What are Containers?
Containers are lightweight execution environments that package an application and all its dependencies. They run isolated processes while sharing the host OS kernel.
Benefits of containers: Lightweight, fast startup, environment consistency, and resource efficiency
Differences from Virtual Machines
Virtual Machines (VMs)
- Fully virtualize guest OS on a hypervisor
- Each VM has its own kernel
- Takes minutes to start
- Consumes resources in GB
Containers
- Share the host OS kernel
- Process-level isolation
- Start in seconds
- Resource consumption in MB
Linux Kernel Technologies
Docker containers leverage two key features of the Linux kernel:
1. Namespaces
A feature that isolates what processes can see:
- PID Namespace: Isolates process IDs
- Network Namespace: Isolates network stack
- Mount Namespace: Isolates file systems
- UTS Namespace: Isolates hostname
- User Namespace: Isolates user IDs
2. cgroups (Control Groups)
A feature that limits resources a process can use:
- CPU usage limits
- Memory usage limits
- Disk I/O limits
- Network bandwidth limits
# Container resource limit example
docker run -d \
--cpus="1.5" \
--memory="512m" \
nginx
Docker Image Structure
Docker images consist of read-only layers:
- Base Image: OS (ubuntu, alpine, etc.)
- Dependencies: Libraries and runtimes
- Application: Code to execute
Benefits of layers: Common layers are shared across multiple images, improving storage efficiency.
Summary
Docker containers provide lightweight and fast isolated environments by leveraging Linux namespaces and cgroups. Compared to virtual machines, they have significantly less overhead and are ideal for modern microservices architecture.
← Back to list