translate high-level
instructions into machine-level operations.
Security and Privilege Levels:
• The model divides machine instructions into privileged and non-privileged
categories.
• Privileged instructions handle sensitive operations, while non-privileged ones
perform tasks without accessing shared resources.
• Modern systems implement a ring-based security model, with Ring 0 (most
privileged) for the OS kernel and Ring 3 (least privileged) for user applications.
Execution Modes:
• Supervisor (Kernel) Mode: All instructions, including privileged ones, can be
executed without restrictions, primarily by the OS or hypervisor.
• User Mode: Access to machine-level resources is restricted. Attempts to execute
privileged instructions trigger hardware interrupts.
Role of the Hypervisor:
• Operates conceptually above the supervisor mode to manage multiple virtual
environments.
• Early ISAs allowed certain sensitive instructions to run in user mode, posing
virtualization challenges. Modern ISAs (e.g., Intel VT and AMD Pacifica) have
resolved these by enforcing privileged execution for all sensitive instructions.
Hardware-Level Virtualization
Hardware-level virtualization is a technique that creates an abstract execution
environment mimicking physical hardware, enabling guest operating systems to run
on it.
Key components include:

•Guest: The operating system running on the virtual environment.

•Host: The physical computer hardware.
•Virtual Machine (VM): The emulated hardware environment.
•Hypervisor: A program or combination of software and hardware that abstracts
and manages the underlying physical hardware, facilitating virtualization.

This approach enables efficient resource utilization and isolation between multiple
operating systems on the same hardware.
Hypervisors are central to hardware virtualization, acting as Virtual Machine Managers
(VMM) to create and manage virtual hardware environments where guest operating
systems can run.
Types of Hypervisors
• Type I (Native Hypervisors):
• Run directly on physical hardware, replacing the operating system.
• Interact with the hardware's Instruction Set Architecture (ISA) interface to manage
guest operating systems.
• Example: VMware ESXi, Microsoft Hyper-V.
• Type II (Hosted Hypervisors):
• Operate as applications within an existing operating system.
• Use the Application Binary Interface (ABI) of the host OS to emulate the ISA for
guest operating systems.
• Example: VMware Workstation, Oracle VirtualBox.
Key Components of a Hypervisor

• Dispatcher: Entry point for the virtual machine, rerouting its instructions to the
appropriate module.
• Allocator: Manages system resources allocated to the VM and adjusts them as
needed.
• Interpreter: Executes routines for privileged instructions by triggering traps when
such instructions are executed.
Requirements for Effective Virtualization

Based on Goldberg and Popek's 1974 criteria, a hypervisor must ensure:

• Transparency: Guest OS operates as though it is running on actual hardware.

• Efficiency: Most operations execute directly on the hardware without the
hypervisor's intervention.
• Resource Control: Hypervisor fully manages the hardware resources assigned to
the guest OS.
• The Popek and Goldberg Virtualization Theorems define the conditions under
which hardware-level virtualization can be efficiently implemented

Theorem 1:

• Virtualization is possible if all sensitive instructions (those altering system

resources) are a subset of privileged instructions.
• This theorem establishes that all the instructions that change the configuration of
the system resources should trap from the user mode and be executed under the
control of the virtual machine manager.
• Ensures efficient resource control and equivalence, as non-sensitive instructions
run directly on hardware without hypervisor intervention.
Theorem 2:

• A system is recursively virtualizable if:

• It supports virtualization, and

• A VMM without timing dependencies can be constructed.

• Recursive virtualization allows one VMM to run on top of another, enabling

nested hypervisors as long as system resources are sufficient.
• Theorem 3:

• A Hybrid VMM (HVM) can be constructed if user-sensitive instructions are a

subset of privileged instructions.
• HVM (Hybrid Virtual Machine) refers to a virtualization approach where
some instructions, particularly sensitive ones, are interpreted or emulated
rather than directly executed by the hardware.
• This method is used in situations where full hardware support for
virtualization is not available or when the set of sensitive instructions cannot
be entirely managed by trapping them as privileged instructions.
• HVM is less efficient than traditional virtualization because it interprets more
instructions. Sensitive instructions are simulated or controlled via traps.
Operating System Level Virtualization:
• Operating system level virtualization creates isolated execution environments
within a single OS without needing a hypervisor.
• The OS kernel manages resource sharing and limits the impact of instances on
each other.
• Each user space instance has an isolated file system view, IP addresses, software
configurations, and device access.

