Containers are a type of construct that's used all over the IT world. And I want to take this episode to talk about it a little bit. Now one of the places we use containers a lot is within the software development world and not being a programmer. I thought I'd bring in my ringer, my pal, Michael smiler. To help me understand what is a container. Okay, I know what a container is.
But you know, he's more fun to talk to sometimes. Alright, so Mike, let's start with easy question. What's a container? Well, it's just an application all of its libraries and binaries running on top of a host OS kernel. Simple as that, right. Okay.
So I understand virtual machines. Can we start from there? Can you give me a hand? Yeah, we'll start at a little higher level than that and see if, if it makes a little more sense. If you're familiar with virtual machines and how they work, you take one big one big server, slap a hypervisor on there. And then you can run a whole bunch of different operating systems on there.
They're all isolate From each, but that's because the hypervisor virtualizes, the hardware of that system. Exactly. So each one has its own unique OS. Yeah. So the each OS looks at the virtual machine it's in and to it, it doesn't know any different that that's all there is in the world. It doesn't realize it's running on a machine that has either 10 or 100, other operating systems on it.
They're all isolated from each other. That's a VM, that's a VM. And a container kind of does that for an application. So as you can see, when my friends over here, Docker, have come up with this nice little diagram. We're actually on the Docker website right here, and they do have a nice look, go ahead, please, shows the difference. So whereas instead of running a whole bunch of full operating systems, and all their applications next to each other, we just have one operating system and then we run applications, with their little binaries and libraries that they need to Run, and they're all isolated from each other, just like the virtual machines are.
But these individual containers aren't a complete operating system. Look at this diagram, we still have a host operating system. So what they're doing is they're just like taking the kernel from the host OS, and then they bring whatever applications, whatever libraries, anything that they need configuration files, whatever. Just for them. Yes. Okay.
And every, and whatever is running inside a container can only see what's inside its container. It doesn't know that there's anything else in the world, it doesn't have access to any of the underlying operating systems, files or folders. It can't see any networking that it isn't explicitly allowed to see. It's completely isolated from everything else. Okay, cool. Can I can I see a container please?
Sure, pulling up right now. So what we're going to be using here guys is the pretty basic Is Docker? I'm not sure maybe they did. Maybe they I don't think Docker invented the concept of containers. Maybe they did. I don't know, when you talk about containers within software development, Docker really comes into play.
So what we're going to do here is take a minute and show you how Docker works with containers. So what are we doing right now? My so I'm going to show you some running containers. Okay. And there we go. incredibly exciting.
As you can see, wait a minute. So what, what so we are looking at these are the containers that are running on this system right now? Yes. All right. I'm not even gonna bother trying to ask you what these containers are doing. Yeah, but they are up and running.
So right now I've got 123456 different little containers, yes, with little applications, and they're just doing their own thing. Yeah, each one of these is actually part of a larger hole. They all talk to each other. And you there are management's servers in here. There's database servers in here. There's web servers in here.
Here, and each one is configured to do exactly what it needs to do. So where do these containers come from? What What did Docker do to give me a container? Well, containers are actually the running part of a two part system. And the other part of is called an image. So we'll take a look at the our images right now.
So these are the actual images, we have sweet machine. So we have some I gotta use the right term here. An image is just, that's what sits on the hard drive, I guess. And yeah, that's going to have the files, the binaries, the whatever I need. And then when it's running, then it's going to be a container. Yeah, it's almost very loosely, it's kind of like the XC just sitting on your hard drive for like Microsoft Word or something.
It itself isn't doing anything. It's just sitting there. Only when it's actually up and running. Do we call it a container? Okay, so the important thing here is that I can start and stop Just like I can start and stop virtual machines, yes. Okay.
And you wouldn't you have a certain version of Python or whatever. And when you build one of these images, it has just what that application at that particular time needs to run and nothing else. So you, you choose if you're going to start, you write some code, and I got this new web app, okay, exactly. So what you're going to do is make an image, yes. Build an image, create an Image exactly, you build an image and you start with a Docker file. And I'm going to show you a kind of a complicated one for one of the big projects, and here you go, this is what one will look like.
So you don't need to go through all the details. But but this is where it starts. There's a couple of things that are interesting here, for example, there's environment stuff, so I can see path statements and things like that. Yeah. Which part of this run so it's actually got to run something. Yeah, Holy smoke, it's running an apt get, it's actually down just like I run apt get on a legacy system to update something.
In fact, this is essentially a Linux system underneath it just it's everything that in this case, an a boon to machine without the actual Linux kernel. So it's everything that's above that. So the whole thing that this guy is to do is to just open up a Python a creates an environment to run pi On. So it goes and pulls everything down that Python will need to run. I thought I saw, can we go back to your, your images? Did I not see a Python in there?
Yeah, we've already in fact, we've already downloaded a copy of Python, you think we planned this, hey, let's go ahead and run your Python. So we'll go ahead and actually run that. So in this case, I'm going to run what's called an interactive session. So well, just Docker run incredibly complex. Guys, I assure you that security plus is not going to quiz you on Docker command line statements, I just want to make sure we can get the idea of actually started up a container and watching it go. So I'm going to run my three dot six Python image.
And then I'm going to actually run the command Python. In this case, I'm going to tell the image what command I would like to run. You saw on the Docker file that by default, it would actually just run Python three, but in this case, we're just going to run it manually. So it's going to take a second. There it is. So that's Python.
So we're for running straight up interactive Python here. Exactly. Can you do one plus one? Is this like real Python? Yep. It's real.
It's all right. So, okay. It's still kind of looks like a VM. What's the big difference here? Well, when I exit here, there you go. I'm back to my terminal command line, Command Prompt.
But so the container has now exited. It's now no longer run, the container only lives to run, whatever you have selected is run. Yeah. And the moment whatever piece of that app or app gets turned off, it's gone. All right, that makes sense. And so then I can see why people would use this in a developer environment cuz not only do you have all this wonderful isolation, right?
Yeah, not only do you have this incredible control over versioning, and all that type of stuff. Not only do you get the security of the isolation, but then more than that, it literally lives only to do that one thing. Exactly. I can run as many of these as I want. So if I need one copy of my Python, or my web application running, I can just fire it up. If I need 10 if I need 100, if I need 10,000, I can use one image and spawn as many containers from that is I need.
Cool. All right. Well, Mike, that's really the critical stuff I want to look at. So what what, what are we looking at right here, just showing you the actual images that are still running and have exited. So you can see right there at the top, there's the one we just ran with the command Python and directly below it is the one we ran while we were rehearsing for this episode to make sure everything worked. Exactly.
Well. That's pretty cool. My thanks. Listen, I appreciate you giving me a patchwork of haters. But so you understand this is for security plus, so there's going to be one takeaway that somebody who's studying for security plus ought to know about containers, but would that be isolation they they keep your the container key Application isolated and it actually keeps everything simpler. So you have less attack surface.
And if you are compromised, they can't get access to the entire operating system and all the rest of your critical data. And so, isolation and that's and reduce the attack surface are some of the most important parts of containerization for security. Fantastic. Thanks, Mike. No problem.