Disclaimer: These are my notes which may be incomplete or incorrect. You may notify me for corrections/suggestions, as long as verifiable citations are provided.
- Virtualization: runs a full operating system (userspace and kernel-space) in an environment that emulates common hardware interfaces
- Container: runs just the userspace of an operating system in a sandbox
Virtualization Software
- QEMU: cross-platform virtualization backend which typically runs in userspace. Supports a wide variety of architectures and can virtualize a guest OS that differs in architecture of the host system
- Xen: virtualization backend which only runs in kernel-space, either on Linux or BSD.
- KVM: frontend for abstracting between different virtualization implementations, with QEMU being the most commonly used backend.
- virt-manager: GUI for administering virtual machines via KVM
Container Software
- OpenVZ: earliest Linux container project, originally required custom modifications of the Linux kernel to add OpenVZ-specific features in order to function.
- LXC (Linux Containers): earliest Linux container project to make use a new standard Linux kernel feature: cgroups
- LXD: newer frontend for LXC, by Canonical
- Docker: container frontend originally for LXC, establishes a container build system for downloading a generic container image (consisting of the userspace software for different OSes) and running a series of tasks to install software in that environment (Dockerfile). Runs as a daemon (dockerd), with containers as child processes.
- docker-compose: frontend to Docker on the scope of managing a cluster of Docker containers and the networking between them. Compare/contrast to Kubernetes.
- Kubernetes (k8s): frontend to Docker on the scope of managing a cluster of Docker containers and the networking between them. Runs as a Docker itself.
- Helm: Kubernetes package manager
- k3s: minimalist Kubernetes drop-in replacement, written in Golang, and more minimalist requirements
- Podman: daemonless drop-in replacement to Docker
- systemd-nspawn: latest containerization project, more akin to LXC but easier to use. Uses common systemd service isolation/sandboxing features and allows using common systemd tools for administration from the host system. Does not implement any sort of automated container image build system like Docker.
systemd-nspawn
- Containers are stored at /var/lib/machines. You can also symlink to directories on other filesystems.
- Container config (local) is stored in /etc/systemd/machines (format: systemd.nspawn)
- machinectl is used for start/stop/status/enable/disable for systemd-nspawn containers, as well as virtual machines
- Manual setup of a container can be done with:
- Debian/Ubuntu:
mkdir /var/lib/machines/debian/
debootstrap --include=systemd-container (releasename) /var/lib/machines/debian/ (URL of Debian/Ubuntu repo mirror)