• Evolution: This technique evolved from the chroot mechanism in Unix, which isolates
processes by changing their root directory.
• Efficiency: Unlike hardware virtualization, this method imposes minimal overhead since
applications directly use system calls without emulation or modification.
• Limitations: All user space instances share the same OS, reducing flexibility compared to
hardware virtualization.

Examples: FreeBSD Jails, IBM LPAR, Solaris Zones, Parallels Virtuozzo

Programming-Language-Level Virtualization:
• Programming-language-level virtualization simplifies application deployment,
managed execution, and cross-platform portability by using virtual machines to
execute byte code, a binary format representing machine code for an abstract
architecture.

• NET framework
• The Java virtual machine was originally designed for the execution of
programs written in the Java language but other languages such as Python,
Pascal, Groovy, and Ruby were made available

• The main advantage of programming-level virtual machines, also called process

virtual machines, is the ability of providing a uniform execution environment
across different a platforms.
• Programs compiled into byte code can be executed on any operating system, and a
platform, for which a virtual machine able to execute that code, has been provided
Application-Level Virtualization, also known as Application Virtualization,
refers to the technique of abstracting the application layer from the underlying operating
system. This allows applications to run in a virtualized environment, separated from the
physical hardware and OS dependencies. Here's how it works and its key components:

Key Concepts:
• Isolation: Applications are encapsulated in a virtual container, which includes the
application files, settings, libraries, and dependencies. This container is isolated from the
underlying OS and other applications, preventing conflicts and ensuring a consistent
runtime environment.
• Portability: Virtualized applications can be easily moved and run on different operating
systems and hardware without modification. This is because the virtualization layer
abstracts the hardware and OS specifics.
• Ease of Deployment: Applications can be deployed more efficiently as they do not
require installation in the traditional sense. Users can run the virtualized applications
directly from the container.
• Simplified Management: It simplifies application updates, patches, and maintenance as
the changes can be made to the virtual container without affecting the host OS or other
applications.
Other Types of Virtualization

• Storage Virtualization

• Network virtualization

• Desktop virtualization

• Application-server virtualization
Storage Virtualization:

• Storage virtualization is a system administration practice that separates the physical

hardware organization from its logical representation, allowing users to access data
through logical paths without concern for its physical location.

• This technique consolidates various storage facilities under a single logical file system.

• Storage Area Networks (SANs), which provide storage access over a high-bandwidth
network connection.
Network Virtualization

• It involves using hardware and software to create and manage virtual networks.

• It can either combine multiple physical networks into a single logical network
(external network virtualization) or provide network-like functionality within an
operating system partition.
Network virtualization can take two forms:

• External Network Virtualization: It aggregates different physical networks into a

single logical network, often resulting in the creation of Virtual LANs (VLANs),
where devices communicate as if they are on the same physical network.

• Internal Network Virtualization: It provides network-like functionality within a

virtualized environment, allowing virtual machines or containers to communicate
over virtual network interfaces.
• This can involve using the host's network interface with NAT, creating additional
emulated network devices, or establishing private networks for virtual environments.
• Desktop virtualization abstracts the desktop environment of a personal computer
to allow remote access through a client-server approach.

• Unlike hardware virtualization, which focuses on running multiple operating

systems on a single machine, desktop virtualization provides access to a desktop
environment that is stored remotely.

• We can run multiple desktop instances on a single server.

• examples of desktop virtualization platforms include Citrix XenDesktop,

VMware Horizon, and Microsoft Remote Desktop Services (RDS).
• Application-server virtualization

• Abstracts multiple application servers into a single virtual server using load
balancing and high availability strategies.

