What Is a Container?
David Egts, chief technologist for the North American public sector at Red Hat, notes that a container is “an application with all the dependencies and libraries that it needs wrapped into a unit that we call a container image, which people can pull down, and then you could run it on a container host and the host could be a Linux system.”
The GSA’s container guide notes that containers are “packages of software services that exist separately and independently from an existing host infrastructure.”
Container environments include the application, all required dependencies, software libraries and configuration files, the GSA notes. “Because container images hold everything needed for an application, developers do not need to code applications for new environments and deployment is greatly streamlined,” the guide reads. “Generally, applications have multiple containers functioning like isolated, secure building blocks for the application’s software.”
Unlike a virtual machine, which replicates an entire operating system and is a very large disk file, containers include just the application and its necessary dependencies.
Container Orchestration in Government
On their own, containers are easy to deploy and maintain for federal agencies. However, as agencies deploy more containers and associated services, they can become more complex to manage.
“The need to automate the deployment, networking and availability of containers becomes critical at scale,” the GSA notes in its guide. “Container orchestration is a critical component of overall container management. In addition to orchestration, a successful container management system also contains load balancing, networking, schedulers, monitoring and testing.”
Container operators can automate the packaging, deployment and management of containerized applications, according to the GSA. Orchestration platforms such as Docker and Red Hat’s OpenShift can help agencies manage containers.
How Can Containerization of Software Benefit Federal Agencies?
Containers provide agencies with numerous benefits. “Containers offer federal agencies a unique opportunity to modernize their current legacy applications and develop new applications to take advantage of cloud services,” the GSA notes. “They allow agencies to develop applications quickly, scale rapidly, and efficiently use their valuable resources.”
Containers are much more efficient to run than virtual machines, which require hypervisors and are essentially running their own operating systems. “With the container host, you’re going to have an operating system that can run containers, but all it’s doing is just running those particular applications,” Egts says.
Additionally, containers are immutable infrastructure. “A container image contains the code to run an application and provides a ‘static’ element for IT operations teams to work with,” the GSA notes. “The immutable aspect of the container provides a higher level of confidence for both testing and production.”
Containers also make it easier for agencies to deploy applications more quickly. “Using containers frees developers from the tedious task of managing multiple configuration environments, supporting libraries, and configurations from testing to production environments,” according to the GSA. “Containers can be created once and used multiple times without additional effort. Through containers, developers can focus on application deployments rather than maintaining supporting configurations.”
Agencies can also do cloud-native development more easily via containers, Egts says, enabling them to build apps that can scale up and down to meet demand.
Orchestration tools can enable agencies to schedule multiple containers to handle increased demands, he says. The orchestrators can detect that and detect when the demand has waned, “and can shut off those containers automatically and free up those compute resources for something else, which you couldn’t do with virtual machines.”
Further, containers can aid agencies’ cybersecurity by presenting a smaller attack surface, Egts says. The GSA says containers are typically easier to inspect than virtual machines, enable the resolution of vulnerabilities without affecting the entire application, provide a more consistent environment and enable quick updates.
Agencies have been benefiting from containers for years. For example, the Navy teamed with Red Hat to speed up its software development efforts using OpenShift to orchestrate containers. The Naval Information Warfare Center Pacific “created a secure application development pipeline, and then successfully demonstrated automated application deployments,” a case study notes.
At the National Institutes of Health, containers are helping support high-level scientific research. In a heterogenous IT environment, containers help researchers overcome legacy IT hurdles that might hinder their efforts.
Kubernetes vs. Docker: What’s the Difference?
Containers, Docker and Kubernetes are often discussed at the same time, but there are important differences.
Kubernetes is essentially an open-source orchestrator for containers, Egts says. Docker provides set of Platform as a Service products that use virtualization to deliver containers. “A fundamental difference between Kubernetes and Docker is that Kubernetes is meant to run across a cluster while Docker runs on a single node,” Microsoft notes in a blog post.
Egts says that users can write apps and then deploy them “on a container platform that would use Kubernetes in the background to schedule and scale out these containers” as demand for the containerized applications increases.
“You need to be able to spill over to other container hosts and have them spin up and run those containerized workloads as well,” Egts says. “That’s what Kubernetes does. Think of it as the puppet master of all of the containers.”