在 vm 中运行容器不会超出他们的目的吗? [英] Doesn't running containers inside vm's beat their purpose?
问题描述
自从我的雇主决定将所有内容迁移到 Azure 和 AKS 后,我开始更密切地关注 Kubernetes、容器和虚拟化技术.
I started looking more closely to kubernetes, containers and virtualization technologies since my employer has decided to move everything to Azure and AKS.
据我所知,AKS 中的所有内容都将运行 在虚拟机内部.
From what I understand, everything in AKS will be running inside VM's.
这同样适用于 GKE 和 EKS.亚马逊提供了一些裸机实例,但我不确定这是否适用于 kubernetes.
The same applies to GKE and EKS. Amazon provides some bare metal instances but I am not sure whether this works with kubernetes.
这不会影响性能吗?容器的承诺是您可以在更轻的虚拟化层上运行,而不是在完整的虚拟机上运行.
Doesn't that hurt performance? The promise of containers was that you run on a lighter virtualization layer instead on a full blown vm.
在 vm 中运行容器难道不符合目的吗?
Doesn't running containers inside vm's beat the purpose?
推荐答案
一个 (Linux) 容器是一组 1 个或多个进程,通过 Linux 命名空间.命名空间是 Linux 内核的一个特性,它对内核资源(挂载、网络设备等)进行分区,以便一组进程看到一组资源,而另一组进程看到一组不同的资源.例如,每个容器看到不同的根文件系统(容器镜像),并且其进程树与主机的其余进程树隔离.
A (Linux) container is a set of 1 or more processes that are isolated from the rest of the system through Linux namespaces. Namespaces are a feature of the Linux kernel that partitions kernel resources (mounts, network devices etc) such that one set of processes sees one set of resources while another set of processes sees a different set of resources. For example, each container sees a different root file system (the container image) and its process tree is isolated from the rest of the process tree of the host.
除了通过命名空间隔离之外,容器还受到cgroups可以使用的资源量的限制,也是 Linux 内核的一个特性.
Apart from being isolated through namespaces, the container is also limited in how much resources it can use by cgroups, also a feature of the Linux Kernel.
换句话说,容器并不是真正的虚拟化",因为它使用的是原生内核功能,并且使用容器(一旦启动)的开销非常小,一旦引导它像任何其他进程一样运行.
In other words, containers aren't really "virtualization", since all it is using is native Kernel functionality and the overhead of using container (once started) is extremely small, once it is bootstrapped it runs just like any other process.
Kubernetes 是一个用于自动部署、扩展和管理容器化应用程序的系统,它需要在某个地方托管容器.此基础架构可以是裸机或虚拟机.
Kubernetes is a system for automating deployment, scaling, and management of containerized applications and it needs somewhere to host the containers. This infrastructure can be either bare metal or VM's.
因此,在 VM 中运行容器化应用程序与在裸机上运行它们具有相同的好处(隔离和资源消耗限制).是通过裸机还是VM向集群提供计算资源是另一个问题,各有利弊,但VM与裸机的优缺点不取决于您运行的是容器还是常规应用程序和进程 在他们身上.
Thus running containerized applications inside a VM brings the same benefits as running them on bare metal (isolation and resource consumption limits). Whether to provide compute resources to the cluster through bare metal or VM's is another questions, each having its pros and cons, but the pros and cons of VM's vs bare metal do not depend on whether you run containers or regular applications and processes on them.
您对 AKS 的观察;GKE 和 EKS 使用 VM 为集群提供计算资源是正确的.将物理硬件抽象出来,目前是公有云提供商提供计算资源的标准方式
Your observation that AKS; GKE and EKS are using VM's to provide compute resources to the cluster is correct. It abstracts the physical hardware away and is currently the standard way by public cloud providers to provide compute resources
这篇关于在 vm 中运行容器不会超出他们的目的吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