• This ensures better service quality, similar to storage virtualization, without

emulating a different environment.
Virtualization and Cloud Computing

• Virtualization is essential in cloud computing, providing customization, security,

isolation, and manageability necessary for delivering IT services on demand.
• It is mainly used for configurable computing environments and storage, with
network virtualization as a supplementary feature.
• Key virtualization techniques in cloud computing include hardware virtualization for
Infrastructure-as-a-Service (IaaS) and programming language virtualization for
Platform-as-a-Service (PaaS).
• Virtualization supports isolated environments, enabling resource sharing without
interference, which is beneficial for underutilized resources.
• This leads to server consolidation, reducing active resources by grouping virtual
machines, and virtual machine migration, including live migration, which moves
running instances with minimal disruption.
• Virtualization enhances resource efficiency by allowing isolated environments to share
resources without interference, known as server consolidation. Virtual machine
migration can occur as live migration, minimizing disruptions.

• Storage Virtualization complements execution virtualization, enabling dynamic, secure,

and easily accountable virtual storage services.

• Lastly, Cloud computing reintroduces desktop virtualization, allowing the entire

computing stack to be accessed via thin clients, enhancing flexibility and accessibility.
Pros and Cons of Virtualization

• Virtualization has become popular, especially in cloud computing, due to

advancements in technology and internet connectivity, which have overcome
previous performance barriers.

• It offers benefits like on-demand IT infrastructure and services but also comes
with drawbacks.
 Advantages
• The key advantages of virtualization include managed execution and isolation, which
enhance security and control by creating secure, sandboxed environments.

• Resource allocation is simplified, allowing fine-tuning crucial for server consolidation

and quality of service.

• Portability is another benefit, as virtual machine instances can be easily moved and are
self-contained, simplifying administration and reducing maintenance costs.

• Virtualization also enables efficient resource usage, allowing multiple systems to share
underlying host resources securely, supporting dynamic adjustment of physical resources
to save energy and reduce environmental impact.
Disadvantages

• Performance degradation is a major concern in virtualization due to the abstraction layer

between the guest and host, causing increased latencies and delays.

• In hardware virtualization, performance issues stem from activities like maintaining

virtual processor status, simulating privileged instructions, and resource sharing with the
host.

• Higher-level virtualization, such as in programming language virtual machines (e.g., Java,

.NET), experiences slowdowns from binary translation and filtered resource access.

• However, advancements like paravirtualization and native code compilation have helped
mitigate these issues.
Inefficiency and Degraded User Experience

• Virtualization can lead to inefficient host usage and degraded user experiences due
to limited access to specific host features.
• In hardware virtualization, device drivers may only provide default features,
restricting access to advanced host capabilities.
• In programming-level virtual machines, some OS features may be inaccessible
without special libraries.
• Security Holes and New Threats

• Virtualization introduces new security risks, such as advanced phishing attacks and
malware like BluePill and SubVirt, which exploit the ability to emulate hosts
transparently.
• These malicious programs can preload themselves before the OS, acting as virtual
machine managers to extract sensitive information.
• The rise of such threats is partly due to hardware initially not being designed for
virtualization.
Containers and Container Orchestration
Simplifying Application Deployment and Management
Definition

• A container is a lightweight, portable, and self-sufficient environment that packages an

application and its dependencies (libraries, binaries, configuration files) together.

• Containers ensure that the application runs consistently across different computing
environments, from development to testing and production.
Key Features of Containers
• Isolation: Applications in containers run independently from the host system and
other containers.
• Portability: Containers can run on any platform that supports container runtimes
like Docker.
• Efficiency: Containers use shared resources of the host OS, making them more
lightweight compared to virtual machines.
• Consistency: Containers ensure that the application runs in the same environment
regardless of where it is deployed. This eliminates the risk of any unexpected
behavior due to environmental differences.
• Fast deployment: Containers enable fast deployment of applications, as they can
be easily created, started, and stopped within seconds.
Example: Packaging a Python Application
•Imagine you’re developing a Python web app that requires:
•Python 3.10
•Flask library
•A specific configuration file (config.json).
• Without containers, you might face challenges like dependency conflicts or
runtime mismatches when deploying the app to different machines.
• With containers, this process becomes seamless.
Difference between Virtual Machines and containers.

Virtual Machines (VMs) Containers

Each VM runs its own OS. Therefore,

Containers can boot up in milliseconds.
it can take minutes to boot up.

