From the course: Securing Containers and Kubernetes Ecosystem
Virtualization - Kubernetes Tutorial
From the course: Securing Containers and Kubernetes Ecosystem
Virtualization
- [Instructor] At its core, there are three ways applications and their operating environment can be configured on a given hardware. On bare metal, using hardware virtualization, or using OS virtualization. Before virtualization technologies were in mainstream, an application was deployed on a dedicated, bare metal hardware. There were no restrictions on the resources an application could use. Should an application hog the entire hardware resource, the only option left for the admin was to throw more hardware at it. Of course, the applications running on separate hardware were isolated from each other, which was great from a security perspective, but the applications running on the same hardware had limited security boundaries around them. Then came hardware virtualization, which enabled organizations to run multiple virtual machines on the same hardware instance. This form of virtualization not only allowed flexible scale up or scale down of the VMs, but also provided stronger isolation among applications running on the same hardware. Think of each VM as a standalone computer with its own instance of an operating system. The operating system running in the VM thinks it has the full compute and memory resources at its disposal. The OS doesn't know that the hardware is actually being shared with other VMs. And this magic is made possible by the hypervisor layer. As an industry, we could have stopped right there. Don't get me wrong. VM based deployments do provide isolation and scalability. In fact, they work really well for a variety of use cases. But, modern loosely coupled microservices that are built, deployed and restarted many times during the day have different requirements. Enter OS virtualization that made containers possible. Containers are lightweight, easy to create and destroy and don't come with the overhead associated with the virtual machines. This makes them more suitable for the modern applications and use cases. On the surface containers appear similar to VMs, but remember behind the scenes, it is the operating system and not the hardware that is being virtualized. Meaning in hardware virtualization, where each VM runs its own copy of an operating system, in OS virtualization only one instance of the operating system is running. Each container thinks it has the entire operating system at its disposal. The container does not know that the operating system is being shared with other containers. What is analogous to the hypervisor from the hardware virtualization in the OS virtualization world? It is the container runtime and the capabilities of the operating system that makes the OS virtualization possible. Let's take a look at the native isolation and security features of the Linux operating system.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.