5. Containerization and Virtualization

Container Basics

What is Containerization?

Containerization is a lightweight, scalable, and efficient approach to packaging and running applications along with their dependencies in isolated environments known as containers. Unlike virtual machines, containers share the host operating system’s kernel, making them lightweight and fast to start.

Docker Fundamentals

Docker is the most widely adopted container platform. Understanding Docker includes grasping these core concepts:

Docker Images
- Immutable templates used to create containers.
- Defined using a Dockerfile, which specifies base images, dependencies, environment settings, and commands required to run the application.
- Common practices include using minimal base images (e.g., Alpine Linux) for security and performance efficiency.
Docker Containers
- Running instances of Docker images.
- Isolated and sandboxed, ensuring consistent application behavior regardless of the host environment.
- Easily scalable and replicable across development, testing, and production environments.
Dockerfile and Image Creation
- FROM: Base image selection.
- COPY and ADD: Copy application files into the container.
- RUN: Execute commands during image creation.
- CMD or ENTRYPOINT: Define commands to execute when the container starts.
- Best Practices:
  - Use minimal base images (e.g., alpine, scratch) to reduce attack surface and download times.
  - Leverage multi-stage builds to compile in one stage and copy only the final artifacts into a lean runtime stage.
  - Tag images explicitly (e.g., myapp:1.2.0) instead of relying on latest.
  - Multi-stage splits build and runtime, keeping images small.

# 1. Choose a small, maintained base image
FROM node:20-alpine AS build

# 2. Set working directory
WORKDIR /app

# 3. Cache dependency install
COPY package.json yarn.lock ./
RUN yarn install --frozen-lockfile

# 4. Copy source & build
COPY . .
RUN yarn build

# 5. Create lean runtime image
FROM node:20-alpine AS runtime
WORKDIR /app
COPY --from=build /app/dist ./dist
COPY --from=build /app/node_modules ./node_modules

# 6. Define entrypoint
ENTRYPOINT ["node", "dist/server.js"]

Container Lifecycle and Management
- Docker commands to manage container lifecycle:
  - docker build: Create Docker images.
  - docker run: Launch containers from images.
  - docker stop/start/restart: Control container execution states.
  - docker ps: View running containers.
  - docker logs: Inspect container output logs.
  - docker exec: Execute commands inside running containers.
  - docker rm: Remove stopped containers.
- Examples
  - Build: docker build -t myapp:1.0 .
  - Run: docker run -d --name myapp -p 8080:8080 myapp:1.0
  - Inspect: docker ps, docker logs myapp, docker inspect myapp
  - Stop/Remove: docker stop myapp && docker rm myapp
  - Exec: docker exec -it myapp sh (debug inside the container)
Docker Networking
- Containers communicate via Docker’s virtual networking.
- Types include bridge (default), host, overlay (for Docker Swarm), and macvlan.
  - Bridge (default): Containers on the same host communicate via a private bridge network.
  - Host: Containers share the host network namespace (no NAT).
  - Overlay: Enables multi-host container communication (used by Swarm/Kubernetes).
  - macvlan: Containers appear as physical devices on the network.
  - Docker Compose: YAML-based tool to define and run multi-container applications (docker-compose up).
- Port mapping (-p option): Expose containerized applications to external access.
- Docker Compose: Define multi-container networks and application stacks.

Virtualization Concepts

What is Virtualization?

Virtualization refers to the creation of virtual environments (Virtual Machines or VMs) that simulate dedicated hardware, running full operating systems and applications on top of a hypervisor. It allows multiple operating systems to run concurrently on a single physical host.

Types of Virtualization