VMs occupy more space in gigabytes Containers do not take much disk space.
in the disk. They take space in megabytes.

Containers are more portable. They are

VMs are portable and can move
smaller in size, boot up in less time.
between physical systems running the
Docker containers can be run on any
same hypervisor.
container service.
Steps to Create a Container:

Step 1: Write a Dockerfile: The Dockerfile defines the environment for the application.

Step 2: Build the Docker Image

Step 3: Run the Container

Before Containers:

•Dependencies and runtime have to be manually installed on each system.

•Possible conflicts when running on different operating systems.

With Containers:

•A single Docker image contains everything needed for the app to run.
•The container can run anywhere with Docker installed.
Improved resource utilization:

• Containers are more lightweight than virtual machines, as they do not require a
full operating system for each container.
• This means that you can run more containers on a single physical or virtual
machine, which can improve resource utilization and reduce costs.

Greater portability and flexibility:

• Allow you to package an application and all of its dependencies in a single

package, making it easy to deploy the application on any machine that is running a
container runtime.
• This makes it easy to move applications between different environments, such as
between different cloud providers or on-premises environments.
Easier scalability and management:

• Container orchestration tools, such as Kubernetes, make it easy to deploy and manage
containerized applications at scale.
• These tools provide features such as automatic scaling, rolling updates, and self-healing,
which can make it easier to scale applications up or down as needed.

Enhanced security:

• Containers provide an additional layer of security, as they isolate applications from each other
and from the host operating system.
• This can help to reduce the risk of vulnerabilities or attacks that may impact multiple
applications or the underlying infrastructure.
Key components and concepts related to containerization in cloud
computing
• Containers: These are lightweight, portable, and executable software packages that
contain everything needed to run an application, including code, runtime, system
tools, libraries, and settings.
• Docker: Docker is a popular platform for containerization that simplifies the
creation, deployment, and management of containers.
• It provides tools and a runtime environment to build and run containers efficiently.
• Container Orchestration: Container orchestration tools, such as Kubernetes,
Docker Swarm, and Amazon ECS, manage the deployment, scaling, and automation
of containerized applications across a cluster of machines or cloud instances.
• Portability and Consistency: Containers ensure consistent performance and
behavior across various environments, allowing developers to build applications that
can run seamlessly on different cloud platforms or on-premises infrastructure.
• Resource Efficiency: Containers share the host operating system’s kernel,
enabling them to use resources more efficiently than traditional virtual machines
(VMs). They start up faster and consume fewer resources, leading to better
resource utilization.
• Microservices Architecture: Containerization facilitates the adoption of
microservices architecture by allowing applications to be broken down into
smaller, loosely coupled services, each running in its own container.
• DevOps Practices: Containers play a significant role in DevOps workflows,
enabling continuous integration and continuous deployment (CI/CD) pipelines.
• Isolation and Security: Containers use mechanisms like namespaces and control
groups to provide isolation between applications running on the same host.
However, proper security practices and measures are essential to mitigate potential
risks.
Container Services in Cloud Platforms
1.Amazon Web Services (AWS):
o Amazon ECS: Elastic Container Service.
o Amazon EKS: Elastic Kubernetes Service.
o AWS Fargate: Serverless container hosting.
2.Google Cloud:
o Google Kubernetes Engine (GKE): Managed Kubernetes service.
o Cloud Run: Serverless container execution.
3.Microsoft Azure:
o Azure Kubernetes Service (AKS).
o Azure Container Instances (ACI): For lightweight containers.
Container Orchestration

• A software platform that automates the deployment, management and scaling, etc.
of the containers is called a Container Orchestration.

Popular Tools:
• Kubernetes
• Docker Swarm
• Apache Mesos
Why Container Management?

The benefits are:

•Building using containers is becoming the standard:
•It is an integral part of cloud architecture.
•Creates new ways to package, deploy and manage software
•Centralizes software management
•Fosters standardized deployment platform
Orchestration tools manage the lifecycle of containers, ensuring high availability,
load balancing, and fault tolerance.

Key Functions:

Scaling: Add or remove containers based on demand.

