The basic units of OpenShift applications are called containers. Linux container technologies are lightweight mechanisms for isolating running processes so that they are limited to interacting with only their designated resources. Many application instances can be running in containers on a single host without visibility into each others' processes, files, network, and so on. Typically, each container provides a single service (often called a "micro-service"), such as a web server or a database, though containers can be used for arbitrary workloads.
The Linux kernel has been incorporating capabilities for container technologies for years. More recently the Docker project has developed a convenient management interface for Linux containers on a host. OpenShift and Kubernetes add the ability to orchestrate Docker containers across multi-host installations.
Though you do not directly interact with Docker tools when using OpenShift, understanding Docker’s capabilities and terminology is important for understanding its role in OpenShift and how your applications function inside of containers. Docker is available as part of RHEL 7, as well as CentOS and Fedora, so you can experiment with it separately from OpenShift. Refer to the article Get Started with Docker Formatted Container Images on Red Hat Systems for a guided introduction.
Docker containers are based on Docker images. A Docker image is a binary that includes all of the requirements for running a single Docker container, as well as metadata describing its needs and capabilities. You can think of it as a packaging technology. Docker containers only have access to resources defined in the image, unless you give the container additional access when creating it. By deploying the same image in multiple containers across multiple hosts and load balancing between them, OpenShift can provide redundancy and horizontal scaling for a service packaged into an image.
You can use Docker directly to build images, but OpenShift also supplies builders that assist with creating an image by adding your code or configuration to existing images.
Since applications develop over time, a single image name can actually
refer to many different versions of the "same" image. Each different
image is referred to uniquely by its hash (a long hexadecimal number
e.g. fd44297e2ddb050ec4f…
) which is usually shortened to 12
characters (e.g. fd44297e2ddb
). Rather than version numbers, Docker
allows applying tags (such as v1
, v2.1
, GA
, or the default latest
)
in addition to the image name to further specify the image desired, so
you may see the same image referred to as centos
(implying the latest
tag), centos:centos7
, or fd44297e2ddb
.
A Docker registry is a service for storing and retrieving Docker images. A
registry contains a collection of one or more Docker image repositories. Each
image repository contains one or more tagged images. Docker provides its own
registry, the Docker Hub, but you may
also use private or third-party registries. Red Hat provides a Docker registry
at registry.access.redhat.com
for subscribers. OpenShift can also supply its
own internal registry for managing custom Docker images.
The relationship between containers, images, and registries is depicted in the following diagram: