Container Orchestration in FreeBSD


Preface

In the Linux world the concept of containers showed up in 2005 (OpenVZ). FreeBSD has this concept since 1999 and calls it "jails". Both container-technologies -- docker in Linux and jails in FreeBSD -- have the same concept of lightweight virtualisation, but different implementations. In Linux security was sort of bolted-on afterwards via SELinux, whereas in FreeBSD security was main driver behind the feature. Another differentiation of docker-containers and jails is the way a "template" of a container is created. With docker you create the template (docker-image) upfront, and then you try to run it. With FreeBSD jails you can start with a full OS, run it, use it like a real system and make it work like you want it, and then you can create a template out of this.

Docker is only able to run Linux containers, whereas jails are able to run FreeBSD and Linux programs (to some extend, subject to support in the linuxulator for the programs you want to run there).

Basic jails management is also included in the OS itself, whereas docker is a 3rd party tool in Linux.

Container orchestration tools

Additional to the basic jails management in the OS, there are some 3rd party container orchestration tools available for jails.

Same-host orchestration

The base system jails management and the following 3rd party tools focus on same-host orchestration. Some of the 3rd party tools have features to make the creation of container templates less manual / more easy, and they may differ in the way they store the configuration or which kind of additional FreeBSD/jail features they use (e.g. virtual networks (VNET), ZFS, the resource limitation framework, ...).

None of the above orchestration tools have a "run a plain vanilla linux inside the container" feature, but the start/stop/templating feature of them does not prevent a manually created plain-vanilla-linux-jail.

Multi-host orchestration (cloud)

The above mentioned same-host orchestration tools can be used as a base for manual multi-host orchestration. Examples are exporting the containers with the tools on one host, and then either transferring the data from one host to another, or to use a SAN to quickly switch a zpool which contains only the corresponding container and config to another host, and then to import the container there.

Additionally there are multi-host container orchestration tools available: XXX: needs validation and improvement and description of the features

Container Orchestration spin-offs / distributions

XXX: add some FreeBSD derived distributions which have their focus (not only) on container virtualisation.

ContainerOrchestration (last edited 2021-07-26T06:03:17+0000 by AlexanderLeidinger)