Scheduling: Allocate resources (CPU, memory) to containers and decide where they
run.
Networking: Enable communication between containers.
Monitoring: Track the health and performance of containers.
Docker
• Docker is a set of Platforms as a service (PaaS) products that use Operating system-level
virtualization to deliver software in packages called containers.

• Containers are isolated from one another and bundle their own software, libraries, and
configuration files; they can communicate with each other through well-defined
channels.

• Docker is an open-source containerization platform by which you can pack your

application and all its dependencies into a standardized unit called a container.

• We can run the docker image as a docker container in any machine where docker is
installed without depending on the operating system.
Key Features:

• Portability: Docker facilitates the developers in packaging their applications with

all dependencies into a single lightweight containers.
• Reproducibility: Through encapsulating the applications with their dependencies
within a container it ensures in software setups remaining consistent across the
development, testing and production environments.
• Efficiency: Docker through its container based architecture it optimizes the
resource utilization. It allows the developers to run the multiple isolated
applications on a single host system.
• Scalability: Docker’s scalability features facilitated the developers in making
easier of their applications handling at time of workloads increment.
Key Components of Docker

• Docker Engine: It is a core part of docker, that handles the creation and
management of containers.
• Docker Image: It is a read-only template that is used for creating containers,
containing the application code and dependencies.
• Docker Hub: It is a cloud based repository that is used for finding and sharing the
container images.
• Docker file: It is a script that containing instructions to build a docker image.
• Docker Registry : It is a storage distribution system for docker images, where you
can store the images in both public and private modes.
Fast, Consistent Delivery of Applications
• Docker streamlines the development lifecycle
• Containers are great for continuous integration and continuous delivery (CI/CD)
workflows.
• Consider the following example scenario:

• Developers write code locally and share their work with their colleagues using
Docker containers.
• They use Docker to push their applications into a test environment and run
automated and manual tests.
• When developers find bugs, they can fix them in the development environment
and redeploy them to the test environment for testing and validation.
• When testing is complete, getting the fix to the customer is as simple as
pushing the updated image to the production environment.
Docker Architecture

• Docker uses a client-server architecture.

• The Docker client talks to the Docker daemon, which does the heavy lifting of
building, running, and distributing your Docker containers.

• The Docker client and daemon can run on the same system, or you can connect a
Docker client to a remote Docker daemon.

• The Docker client and daemon communicate using a REST API, over UNIX
sockets or a network interface.
• The Docker Engine is the heart of the Docker platform. It comprises two main
components:

• Docker Daemon (dockerd): The Docker daemon runs on the host machine and is
responsible for managing Docker objects, such as images, containers, networks,
and volumes.

• Docker Client: The Docker client is a command-line interface (CLI) tool that
allows users to interact with the Docker daemon through commands. Users can
build, run, stop, and manage Docker containers using the Docker CLI.
Docker Images:
• Docker images are the building blocks of containers.

• They are read-only templates that contain the application code, runtime, system
tools, libraries, and other dependencies.

• Docker images are created from Dockerfiles, which are text files containing
instructions for building the image layer by layer.
Docker Containers:
• Docker containers are runnable instances of Docker images.
• They encapsulate the application and its dependencies, providing an isolated
environment for execution.
• Containers can be created, started, stopped, moved, and deleted using Docker
commands.
Docker Registry:

• Docker Registry is a centralized repository for storing and sharing Docker images.
• The default public registry is Docker Hub, where users can find a vast collection
of images.
• Organizations can also set up private registries to store proprietary images
securely.
• With the help of docker run or docker pull commands, we can pull the required
images from our configured registry.
• Images are pushed into configured registry with the help of the docker
push command.
Docker Compose:
• Docker Compose is a tool for defining and running multi-container Docker
applications.

• It uses a YAML file (docker-compose.yml) to specify services, networks, volumes,

and other configurations required for the application.

• Docker Compose simplifies the management of complex applications composed

of multiple interconnected containers
Docker Volumes:

• Docker volumes are used for persisting data generated by and used by Docker
containers.

• They provide a way for containers to store and share data independently of the
container lifecycle, ensuring data persistence and portability.
Docker Networking:

• Docker provides networking capabilities for containers to communicate with each

other and with external networks.
• It uses software-defined networks (SDN) to create virtual networks, enabling
connectivity and isolation.
• Users can create custom networks, connect containers to networks, and define
network policies using Docker commands or Docker Compose.
Docker Container Lifecycle Management.
Create Containers
• Using the docker create command will create a new Docker container
with the specified docker image.
Start Container
• To start a stopped container, we can use the docker start command.
Run Container
• The docker run command will do the work of both “docker create” and “docker
start” command. This command will create a new container and run the image in
the newly created container.
 Pause Container
• If we want to pause the processes running inside the container, we
can use the “docker pause” command.

• To unpause the container, use “docker unpause” command.

Stop Container
• Stopping a running Container means to stop all the processes running in
that Container. Stopping does not mean killing or ending the process.
Delete Container
• Removing or deleting the container means destroying all the
processes running inside the container and then deleting the
Container.
• It’s preferred to destroy the container, only if present in the stopped
state instead of forcefully destroying the running container.
Kubernetes(K8s)

• Kubernetes is an open-source Container Management tool that automates

container deployment, container scaling, descaling, and container load balancing

(also called a container orchestration tool)

 Docker Vs Kubernetes
Docker Kubernetes
Docker is a tool that is used to automate the
deployment of applications in lightweight Kubernetes is an open-source platform used for
containers so that applications can work maintaining and deploying a group of containers
efficiently in different environments

Apps are deployed in the form of

Applications are deployed as a combination of
services(Process)
pods, Deployment, and services

Docker does not support auto-scaling It supports auto-scaling of the container in a

cluster
Enterprise level standard(cluster based)
Single Host system

Auto Healing not supported

Auto Healing supported

Load balancing not supported Load balancing supported

• Kubernetes is an open-source container orchestration platform.
• It automates deployment, scaling, and management of containerized applications.

Why Kubernetes?

• Manages containers across multiple hosts.

• Ensures high availability, scalability, and resilience.
Features of Kubernetes

• Automated Scheduling: Automatically places containers based on resource

requirements.

• Self-Healing: Restarts failed containers and replaces them.

• Load Balancing: Distributes network traffic to ensure stability.

• Scaling: Automatically scales applications up or down based on demand.

Kubernetes Architecture

• Overview: Kubernetes follows a master-worker node architecture.

Components:

• Master Node: Controls and manages the cluster.

• Worker Node: Runs the actual applications.

Master C o m p o n e n t s

● Kube-apiserver
● Etcd
● Kube-controller-manager
● Cloud-controller-manager
● Kube-scheduler
Master Node Components

• API Server: Front-end for the Kubernetes control plane.

• Scheduler: Assigns workloads to worker nodes.
• Controller Manager: Manages controllers (e.g., node controller, replication
controller).
• etcd: A key-value store for cluster data.
• The API Server is the central part of the Kubernetes architecture. Think of it
as the "front desk" or "gateway" of Kubernetes. It handles all
communication between users, applications, and different components within
the Kubernetes system.
Role of the API Server:
• Receives Requests: When you (or any tool) want to create, update, or delete
resources like pods, services, or deployments, you send a request to the API Server
(usually using kubectl or REST API calls).
• Processes and Validates: The API Server checks if the request is valid. It ensures
the data is correct and the person or system making the request has the right
permissions.
• Stores Information: Once the request is valid, the API Server stores the
information in etcd (the Kubernetes database) where the current state of the cluster
is saved.
• Communicates with Other Components: It informs other components like the
Scheduler, Controller Manager, and Kubelets about changes, so they can take
action (like starting a new pod).
• Acts as a Gateway: The API Server is the only way to interact with the
Kubernetes cluster. It provides a secure, controlled, and consistent way for both
users and internal components to communicate.
• A controller is like an automated manager.
• It watches over specific parts of the cluster and takes action to maintain the
desired state.
• For example, if a pod crashes, the controller will detect it and create a new pod to
replace it.
• The Kubernetes Controller Manager is a daemon (background process) that
runs multiple controllers together in a single process to manage different aspects
of the cluster.
Key Controllers Managed:
• Node Controller:
• Monitors the health of worker nodes.
• If a node goes down or becomes unresponsive, it marks the node as unhealthy
and starts moving the workload to healthy nodes.
• Replication Controller (or ReplicaSet Controller):
• Ensures the desired number of pod replicas are running at all times.
• If a pod crashes or is deleted, it automatically creates a new one.
• Deployment Controller:
• Manages rolling updates and rollbacks for applications.
• Helps deploy new versions of applications without downtime.
• Job Controller:
• Manages batch jobs that are supposed to run once and finish successfully.
• It ensures the job runs to completion, restarting it if needed.
• etcd is a key-value database that Kubernetes uses to store all the important
data about the cluster.
• Think of it as the "brain" or "memory" of Kubernetes, where it keeps track of
everything happening in the system.

What Does etcd Store?

• Information about nodes, pods, deployments, services, etc.

• Configuration data and the current state of the cluster.
• Details like who’s running, what’s running, and where it’s running.
• The cloud-controller-manager is a background process (or daemon) in
Kubernetes responsible for managing interactions between the Kubernetes cluster
and the cloud provider (like AWS, Azure, or Google Cloud).

• It acts as a bridge, enabling Kubernetes to understand and work with the resources
and services offered by different cloud platforms.

• The cloud-controller-manager contains cloud-provider-specific logic, allowing

Kubernetes to perform tasks like creating load balancers, attaching storage
volumes, and managing networking components in the cloud.
• The Kube Scheduler is a key component of Kubernetes that is responsible for deciding
where (on which node) new pods should run within the cluster.

• Think of it as a "traffic controller" that assigns workloads to the best available

resources.
When you create a new pod in Kubernetes:

• The pod starts in a "Pending" state because it hasn't been assigned to any node
yet.
• The Kube Scheduler looks at the available nodes and decides which one is the
best fit for that pod.
• Once the decision is made, the pod is assigned to the selected node, and the
Kubelet on that node takes over to run the pod.
Example:
• Imagine Kubernetes is like a delivery company:
• Pods are packages that need to be delivered.
• Nodes are delivery trucks.
• The Kube Scheduler is the dispatcher who decides which truck should carry each
package based on things like the truck’s available space, location, and current
load.
• The Kube-proxy is a key networking component in Kubernetes that helps
manage how network traffic is routed to different services and pods within the
cluster.

• Think of it as a "traffic director" that ensures requests reach the correct

destinations.
• Service Networking: In Kubernetes, when you create a Service to expose a group
of pods, kube-proxy ensures that traffic sent to this service is properly forwarded
to one of the available pods.
• Load Balancing: It distributes network traffic evenly across multiple pods of a
service, providing basic load balancing.
• This helps improve performance and ensures that no single pod is overloaded.
• Managing Network Rules: Kube-proxy sets up IP tables or IPVS rules on each
node.
• These rules define how incoming and outgoing network packets should be routed
to the correct pod.
• Handling External and Internal Traffic: It manages both internal cluster
communication (between pods and services) and external access (when users or
applications outside the cluster need to connect to a service).
Node Components

● Kubelet
● Kube-proxy
● Container runtime engine
Worker Node Components

• Kubelet: Ensures containers are running in a pod.

• Kube Proxy: Manages network rules and communication.

• Container Runtime: Software that runs containers (e.g., Docker, containerd).

Kubelet:
• Acts as the node’s manager.
• Ensures that the pods assigned to the node are running correctly.
• It communicates with the API Server to get instructions and then manages the
containers using a container runtime (like Docker or containerd).

• Example: If the API server tells the kubelet to run 3 pods, the kubelet makes sure
exactly 3 pods are running on that node.
Kube-proxy:

• Acts as the network traffic manager.

• Handles networking rules to route traffic to the correct pods, whether the traffic
comes from inside or outside the cluster.
• It also provides basic load balancing between pods.
• Example: When a user accesses a web service, kube-proxy ensures the request
reaches the right pod
Container Runtime:

• The software that actually runs the containers.

• Kubernetes doesn’t run containers directly—it uses container runtimes like

Docker, containerd, or CRI-O to create and manage containers on the node.

• Example: If a pod runs an NGINX web server, the container runtime starts and
manages that NGINX container.
Pods, Services, and Deployments

• Pod: Smallest deployable unit in Kubernetes (contains one or more containers).

• Service: Exposes pods to the network (internal or external).

• Deployment: Manages the desired state of pods (e.g., scaling, updates).

Kubernetes Workflow
• User defines the desired state in a YAML file.

• Kubernetes Master schedules workloads on Worker Nodes.

• Kubernetes ensures the desired state is maintained (self-healing, scaling, etc.).

Benefits of Kubernetes

• Portability: Runs on-premises, in the cloud, or hybrid environments.

• Scalability: Handles applications of any size.

• Efficiency: Optimizes resource utilization.

• Community Support: Backed by a large, active open-source community.

• Kubernetes manages containers for numerous container runtimes.
• There is various container runtimes supported by Kubernetes, some of those are as
follows:

• Docker Containers
• CRI-O
• Mirantis Container Runtime
• Terraform is an open-source Infrastructure as Code (IaC) tool developed by
HashiCorp.

• It allows you to define, provision, and manage infrastructure (like servers,

networks, databases, etc.) using simple, declarative configuration files.
• Key Features:

• Infrastructure as Code (IaC)

• Cloud-Agnostic
• Declarative Approach
• Execution Plan
• Resource Management
• Infrastructure as Code:
• Instead of manually configuring and managing your IT infrastructure (servers,
networks, databases, etc.) through graphical interfaces or command lines, IaC
tools like Terraform allow you to define your infrastructure in code files.
• This code can then be used to automatically provision and manage the
infrastructure.
• Human-Readable Configuration Files:

• Terraform uses configuration files (written in a declarative language) to describe

the desired state of your infrastructure.

• These files are designed to be human-readable, making it easier to understand and

manage complex infrastructure setups
• Cloud and On-Premises Resources:
• Terraform can manage resources across various platforms, including:

• Cloud providers:
• Amazon Web Services (AWS),
• Microsoft Azure,
• Google Cloud Platform (GCP)
On-premises infrastructure:

Servers, virtual machines, and other hardware located in your own data centers.

Version, Reuse, and Share:

• Because your infrastructure is defined in code, you can:

• Version control: Track changes to your infrastructure configuration over time

using tools like Git. This allows you to easily revert to previous versions if
needed and collaborate with others.

• Reuse: Create reusable modules of code that define common infrastructure

components. This speeds up development and ensures consistency.

• Share: Share your infrastructure code with others, promoting collaboration

and best practices.
How Terraform Works:

1.Write:
•Create a .tf file describing the infrastructure (e.g., servers, databases, networks).

2.Init:
•Run terraform init to initialize Terraform and download necessary plugins.

3.Plan:
•Run terraform plan to preview the changes that will be made.

4.Apply:
•Run terraform apply to apply the changes and create/update infrastructure.

5.Destroy:
•Run terraform destroy to remove the infrastructure when it's no longer needed.
Key Components

• Terraform Core
• Terraform Providers
• Terraform Configuration Files (.tf)
• Terraform State File (terraform.tfstate)
• Command-Line Interface (CLI)
• Terraform Backend
Terraform Core:

•The central engine that handles the entire workflow of Terraform.

•Responsibilities:

•Reading and parsing configuration files written in HCL (HashiCorp

Configuration Language).
•Dependency management to determine the order in which resources are created
or modified.
•Creating execution plans that show what changes will be made.
•Applying changes to reach the desired infrastructure state.
•State management to keep track of the current state of resources.
• Terraform Providers:

• Act as plugins that allow Terraform to interact with external systems like AWS,

Azure, Google Cloud, Kubernetes, Docker, etc.

• Terraform Configuration Files (.tf):

• Written in HCL, these files define the desired state of the infrastructure.
• Includes resource definitions, variables, outputs, and modules to structure complex
setups.
Terraform State File (terraform.tfstate):

• A critical file that stores the current state of the infrastructure.

• Terraform compares this state with the desired state defined in the configuration to
determine what changes are needed.
• Can be stored locally or remotely (e.g., in AWS S3, Azure Blob Storage) for better
security and collaboration.
Command-Line Interface (CLI):

• The primary way to interact with Terraform.Common commands include

terraform init, plan, apply, and destroy to manage the infrastructure lifecycle.